Privacy Policy

Your privacy is fundamental to our mission of connecting healthcare providers with medical office spaces. This Privacy Policy explains how HealthSpace Finder ("we," "our," or "us") collects, uses, protects, and shares information about you when you use our platform.

Key Privacy Commitments: • HIPAA-compliant security measures for healthcare data • Transparent data collection and usage practices • Strong encryption for all sensitive communications • Your control over your personal information • No selling of personal data to third parties

This policy applies to all users of our platform, including healthcare providers, property owners, and visitors to our website.

We collect information in three ways: information you provide directly, information we collect automatically, and information from third-party sources.

Information You Provide: • Account registration information (name, email, phone number) • Professional credentials and licensing information for healthcare providers • Property ownership documentation and listing details • Communication preferences and profile customizations • Messages and communications through our platform • Payment and billing information for premium services

Information Collected Automatically: • Device information (IP address, browser type, operating system) • Usage data (pages viewed, time spent, click patterns) • Location information (with your consent) • Cookies and similar tracking technologies • Performance and error logs

Third-Party Information: • Professional license verification from state licensing boards • Property ownership verification from public records • Payment processing information from payment providers • Social media profile information (if you choose to connect accounts)

We use your information to provide, improve, and secure our services:

Core Platform Services: • Create and manage user accounts • Facilitate connections between healthcare providers and property owners • Process property listings and search requests • Enable secure messaging and communication • Verify professional credentials and property ownership • Process payments for premium services

Platform Improvement: • Analyze usage patterns to improve user experience • Develop new features and services • Conduct research and analytics • Test and optimize platform performance • Personalize content and recommendations

Communication and Support: • Send important service updates and notifications • Respond to customer support inquiries • Provide educational resources and tips • Send marketing communications (with your consent) • Notify you of policy changes or security updates

Legal and Security: • Comply with legal obligations and regulatory requirements • Prevent fraud, abuse, and violations of our terms • Protect the security and integrity of our platform • Resolve disputes and enforce our agreements • Conduct internal audits and investigations

We share information in limited circumstances to provide our services and protect our users:

With Other Users: • Healthcare provider profiles visible to property owners (name, credentials, contact info) • Property owner contact information visible to interested healthcare providers • Messages and communications between connected users • Reviews and ratings (if/when this feature is implemented)

With Service Providers: • Payment processors for subscription and transaction processing • Cloud hosting providers for data storage and platform operations • Email service providers for communications • Analytics providers for usage insights (anonymized data only) • Security services for fraud prevention and threat detection

For Legal Reasons: • Comply with subpoenas, court orders, or legal process • Protect rights, property, or safety of users or the public • Enforce our Terms of Service or other agreements • Investigate potential violations or fraud • Comply with applicable laws and regulations

Business Transfers: • In connection with mergers, acquisitions, or sale of assets • During bankruptcy or similar proceedings • To successors or assigns of our business

We do NOT sell personal information to third parties for marketing purposes.

We understand the sensitive nature of healthcare information and implement HIPAA-appropriate safeguards:

Protected Health Information (PHI): • We do not collect patient health records or medical information • Platform communications are encrypted and secure • Access controls limit who can view sensitive information • Audit logs track all access to healthcare provider data • Data retention policies align with healthcare industry standards

Business Associate Relationships: • When required, we enter into Business Associate Agreements (BAAs) • Healthcare providers remain responsible for their own HIPAA compliance • We provide tools to support compliant communication • Security measures meet or exceed HIPAA requirements

Data Security Measures: • End-to-end encryption for all sensitive communications • Multi-factor authentication for account access • Regular security audits and penetration testing • Employee training on healthcare data privacy • Incident response procedures for potential breaches

Note: While we implement healthcare-grade security, each healthcare provider is responsible for ensuring their own HIPAA compliance when using our platform.

We implement comprehensive security measures to protect your information:

Technical Safeguards: • SSL/TLS encryption for all data transmission • AES-256 encryption for data at rest • Multi-factor authentication options • Regular security updates and patches • Intrusion detection and prevention systems • Secure coding practices and regular code reviews

Administrative Safeguards: • Background checks for employees with data access • Regular security training and awareness programs • Incident response and breach notification procedures • Access controls based on job responsibilities • Regular review and updates of security policies • Third-party security audits and assessments

Physical Safeguards: • Secure data centers with 24/7 monitoring • Biometric access controls • Surveillance systems and security personnel • Environmental controls and backup power systems • Secure disposal of hardware and media

Despite our best efforts, no security system is impenetrable. We will notify you promptly of any security breach that may affect your personal information.

