Syntomo, Inc. ("Syntomo," "we," "us," or "our") operates a HIPAA compliance automation platform for healthcare organizations. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our website at syntomo.com and our platform services (collectively, the "Services").
By using our Services, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Account and Contact Information. When you register for a demo or create an account, we collect information such as your name, work email address, organization name, job title, and phone number.
Usage Data. We automatically collect information about how you interact with our Services, including pages visited, features used, browser type, device information, IP address, and timestamps.
Communications. If you contact us directly, we retain the contents of your message and any information you provide.
What We Do Not Collect. Syntomo does not store, process, or have access to Protected Health Information (PHI) as defined under HIPAA. Our platform processes access metadata (who has access to which systems) — not patient records or clinical data. A Business Associate Agreement (BAA) is available for customers upon request.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Services
- Respond to inquiries and schedule product demos
- Send transactional communications related to your account
- Send product updates, compliance resources, and marketing communications (you may opt out at any time)
- Analyze usage patterns to improve platform performance and user experience
- Comply with legal obligations and enforce our Terms of Service
3. How We Share Your Information
We do not sell your personal information. We may share your information with:
Service Providers. We work with trusted third-party vendors (e.g., hosting, form processing, analytics, CRM, email delivery) who process data on our behalf under contractual data protection obligations.
Business Transfers. If Syntomo is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
Legal Requirements. We may disclose your information when required by law, court order, or to protect the rights and safety of Syntomo, our users, or the public.
4. Data Security
We implement industry-standard technical and organizational safeguards to protect your information, including encryption in transit and at rest, access controls, and regular security reviews.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
5. Data Retention
We retain your information for as long as your account is active or as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Upon request, we will delete or anonymize your personal information within 30 days, subject to legal retention requirements and the capabilities of our third-party service providers.
6. Cookies and Tracking
We use essential cookies to operate the Services (e.g., session management) and analytics cookies to understand usage patterns. We do not use advertising or cross-site tracking cookies.
You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Services.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information
- Portability: Request your data in a machine-readable format
- Opt-out: Unsubscribe from marketing communications at any time via the link in any email we send
To exercise any of these rights, contact us at privacy@syntomo.com.
8. HIPAA and Healthcare Data
Syntomo is designed for use by HIPAA-covered entities and their business associates. Our platform processes access metadata — not PHI. To the extent any of our Services involve the processing of PHI on your behalf, a BAA governs that relationship. Contact us at compliance@syntomo.com to request a BAA.
9. Children's Privacy
Our Services are not directed to individuals under 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date and, where appropriate, by email. Your continued use of the Services after changes become effective constitutes your acceptance of the revised policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us:
- Email: privacy@syntomo.com
- Address: Syntomo, Inc., United States