Privacy Policy

Effective Date: August 22, 2025
Last Updated: August 22, 2025

1. Introduction

Boolean IT Solutions ("Company," "we," "us," or "our") operates PrimDesk, a healthcare practice management platform available at https://primdesk.com/ (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service.

This document should be read together with our Terms of Service and Refund Policy. These policies work together as a complete legal framework.

This Privacy Policy applies to all users of PrimDesk, including healthcare professionals, practice administrators, and staff members who access the platform.

By using PrimDesk, you consent to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Account and Practice Information

When you register for PrimDesk, we collect:

• Personal Details: Full name, email address, phone number, business address
• Company Information: Practice name, business type, location details, working hours
• Location Data: Practice addresses, available rooms, operational areas (we do not track device locations)
• Employee Information: Staff names, email addresses, phone numbers, roles, contact information
• Service Details: Services provided by your practice, pricing structures, discount information

2.2 Patient Health Information (PHI)

Through your use of the Service, we process:

• Patient names, contact information, and demographic data
• Medical records, treatment notes, and health information
• Appointment histories and scheduling data
• Healthcare service records and treatment plans
• Financial records related to patient services

Important: All patient data is entered by healthcare practice staff. Patients do not directly interact with or provide information to PrimDesk.

2.3 Payment and Billing Information

We collect:

• Payment references from third-party payment processors (not payment method details)
• Subscription tier selections and billing amounts
• Applied discounts and subscription duration
• Payment history and transaction records
• Billing addresses and company financial information

2.4 Usage and Analytics Data

We automatically collect:

• Anonymous Analytics: Aggregated, non-identifying data about app and feature usage for improvement purposes
• Error Reporting: Anonymized technical data to improve user experience and platform stability
• Service Performance: System performance metrics and uptime statistics
• Security Logs: Access logs and security-related information for platform protection

2.5 Cookies and Tracking Technologies

We use the following types of cookies:

• Essential/Technical Cookies: Required for basic platform functionality
• Analytics Cookies: To understand usage patterns and improve our Service
• Marketing Cookies: For promotional communications and service optimization

Cookie Control: You can opt out of all non-essential cookies through your browser settings or our cookie preference center.

3. How We Use Your Information

3.1 Service Delivery

We use your information to:

• Provide and maintain the PrimDesk platform
• Process scheduling, HR management, and administrative functions
• Enable financial reporting and payment tracking features
• Facilitate communication through SMS notifications via httpSMS
• Provide customer support and technical assistance

3.2 Platform Improvement

We use anonymized data to:

• Analyze usage patterns to enhance features and functionality
• Identify and resolve technical issues and bugs
• Develop new features based on user needs
• Improve platform security and performance

3.3 Communication

We use your contact information to:

• Send service-related notifications and updates
• Provide customer support responses
• Deliver important account and billing information
• Send marketing communications (with opt-out options)

3.4 Compliance and Legal Requirements

We may use information to:

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Protect our rights and prevent fraud
• Ensure compliance with healthcare regulations

3.5 Legal Basis for Processing

We process your information based on the following legal grounds:

• Contractual Necessity: To provide PrimDesk services as outlined in our Terms of Service
• Legitimate Interests: Service improvement, security monitoring, customer support, and business operations
• Consent: Marketing communications, optional analytics features, and non-essential cookies
• Legal Compliance: Regulatory requirements, court orders, and healthcare industry obligations

4. How We Share Your Information

4.1 Third-Party Service Providers

We share information with trusted partners who assist in providing our Service:

Infrastructure and Security:

• DigitalOcean: Cloud hosting and data storage (EU/Frankfurt servers)
• Cloudflare: DNS services, security protection, and anonymized analytics

Communication Services:

• httpSMS: SMS messaging functionality (using client's phone for message delivery)
• Mailgun: Email delivery services for notifications and communications

Analytics and Marketing:

• Google Analytics: Website usage analytics (anonymized data only)
• HubSpot: Customer relationship management and marketing communications

4.2 Healthcare Practice Access

Patient health information is accessible only to:

• Authorized staff members of the healthcare practice
• Users with proper credentials within the same practice location
• Practice administrators with appropriate access permissions

4.3 Legal and Regulatory Disclosures

We may disclose information when required by:

• Valid legal process or court orders
• Government investigations or regulatory inquiries
• Emergency situations involving health and safety
• Protection of our legal rights and interests

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to equivalent privacy protections.

