In Re. · The Handling of Personal & Health Information
Privacy
Policy
Ultradoc Technologies LLC ("Ultradoc," "we," "us," or "our") builds the clinical workflow platform your medical practice uses, including the Ultradoc patient app. This Privacy Policy describes what information we collect in connection with the patient app and our patient-facing services, why we collect it, who can see it, how long we keep it, and the choices you have.
The short version: your health information belongs to your care, not to us. We process it only on behalf of your practice, under contract, as a HIPAA business associate. We show no ads, we sell nothing about you, and the app collects no location, no contacts, no photos, and no payment card numbers.
Article I
Scope
This Policy applies to the Ultradoc patient app (distributed through the Apple App Store and Google Play), the patient-facing services of the Ultradoc platform, and the ultradoc.net website.
It does not replace your practice's own Notice of Privacy Practices, which governs how your practice — the HIPAA covered entity responsible for your care — uses and discloses your health information. If you use the Ultradoc platform as a member of a practice's workforce, the practice's Customer Agreement with Ultradoc governs that use.
Article II
Two Kinds of Information, Two Roles
Understanding this Policy requires one distinction.
Protected Health Information (PHI). Your appointments, messages with your care team, billing records, and the fact of your relationship with a practice are PHI. For PHI, your practice is the covered entity and Ultradoc is its business associate: we process this information only as permitted by the Business Associate Agreement with your practice and by HIPAA, and your practice's Notice of Privacy Practices governs its use. Our safeguards are described in our Statement of HIPAA Compliance.
Account and technical information. Your app account, device information, and usage analytics are information Ultradoc handles to operate the service itself. This Policy is the primary document governing that information.
Article III
Information We Collect
- § 3.01
- § 3.02
- § 3.03
- § 3.04
Account & profile information.
When you create an account in the Patient App, we collect your name, email address, phone number, date of birth, and sex, together with a password. Passwords are stored only as cryptographic hashes; Ultradoc cannot read your password. This information identifies you to your Practice and protects your account.
Health information handled for your Practice.
The Patient App transmits and displays health information on behalf of your Practice: your connections to practices, appointment requests and confirmed visits, secure messages exchanged with your care team, and billing balances and payment history drawn from your Practice's billing systems. This is Protected Health Information under HIPAA. Ultradoc processes it solely as a business associate of your Practice — it is your Practice's data about your care, not Ultradoc's.
Device & technical information.
We collect the technical minimum needed to run the app reliably: device model and operating system version, app version, language and region settings, network reachability, push-notification tokens for your device, and diagnostic information about errors and update installs.
Usage analytics.
We collect limited product analytics — screen views, app lifecycle events, and feature-usage events — to understand reliability and improve the app. Analytics are associated with your internal account identifier only, never your name, email, phone number, or date of birth, and the contents of your messages and records are never included in analytics events.
Article IV
What the App Does Not Collect
- (i)Your precise or approximate location. The Patient App never requests location access.
- (ii)Your contacts, photos, camera, or microphone. The app requests none of these permissions.
- (iii)Advertising identifiers (IDFA / AAID). The app contains no advertising SDKs and displays no ads.
- (iv)Payment card numbers. When you pay a balance, the app opens your Practice's own payment portal in your device browser; card entry happens there, with your Practice's payment provider, never inside the app.
- (v)Biometric data. If you protect the app with Face ID or a fingerprint, that biometric check is performed entirely by your device's operating system; biometric information never reaches Ultradoc.
Article V
How We Use Information
- § 5.01
- § 5.02
- § 5.03
- § 5.04
- § 5.05
To provide the service.
Operating the Patient App on behalf of your Practice: authenticating you, displaying your appointments, delivering your messages, showing your balances, and keeping the app updated and secure.
To secure the platform.
Verifying sign-ins, detecting unauthorized access, enforcing access controls, and maintaining the audit trails required of a HIPAA business associate.
To notify you.
Sending push notifications you have enabled — such as when your care team replies — and service emails such as verification codes and security notices. Notifications are designed to signal that activity occurred without exposing the substance of your health information on your lock screen.
To support and improve the app.
Responding to support requests, diagnosing errors, and analyzing aggregate usage patterns to improve reliability and usability.
To comply with law.
Meeting our obligations under HIPAA, our Business Associate Agreements, and other applicable laws, and responding to lawful requests where required.
Article VI
What We Never Do
- (i)We never sell your information — health-related or otherwise — to anyone.
- (ii)We never use or disclose your health information for advertising or marketing.
- (iii)We never share your information with data brokers, ad networks, or analytics platforms for their own use.
- (iv)We never use your health information to train models or build products unrelated to the service your Practice engaged us to provide.
Article VII
When Information Is Shared
- § 7.01
- § 7.02
- § 7.03
- § 7.04
With your Practice.
Sharing your information with your own Practice is the product: your profile, messages, appointment requests, and payments are visible to the Practice(s) you are connected to, exactly as a patient portal requires.
