top of page

Privacy Policy

1. Introduction

At Hatchleaf (“Company,” “we,” “us,” or “our”), we prioritize your privacy and are committed to protecting your personal data and Protected Health Information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Service Organization Control 2 (SOC 2) standards.

By accessing or using our services, you acknowledge and accept the practices described in this Privacy Policy.

2. Information We Collect

We may collect and process the following types of data:

a. Personal Information

  • Name

  • Email address

  • Phone number

  • Mailing address

  • Account credentials

b. Protected Health Information (PHI)

  • Medical history

  • Treatment details

  • Health insurance data

  • Any other data considered PHI under HIPAA

c. Technical & Usage Data

  • IP address

  • Browser type and version

  • Device identifiers

  • Usage logs

3. How We Use Your Information

We use your data for the following purposes:

  • To provide and manage our services

  • To comply with legal and regulatory obligations (including HIPAA)

  • To respond to support requests and communicate with you

  • To ensure security, monitor access, and prevent fraud

  • For analytics, service improvements, and internal audits (SOC 2 criteria)

4. Data Protection and Security

We implement industry-standard administrative, technical, and physical safeguards designed to protect your information, including but not limited to:

  • Encryption of data in transit and at rest

  • Role-based access control (RBAC)

  • Multi-factor authentication

  • Regular security audits and risk assessments

  • Business Associate Agreements (BAAs) with relevant third parties

We follow SOC 2 Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

5. Disclosure of Information

We do not sell or rent your personal information. We may share your information only as follows:

  • With your explicit consent

  • With third-party service providers under HIPAA-compliant BAAs

  • With law enforcement or regulatory authorities when required by law

  • In the event of a business transfer, under strict confidentiality terms

6. Your Rights

As applicable under HIPAA and data protection laws, you have the right to:

  • Access your personal and health information

  • Request corrections to your data

  • Request restrictions on how your data is used or shared

  • Request an accounting of disclosures

  • Withdraw consent (to the extent allowable under law)

To exercise your rights, please contact us at: dan@hatchleaf.com

7. Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law, regulation, or contractual obligation.

8. Third-Party Services

Our website may contain links to external websites or services. We are not responsible for the privacy practices or content of those third parties. We ensure that any third parties handling PHI are bound by HIPAA-compliant BAAs.

9. International Users

Our services are intended for use in the United States. If you access our site from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the U.S.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last Updated” date. We encourage you to review this policy periodically.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:

Hatchleaf

2248 Broadway #1307, New York City, NY 10024
Email: dan@hatchleaf.com

​

Last updated: April 18, 2025

©2025 by Hatchleaf

bottom of page