Privacy Policy

1. General

Formisoft offers a practice management and patient engagement platform for healthcare providers, enabling users to manage workflows, capture, display, and transfer healthcare and practice data. Formisoft may act either as (i) a controller of personal information relating to website, contact, sales, support, and user account information, or (ii) a processor of patient healthcare data on behalf of healthcare customers, where the customer remains responsible for the lawful basis for processing. Formisoft's privacy and data handling practices are designed to support applicable privacy and data protection requirements, including HIPAA business associate obligations where applicable, GDPR requirements where applicable, and other applicable laws.

2. Devices

Users can access the Services through various devices and systems. A "Device" is any digital device used to access the Services, including a desktop, laptop, mobile phone, tablet, or other consumer electronic device. This Privacy Policy governs your access and use of the Services regardless of how you access them. By using our Services, you consent to the collection and processing of personal information as described in this Privacy Policy.

3. Collecting Information

When you use the Services, some information may be collected automatically, and some is collected when you interact with our Services. Information from which you can be personally identified may be collected, including your full name, phone number, email address, and organization details ("Personal Information"). Non-personal information such as session duration, device information, internet connection details, and usage frequency may also be collected automatically.

4. Use of Information

We use Personal Information for the purposes below. One or more purposes may apply simultaneously.

5. Disclosure of Information and Data Transfers

Personal Information may be shared with your authorized users, associates, or third parties at your direction as necessary to provide the Services. We do not intentionally disclose your Personal Information to third parties without permission except as described herein or as required by law.

• We may share Personal Information with affiliates, Sub-Processors, and service providers that support the Services (such as hosting, infrastructure, email, SMS, voice, payments, AI, security, analytics, and support), subject to appropriate contractual and security safeguards.
• We may transfer information in connection with a corporate merger, consolidation, sale of assets, or other fundamental corporate change, with notice where required.
• We may disclose information to comply with legal process, enforce our agreements, protect rights and safety, or address fraud and security issues.
• All data is stored and processed in the United States on AWS infrastructure unless otherwise agreed in writing.
• Where Formisoft transfers Personal Information across borders, it does so subject to applicable legal requirements and appropriate safeguards. You may contact us for information regarding safeguards applicable to a specific transfer.

6. Your Rights

Depending on your relationship with Formisoft, the type of information involved, and applicable law, you may have rights including access, correction, deletion, restriction, objection, and data portability where applicable.

• Where Formisoft acts as controller of your account or contact information, submit requests to privacy@formisoft.com.
• Where Formisoft processes data on behalf of a healthcare customer, the customer is primarily responsible for responding to patient and data subject requests. Formisoft will assist that customer as required by law and contractual obligations.
• Exercising certain rights may limit your access to parts of the Services.
• California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of sale or sharing (we do not sell or share personal information for cross-context behavioral advertising). Contact privacy@formisoft.com; we will verify identity and respond within applicable timeframes.

7. Cookies

We may use cookies and similar technologies to identify how users interact with our Services, adjust the Services to your preferences, and support authentication and analytics. If you prefer not to have cookies stored on your Device, you may modify your browser settings; however, rejecting certain cookies may limit functionality. Essential authentication cookies cannot be disabled. See our cookie consent banner on the marketing site for preferences.

8. Marketing Opt-Out

You may opt out of marketing communications by following instructions in those communications or contacting privacy@formisoft.com. We may still send transactional, service-related, security, or legally required communications. Where Formisoft processes data on behalf of customers, deletion or restriction requests relating to patient data may be subject to applicable law, customer instructions, audit requirements, patient safety considerations, and legal retention obligations.

9. Data Security

We deploy industry-standard or better measures to protect Personal Information, including encryption at rest and in transit (AES-256 and TLS 1.3), role-based access controls, and audit logging. In the event of a security incident affecting Personal Information, Formisoft will take reasonable steps to contain, investigate, and mitigate the incident, including notifications to affected customers, individuals, and regulators as required by applicable law. For breaches involving PHI, we will notify affected covered entities within 72 hours as required by the HIPAA Breach Notification Rule. No security system is perfect, and we cannot guarantee absolute security in all circumstances.

10. Data Retention

We retain information only as long as necessary to fulfill the purposes for which it was collected, provide the Services, comply with legal obligations, enforce agreements, and maintain business records. Patient data collected through forms is retained until deleted by the provider or upon account termination. Audit logs may be retained for a minimum of six years for compliance. Upon account termination, you may request an export within thirty (30) days; thereafter we may delete data in accordance with our retention practices.

11. HIPAA Compliance

Healthcare providers accept a Business Associate Agreement (BAA) during onboarding. We maintain administrative, physical, and technical safeguards as required by the HIPAA Security Rule. Review your BAA status in Compliance settings within the dashboard.

12. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect account information from anyone under 18. Personal information about minors may be processed by Formisoft on behalf of healthcare customers when submitted by authorized providers in accordance with Section 3.4. IF YOU ARE UNDER 18, YOU MAY NOT USE OUR SERVICES UNLESS LEGAL GUARDIAN CONSENT IS PROVIDED AS REQUIRED BY APPLICABLE LAW.

13. Do Not Track

Some browsers offer a "Do Not Track" setting. We currently do not respond to DNT signals. You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on. No PHI is shared with analytics providers.

14. Third-Party Links

The Services may contain links to third-party websites not operated by Formisoft. We are not responsible for their content or privacy practices. Review the privacy policy of any third-party site you visit.

15. Revisions to this Privacy Policy

We reserve the right to revise this Privacy Policy at any time. When we change the policy, we will update this posting and, where appropriate, notify you by email. Please review this Privacy Policy periodically.

16. Governing Law and Jurisdiction

This Privacy Policy and any claim or dispute arising out of or relating to it will be governed by the laws of the State of New York, USA, without regard to conflict of laws rules. Any such claim or dispute shall be brought exclusively in the competent courts of the State of New York, USA. Formisoft may seek injunctive or other equitable relief in any jurisdiction where its rights may be threatened.

17. Contact Us

For privacy-related questions, contact privacy@formisoft.com or use our contact page at https://formisoft.com/contact-us.