We retain information for as long as necessary to provide services and comply with legal obligations:

Account Information: • Active accounts: Retained while account is active • Closed accounts: Basic information retained for 7 years for legal compliance • Healthcare provider credentials: Updated regularly, historical records kept for 7 years

Communication Data: • Messages between users: Retained for 3 years after last activity • Support communications: Retained for 5 years • System logs: Retained for 1 year unless required for legal proceedings

Financial Data: • Payment information: Retained per payment processor requirements (typically 3-7 years) • Transaction records: Retained for 7 years for tax and legal compliance • Billing disputes: Retained until resolved plus 3 years

Legal and Compliance: • Information subject to legal hold: Retained until legal matter is resolved • Regulatory compliance data: Retained per applicable regulations • Fraud prevention data: Retained for up to 5 years

You may request deletion of your data, subject to legal and contractual obligations.

You have several rights regarding your personal information:

Access and Portability: • Request a copy of your personal information • Export your data in a commonly used format • View what information we have about you • Understand how we use your information

Correction and Updates: • Update your profile and account information • Correct inaccurate or outdated information • Add missing information to your profile

Deletion and Erasure: • Request deletion of your personal information • Close your account and remove associated data • Subject to legal and contractual retention requirements

Control and Consent: • Opt out of marketing communications • Manage cookie preferences • Control information sharing with other users • Withdraw consent where applicable

California Privacy Rights (CCPA): • Right to know what information is collected • Right to delete personal information • Right to opt-out of sale (we don't sell personal information) • Right to non-discrimination for exercising privacy rights

European Privacy Rights (GDPR): • Right to access, rectification, and erasure • Right to restrict processing • Right to data portability • Right to object to processing • Right to lodge complaints with supervisory authorities

To exercise these rights, contact us using the information provided below.

We use cookies and similar technologies to provide and improve our services:

Essential Cookies: • Authentication and account access • Security features and fraud prevention • Platform functionality and user preferences • Load balancing and performance optimization

Analytics Cookies: • Usage statistics and platform performance • Feature adoption and user behavior analysis • Error tracking and diagnostic information • A/B testing and platform improvements

Marketing Cookies: • Personalized content and recommendations • Targeted advertising on third-party sites • Conversion tracking and attribution • Social media integration features

Cookie Management: • Browser settings to block or delete cookies • Platform preferences to control non-essential cookies • Third-party opt-out tools for advertising cookies • Regular review and cleanup of stored cookies

Note: Disabling certain cookies may limit platform functionality. Essential cookies cannot be disabled while using our services.

Our platform is not intended for use by children under 18 years of age:

Age Restrictions: • Users must be at least 18 years old or have parental consent • We do not knowingly collect information from children under 13 • Professional licensing requirements typically require users to be adults

If We Discover Child Information: • We will delete the information immediately • We will notify parents/guardians if possible • We will take steps to prevent future underage access

Parental Rights: • Parents may request information about their child's data • Parents may request deletion of their child's information • Parents may contact us with concerns about children's privacy

If you believe we have collected information from a child under 18, please contact us immediately.

We operate primarily in the United States, but users may access our platform globally:

Data Location: • Primary data centers located in the United States • Some service providers may process data internationally • We implement appropriate safeguards for international transfers

Transfer Safeguards: • Standard contractual clauses with international service providers • Adequacy decisions for transfers to approved countries • Privacy Shield or similar frameworks where applicable • Additional security measures for sensitive healthcare data

Your Rights: • You may be subject to local privacy laws in your jurisdiction • We will comply with applicable international privacy requirements • Contact us for information about specific transfer safeguards

By using our platform from outside the United States, you consent to the transfer of your information to the United States for processing.

We may update this Privacy Policy to reflect changes in our practices or legal requirements:

Notification of Changes: • Material changes will be communicated at least 30 days in advance • Notification via email, platform notifications, and website posting • Updated effective date will be clearly displayed

Types of Changes: • Legal or regulatory compliance updates • New features or services that affect data processing • Enhanced security measures or privacy protections • Clarifications based on user feedback

Your Options: • Continued use of the platform constitutes acceptance of changes • You may close your account if you disagree with changes • Contact us with questions about specific changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.