5. Data Security and Protection

5.1 Security Measures

We implement industry-standard security measures including:

• Encryption of data in transit and at rest
• Secure access controls and authentication
• Regular security audits and monitoring
• Staff training on data protection protocols

5.2 Data Location and Transfers

• Primary data storage: DigitalOcean servers in EU/Frankfurt
• Data may be transferred internationally for service provision
• We ensure appropriate safeguards for international transfers
• All transfers comply with applicable data protection laws

5.4 Data Breach Response

In the event of a security incident affecting personal data:

• We will investigate and assess the incident within 24 hours of discovery
• Affected users will be notified within 72 hours when required by applicable law
• Regulatory authorities will be notified as required by applicable data protection regulations
• Detailed incident reports will be provided to affected healthcare practices upon request
• We will implement additional security measures as necessary to prevent future incidents

5.5 Access Controls

• Role-based access to patient information
• Multi-factor authentication available via email verification (optional user setting)
• Client Responsibility: Healthcare practices must regularly review user access permissions within their organization
• Client Responsibility: Healthcare practices must immediately revoke platform access when employees leave their organization

6. Your Rights and Choices

6.1 Data Access and Portability

You have the right to:

• Access personal information we hold about you
• Request a copy of your data in a portable format
• Review and verify the accuracy of your information
• Export data through our standard export functionality (for routine data exports during active subscription)
• Request complete data export with authorization process (for comprehensive exports to prevent unauthorized access and protect against data theft or industrial espionage)
• For terminated or expired accounts, data export must be requested by the account administrator via email from their verified admin email address to [email protected]

6.2 Data Correction and Deletion

You may:

• Update or correct inaccurate personal information
• Request deletion of your personal data (subject to legal requirements)
• Modify your account settings and preferences
• Contact us to exercise these rights

6.3 Communication Preferences

You can:

• Opt out of marketing communications at any time
• Manage email notification preferences in your account
• Control cookie settings through your browser
• Unsubscribe from promotional messages via provided links

6.4 Data Export Upon Termination

• Standard data export available through platform features for routine operational needs during active subscription
• Complete data export requires formal request from verified account administrator email address to [email protected]
• Authorization process protects against data theft and industrial espionage
• Full export includes all practice and patient data upon verification
• Export requests must be submitted within the 90-day retention period following termination
• Data securely transmitted to verified administrator email address

7. Healthcare Compliance and Regulations

7.1 Current Compliance Status

• We are actively working toward HIPAA and GDPR compliance
• Full certification under these frameworks is not yet complete
• Healthcare practices must conduct their own compliance assessments
• Additional safeguards may be required based on your regulatory obligations

7.2 Business Associate Agreement (BAA)

• BAA availability is part of our compliance roadmap
• We will notify existing clients when BAA coverage becomes available
• Current privacy protections apply until formal BAA execution

7.3 Healthcare Practice Responsibilities

Healthcare practices using PrimDesk must:

• Ensure compliance with applicable healthcare regulations
• Implement appropriate administrative safeguards
• Train staff on proper data handling procedures
• Report any suspected privacy breaches promptly
• Manage user access permissions and regularly review employee access rights
• Immediately revoke platform access when employees leave the organization
• Obtain appropriate consent for patient data entry, including parental/guardian consent for minor patients

Unified Compliance Statement: Boolean IT Solutions is actively working toward HIPAA and GDPR compliance. Current compliance status and client responsibilities are detailed in our Terms of Service and Privacy Policy.

