HIPAA Agent
HIPAA Agentby Sentinel Health Compliance
LoginGet Started

Privacy Policy

Last updated: February 3, 2026

Introduction

Sentinel Health Compliance, LLC ("we," "our," or "us") operates HIPAA Agent (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at sentinelhealthcompliance.com.

As a HIPAA-compliant service provider, we take data privacy extremely seriously. We are committed to protecting your personal information and your patients' protected health information (PHI).

Information We Collect

Information You Provide

  • Account Information: Name, email address, phone number, practice name, NPI number, and billing information.
  • Compliance Data: Risk assessment responses, policies generated, training records, BAA information, and other compliance-related information you input.
  • Communications: Messages you send us, support requests, and feedback.

Information Collected Automatically

  • Usage Data: How you interact with our platform, features used, pages visited, and time spent.
  • Device Information: IP address, browser type, operating system, and device identifiers.
  • Cookies: We use essential cookies for authentication and session management. See "Cookies" section below.

How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our services
  • Personalize your compliance experience based on your practice type and specialty
  • Process transactions and send related information
  • Send administrative information, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

Data Protection & Security

We implement robust security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • SOC 2 Type II certified infrastructure (via Supabase)
  • Role-based access controls
  • Regular security audits and vulnerability assessments
  • US-based data centers only
  • Multi-factor authentication support
  • Automated backup and disaster recovery

AI and Your Data

We use AI (powered by Anthropic's Claude) to provide compliance assistance. Important points:

  • Your data is NEVER used to train AI models
  • AI interactions are processed using isolated inference with no data retention by the AI provider
  • We maintain a zero-data-retention agreement with our AI provider
  • Each AI interaction is processed independently and not linked to other users' data

Third-Party Service Providers

We work with trusted third-party providers who process data on our behalf:

  • Supabase: Database and authentication (SOC 2 Type II, HIPAA compliant)
  • Stripe: Payment processing (PCI DSS Level 1)
  • Vercel: Hosting and content delivery
  • Resend: Email delivery
  • Anthropic: AI processing (zero data retention)

All providers are contractually bound to protect your data and are selected for their security practices.

Business Associate Agreement

We sign a Business Associate Agreement (BAA) with all customers who are HIPAA Covered Entities. This legally binds us to protect any PHI in accordance with HIPAA requirements. The BAA is provided during onboarding.

Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Analytics Cookies: Help us understand how visitors use our site. Can be disabled.

We do not use advertising or tracking cookies. You can manage cookie preferences in your browser settings.

Data Retention

We retain your data according to the following schedule:

  • Active Accounts: Data retained for as long as your account is active
  • After Cancellation: Data available for export for 30 days, then permanently deleted
  • Compliance Records: Retained for 6 years as required by HIPAA
  • Billing Records: Retained for 7 years for tax purposes

Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Export your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact us at privacy@sentinelhealthcompliance.com.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before changes take effect. Your continued use of the Service after changes become effective constitutes acceptance.

Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@sentinelhealthcompliance.com

Company: Sentinel Health Compliance, LLC

Website: sentinelhealthcompliance.com