With subprocessors under Business Associate Agreements.
Ultradoc uses a small number of infrastructure providers — cloud hosting, database, analytics, and communications services — each of which processes data under a signed Business Associate Agreement and only on Ultradoc's instructions. A current subprocessor list is available to Practices on request via compliance@ultradoc.net.
For legal reasons.
We may disclose information where required by law, subpoena, or court order, or where necessary to protect the rights, safety, or property of patients, Practices, Ultradoc, or the public — always to the minimum extent required and as permitted by HIPAA.
In a business transition.
If Ultradoc is involved in a merger, acquisition, or sale of assets, information may transfer to the successor entity subject to the same HIPAA and Business Associate Agreement obligations that bind Ultradoc.
Article VIII
Analytics, Advertising & Tracking
The patient app uses a single analytics service, operating under a signed Business Associate Agreement, to measure reliability and product usage. Analytics events are identified by your internal account identifier only; your name, email address, phone number, date of birth, message contents, and records are never sent to analytics. Events are additionally scrubbed on-device to strip tokens and sensitive URLs before transmission.
The app contains no advertising, no advertising SDKs, and no social media trackers. We do not track you across other companies' apps or websites, and the app never requests the ability to do so. Your health information is never used for advertising of any kind.
Article IX
How We Protect Information
All communication between the patient app and the Ultradoc platform is encrypted in transit using TLS 1.2 or higher. Information at rest is encrypted with AES-256 on HIPAA-eligible cloud infrastructure operated under Business Associate Agreements. Session credentials on your device are stored in your device's secure storage, and you can additionally protect them with Face ID or fingerprint unlock.
Access to production systems is role-based, least-privilege, and fully audited. The complete control set — administrative, physical, and technical — is published in our Statement of HIPAA Compliance. Suspected vulnerabilities may be reported to security@ultradoc.net under our vulnerability disclosure policy.
If a breach of unsecured health information occurs, Ultradoc will notify affected practices without unreasonable delay, as HIPAA requires, so that patients receive the notifications they are entitled to.
Article X
Retention & Deletion
- § 10.01
- § 10.02
- § 10.03
- § 10.04
Account information.
Retained while your account is active. When you delete your account — in the app via Settings, or by request per ultradoc.net/delete-account — your account, sign-in credentials, profile, practice connections, and push-notification registrations are deleted.
Health information.
Your medical record is maintained by your Practice, which is legally required to retain it. Health information Ultradoc holds as a business associate is retained and returned or destroyed as directed by the governing Business Associate Agreement, not by your app account's existence.
Audit logs.
Access and security audit records are retained for a minimum of six (6) years, as required of HIPAA business associates (45 CFR § 164.316(b)).
Analytics.
Product analytics are retained under our agreement with our analytics subprocessor and are keyed to internal identifiers only.
Article XI
Your Choices & Rights
- § 11.01
- § 11.02
- § 11.03
- § 11.04
- § 11.05
Review and update your profile.
Your name, contact details, and demographic information can be reviewed and updated in the app under Settings → Edit profile.
Delete your account.
Delete your account at any time in the app (Settings → Delete account) or by following the instructions at ultradoc.net/delete-account. Deletion is permanent.
Control notifications.
Enable or disable push notifications at any time in your device settings.
Exercise your HIPAA rights.
Your rights to access, amend, restrict, and receive an accounting of disclosures of your medical record run against your Practice, the covered entity that maintains it. Contact your Practice, whose Notice of Privacy Practices explains the process. Ultradoc supports Practices in honoring every such request.
State privacy rights.
Depending on your state of residence, you may have additional rights over personal information not covered by HIPAA (which most information handled by the Patient App is). To exercise them, or to ask which apply, contact privacy@ultradoc.net. We do not discriminate against you for exercising any privacy right.
Article XII
Children's Privacy
The patient app is intended for adults and is not directed to children. Accounts may be created only by individuals aged eighteen (18) or older (or the age of majority in their jurisdiction). Where a practice supports care for minors, a minor's information is accessed through a parent or legal guardian consistent with the practice's policies and applicable law. Ultradoc does not knowingly collect personal information directly from children under thirteen (13); if you believe a child has created an account, contact privacy@ultradoc.net and we will delete it.
Article XIII
Changes to This Policy
When we change this Policy, we will update the effective date above and, for material changes, provide notice in the app or by email before the change takes effect. Prior versions are available on request. Continued use of the patient app after a change takes effect constitutes acceptance of the revised Policy.
Article XIV
Contact
Questions, requests, or complaints about this Policy or Ultradoc's privacy practices may be directed to:
You also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, if you believe your rights under the HIPAA Privacy Rule have been violated. Filing instructions are available at hhs.gov/ocr/complaints. Complaints never affect your care or your access to the app.
Entered into the records of
Ultradoc Technologies LLC
— End of Document · UD-PRIV-01 —