Privacy Policy

Privacy Policy

Your privacy is important to us. This policy outlines how we collect, use, and protect your information.

Last Updated: January 2026

1. Introduction

Stroke Audit Timeline ("SAT," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our stroke care audit platform and related services.

By accessing or using SAT, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the platform.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Name and professional credentials
  • Email address and contact information
  • Organization/hospital affiliation
  • Role and department information

Usage Data

We automatically collect information about how you interact with our platform:

  • Log data (IP address, browser type, pages visited)
  • Feature usage patterns and preferences
  • Session duration and frequency

Protected Health Information (PHI)

SAT processes PHI on behalf of covered entities (hospitals and healthcare systems). We do not own this data—your organization retains full ownership and control of all patient information entered into the platform.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze usage trends to improve user experience
  • Detect, prevent, and address technical issues and security threats

4. HIPAA Compliance

SAT is designed to be fully compliant with the Health Insurance Portability and Accountability Act (HIPAA). Our compliance measures include:

  • Business Associate Agreements (BAA): We execute BAAs with all covered entity customers
  • Access Controls: Role-based access ensuring minimum necessary access to PHI
  • Audit Logging: Comprehensive logging of all access to and modifications of PHI
  • Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Training: All employees complete HIPAA training annually

5. Data Security

We implement industry-leading security measures to protect your information:

  • SOC 2 Type II Certification: Annual third-party audits verify our security controls
  • Encryption: AES-256 encryption at rest, TLS 1.3 in transit
  • Multi-Factor Authentication: Available for all user accounts
  • Regular Penetration Testing: Third-party security assessments
  • 24/7 Security Monitoring: Continuous threat detection and response
  • Disaster Recovery: Geographically distributed backups with rapid recovery capabilities

6. Data Retention & Deletion

We retain your information for as long as your account is active or as needed to provide services. Account data is retained for the duration of your subscription plus any legally required retention period.

Upon account termination or upon request, we will delete or anonymize your personal information within 30 days, except where we are required to retain information for legal, regulatory, or legitimate business purposes.

PHI retention follows your organization's policies and applicable healthcare regulations.

7. Third-Party Services

We may share information with trusted third-party service providers who assist in operating our platform:

  • Cloud Infrastructure: Secure, HIPAA-compliant hosting providers
  • Analytics: Aggregated, de-identified usage analytics
  • Customer Support: Authorized support personnel under confidentiality agreements

All third-party providers are contractually obligated to maintain the confidentiality and security of your information.

8. Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Opt-Out: Unsubscribe from marketing communications at any time

To exercise these rights, please contact us using the information below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

10. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Stroke Audit Timeline

Email: privacy@strokeaudittimeline.com

Phone: (646) 568-6566

Ready to Transform Your Stroke Care?

Join leading hospitals using SAT for TJC compliance and better patient outcomes.

SAT Assistant

SAT Assistant

Typically replies instantly

Hi! I'm the SAT Assistant. How can I help you learn about our stroke audit platform today?