Privacy Policy

Last updated: 9//2025

Thank you for choosing BiTech Informatics – Facilities (“we,” “us,” “our”). We value your privacy and are committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use our platform at facilities.bitechinformatics.com (the “Service”), including subscription usage, asset tracking, device status, and clinical informatics services.

1. Information We Collect

We collect information in several ways:

a) Information You Provide Directly

Account & Subscription Data: when you sign up, including name, email, billing address, payment information, organization/facility details.

Profile Information: job title, facility location, user role (e.g., admin, clinician, service technician).

Communications: any support requests, feedback, or messages you send us.

b) Usage Data & Device Data

Device Identification & Asset Tracking Data: device IDs, serial numbers, usage statistics, status (operational, need maintenance), location (within your facility or site).

Clinical or Performance Data: uptime/downtime, diagnostics performance, usage metrics, maintenance logs.

System Logs & Analytics: timestamps, log-ins, IP addresses, page views, errors, user interactions.

c) Automatically Collected Data

Cookies or similar technologies for analytics, performance, and improving user experience.

Information about your device/OS/browser, network information, etc.

2. How We Use Your Information

We use collected information to:

Provide and operate the Service, including tracking your assets/devices and enabling their lifecycle management.

Manage your subscription plan, billing, upgrades, or cancellations.

Perform maintenance (preventive, predictive), diagnostics, and support.

Integrate with your electronic health record (EHR) / electronic medical record (EMR) systems, if applicable.

Improve, update, and develop new features.

Monitor, analyze, and secure our systems, including detecting and preventing fraud, abuse, and security incidents.

Communicate with you — e.g., service updates, support, billing, marketing (if opted in).

3. Subscription Usage & Billing

When you subscribe to a plan, you agree to the applicable subscription fees, terms, and payment schedule.

Plans may include free tiers, trial periods, or features with limits (e.g., number of devices/assets tracked).

Upgrading or downgrading plans: changes become effective per the terms specified (e.g., next billing cycle or upon upgrade).

Cancellations and Refunds: [Include specifics: notice period, prorated refunds or not, etc.]

4. Data Sharing & Disclosure

We do not sell your personal data. We may share data in the following cases:

Service Providers / Vendors: third parties helping us with operations (hosting, payment processors, support, analytics). They are contractually obligated to limit use and protect your data.

Legal Obligations: if required by law or court order.

Mergers, Acquisitions, or Sale of Assets: in connection with a business transaction, with appropriate protections.

Health Care Providers: if required under HIPAA (see below), only per permitted uses/disclosures.

5. HIPAA and Healthcare Data Compliance

Because we provide services in a healthcare setting (asset tracking, clinical informatics, EHR/EMR integration), we recognize the sensitivity of “Protected Health Information” (PHI). The following describes how we comply or intend to comply with HIPAA:

Business Associate / Covered Entity: We will enter into written agreements (Business Associate Agreements, “BAA”) with covered entities as required under HIPAA when we have access to, store, or process PHI on their behalf.

Permitted Uses & Disclosures: PHI is used only as permitted (e.g. treatment, payment, healthcare operations) or as required by law.

Minimum Necessary Standard: We limit PHI access to the minimum information required to perform the necessary function.

Safeguards:

Administrative safeguards: policies, training, role-based access controls for our staff.

Physical safeguards: secure data centers, controlled access to hardware.

Technical safeguards: encryption of PHI both in transit (e.g. TLS) and at rest, strong authentication, audit logging.

Breach Notification: In case of unauthorized PHI disclosure or security breach, we will notify affected parties, regulators, and do so within the timeframes required by HIPAA.

Data Retention and Disposal: Retain PHI only as long as necessary for permitted uses, after which we securely delete or anonymize it.

6. Security Measures

We implement reasonable security measures to protect your data, including:

Encryption in transit and at rest.

Regular security assessments and vulnerability scanning.

Access controls, least privilege, strong authentication.

Network security, firewalls, intrusion detection.

Secure backup and disaster recovery protocols.

7. Your Rights & Choices

You may have rights depending on your location (for example under HIPAA, GDPR, or relevant state laws):

Access & Correction: you can review, correct, update or delete your profile or device data stored by us.

Data Portability: where applicable, request a copy of certain data in a machine-readable format.

Opt-out / Preferences: opt out of non-essential communications (e.g. marketing).

Account Cancellation: delete your account (consistent with our retention policies) and stop future billing.

8. Retention of Data

We retain user, device, and usage data consistent with the duration of our contractual agreements and necessary for our operations, diagnostics, and legal obligations.

For PHI, retention is in line with HIPAA and applicable health record retention laws; after retention period ends, data is securely destroyed or anonymized.

9. International Transfers

If data is transferred outside the U.S., we ensure it remains protected via contractual safeguards, standard contractual clauses, or other appropriate mechanisms.

10. Children

Our Service is not directed to children under the age of 13. We do not knowingly collect PHI or personal data from them. If we become aware of such data, we will delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When changes are material, we will notify you (e.g. via email or banner notice). Continued use after the effective date constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, or wish to exercise any rights, please contact us:

BiTech Informatics
Atlanta, Georgia, USA
Phone: (888) 470-3720