Abyss Analytics, LLC Privacy Policy
Last Updated: October 10, 2024
1. Introduction
Abyss Analytics, LLC ("Company", "we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services, including our PayorScope tool (collectively, the "Services"). Abyss Analytics, LLC is a North Carolina limited liability company, and this policy is designed to comply with both federal and North Carolina state laws.
2. Information We Collect
2.1. Personal Information:
- Name
- Email address
- Phone number
- Company name and job title
- Billing information
- Professional credentials (if applicable)
2.2. Usage Data:
- IP address
- Browser type and version
- Operating system
- Pages visited and interaction with content
- Time and date of visits
- Referring website addresses
- Other statistics
2.3. Healthcare Data:
- Anonymized and aggregated healthcare pricing and reimbursement data
- De-identified patient demographic information
- Healthcare provider information (excluding direct identifiers)
- Insurance plan and coverage details
We ensure all healthcare data is de-identified in accordance with HIPAA standards and relevant state laws.
3. How We Collect Information
- 3.1. Direct collection: Information you provide when you register for our Services, fill out forms, or communicate with us.
- 3.2. Automated collection: Through cookies, web beacons, and other tracking technologies when you use our Services.
- 3.3. Third-party sources: We may receive information from business partners, healthcare providers, and insurance companies, always ensuring compliance with HIPAA and other relevant regulations.
4. How We Use Your Information
We use the collected information for various purposes, including:
- 4.1. Providing and maintaining our Services
- 4.2. Developing new products, services, features, and functionality
- 4.3. Personalizing and improving your experience with our Services
- 4.4. Analyzing and aggregating healthcare pricing data to provide insights
- 4.5. Communicating with you about our Services, including sending notifications, updates, and support messages
- 4.6. Responding to your requests, comments, and questions
- 4.7. Processing transactions and sending related information
- 4.8. Sending marketing and promotional communications (with your consent)
- 4.9. Monitoring and analyzing trends, usage, and activities in connection with our Services
- 4.10. Detecting, investigating, and preventing fraudulent transactions and other illegal activities
- 4.11. Complying with legal and regulatory requirements
5. Legal Basis for Processing Personal Information
We process your personal information based on one or more of the following legal grounds:
- 5.1. Performance of a contract
- 5.2. Legitimate interests
- 5.3. Compliance with legal obligations
- 5.4. Consent
6. Data Sharing and Disclosure
We may share your information in the following situations:
- 6.1. With service providers and subcontractors who assist us in operating our Services
- 6.2. For business transfers, such as mergers, acquisitions, or asset sales
- 6.3. With your consent or at your direction
- 6.4. To comply with legal obligations
- 6.5. To protect our rights, privacy, safety, or property
We do not sell your personal information to third parties. Any sharing of de-identified healthcare data is done in compliance with HIPAA and other applicable regulations.
7. Data Security
We implement robust technical and organizational measures to protect the security of your personal information, including:
- 7.1. Encryption of data in transit and at rest using industry-standard protocols
- 7.2. Regular security assessments and penetration testing
- 7.3. Access controls and authentication mechanisms
- 7.4. Employee training on data protection and security best practices
- 7.5. Physical security measures for our offices and data centers
- 7.6. Incident response and disaster recovery plans
While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach, we will notify affected individuals and relevant authorities as required by law.
8. HIPAA Compliance
As a company dealing with healthcare data, we comply with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. We maintain appropriate safeguards to ensure the confidentiality, integrity, and availability of protected health information (PHI) as required by HIPAA.
- 8.1. Business Associate Agreements: When necessary, we enter into Business Associate Agreements with covered entities as required by HIPAA.
- 8.2. De-identification: All healthcare data used in our analytics is de-identified in accordance with HIPAA standards.
- 8.3. Minimum Necessary: We follow the "minimum necessary" standard when using or disclosing PHI.
9. Your Data Protection Rights
Depending on your location, you may have certain rights regarding your personal information, such as:
- 9.1. The right to access, update, or delete your information
- 9.2. The right to rectification
- 9.3. The right to object to processing
- 9.4. The right of restriction
- 9.5. The right to data portability
- 9.6. The right to withdraw consent
To exercise these rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within the timeframe required by applicable law.
10. Children's Privacy
Our Services are not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.
11. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will provide a more prominent notice, which may include email notification to registered users.
12. Third-Party Links and Services
Our Services may contain links to third-party websites or services. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of these third parties.
13. California Privacy Rights
While we are a North Carolina LLC, we recognize that some of our users may be California residents. If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
- 13.1. The right to know what personal information we collect and how it is used and shared
- 13.2. The right to delete personal information
- 13.3. The right to opt-out of the sale of personal information
- 13.4. The right to non-discrimination for exercising your CCPA rights
To exercise these rights, please contact us using the information in the "Contact Us" section.
14. International Data Transfers
Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data to the United States and process it there.
15. Data Retention
We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
16. North Carolina Privacy Laws
As a North Carolina LLC, we comply with all applicable North Carolina privacy laws, including:
- 16.1. North Carolina Identity Theft Protection Act
- 16.2. North Carolina Consumer and Customer Information Safeguards Act
- 16.3. Any other relevant state laws and regulations
17. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Abyss Analytics, LLC
Email: support@abyssanalytics.com
By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.