8. Data Retention

8.1 Account and Practice Data

• Personal and practice information retained during active subscription period
• Account data retained for 90 days following subscription termination
• Permanent deletion after retention period unless legally required to maintain

8.2 Patient Health Information (PHI)

• PHI retained during active subscription period
• PHI retained for 90 days following subscription termination to allow for data export
• Healthcare practices remain responsible for ensuring retention periods meet their regulatory requirements
• Permanent deletion after 90-day grace period unless legally required to maintain

8.3 Analytics and Usage Data

• Anonymized analytics data may be retained indefinitely for service improvement
• Error logs and performance data retained for operational purposes (maximum 3 years)
• Personal identifiers removed from long-term analytics storage
• Support communications retained for 3 years for quality assurance purposes

8.4 Financial and Billing Records

• Payment records and billing information retained for 7 years for tax compliance
• Transaction logs maintained for audit and regulatory purposes
• Subscription history retained for customer service and dispute resolution

9. International Data Transfers

9.1 Global Service Delivery

• PrimDesk operates globally with international data transfers
• Primary storage in EU with potential transfers to US and other regions
• All transfers include appropriate data protection safeguards

9.2 Legal Frameworks

• Standard Contractual Clauses for EU data transfers
• Compliance with applicable international privacy frameworks
• Regular review of transfer mechanisms and legal requirements

10. Children's Privacy

10.1 Platform Use by Minors

PrimDesk is designed for healthcare professionals and business use. We do not knowingly collect personal information from individuals under 18 years of age for platform access or account creation.

10.2 Patient Information for Minors

When healthcare practices use PrimDesk to manage patient information for minors:

• All patient data entry is performed by licensed healthcare professionals
• Healthcare practices are responsible for obtaining appropriate parental or guardian consent
• Patient information for minors is handled according to applicable healthcare regulations and professional standards
• Parents/guardians should direct any privacy concerns to the healthcare practice providing treatment

10.3 Parental Rights

If we become aware that we have collected personal information from a child under 18 for platform access, we will take steps to delete the information promptly. Parents or guardians may contact us at [email protected] regarding any concerns about their child's information.

11. Changes to This Privacy Policy

11.1 Policy Updates

• We may update this Privacy Policy to reflect service changes or legal requirements
• Material changes will be communicated via email with 30 days' notice
• Continued use of the Service constitutes acceptance of updated terms

11.2 Notification Methods

• Email notifications to registered account addresses
• In-app notifications for significant changes
• Updated effective date displayed at the top of this policy

12. Third-Party Links and Services

12.1 External Links

Our Service may contain links to third-party websites and services. This Privacy Policy does not apply to external sites. We encourage you to review the privacy policies of any third-party services you access.

12.2 Integration Privacy

When using integrated services (httpSMS, Google services, etc.), your data may be subject to their respective privacy policies. Please review these policies to understand how your information is handled.

14. Third-Party Links and Services

14.1 External Links

For questions about this Privacy Policy or your personal information:

Email: [email protected]
Subject Line: Privacy Policy Inquiry

14.2 Integration Privacy

To exercise your data rights or request information access:

Email: [email protected]
Subject Line: Data Rights Request

15. Contact Information

15.1 Privacy Inquiries

For questions about this Privacy Policy or your personal information:

Email: [email protected]
Subject Line: Privacy Policy Inquiry

15.2 Data Protection Requests

To exercise your data rights or request information access:

Email: [email protected]
Subject Line: Data Rights Request

15.3 Company Information

Boolean IT Solutions
Email: [email protected]
Website: https://primdesk.com/Boolean IT Solutions
Email: [email protected]
Website: https://primdesk.com/

16. Regulatory Contact Information

If you have concerns about our privacy practices that we cannot resolve, you may contact relevant regulatory authorities:

US Residents: Federal Trade Commission (FTC)
EU/UK Residents: Your local Data Protection Authority
Healthcare Complaints: Department of Health and Human Services (US)

This Privacy Policy is effective as of the date listed above and governs our collection and use of your personal information. Please review this policy periodically for any updates or changes.