This Legal & Privacy page explains how GetHIPAAcheck manages your subscription verification, checklist data, and local storage. No personal or medical information is collected. Users can safely perform HIPAA self-audits with Starter, Basic, or Pro plans.

Legal & Privacy

HIPAA Self-Audit App · Updated: October 15, 2025

1. Terms of Use

Designed for individual healthcare professionals or small teams, age 18 or older.
You receive a limited, non-exclusive license to use this service for educational and self-assessment purposes only.
Access is granted through a verified PayPal subscription plan (Starter, Basic, Pro).
Subscriptions renew automatically unless cancelled within your PayPal account.
Copying, selling, or redistributing any checklist or content is prohibited.
This application is for educational use and does not provide legal, clinical, or compliance consulting advice.

2. Privacy Overview

We do not collect, store, or share personal information, medical data, or browsing history.
Your PayPal subscription status is used solely to verify plan access.
No email, name, or user account registration is required.
Checklist responses remain entirely within your browser and can be cleared at any time.
All connections are encrypted. Minimal system logs are retained only to validate legitimate subscriptions and prevent abuse.

3. Cookies & Local Storage

No advertising, analytics, or tracking cookies are used by this app.
We store a simple consent flag and anonymous technical IDs in your browser’s local storage (userId, auditId, plan).
Google Analytics 4 operates in cookieless mode with IP anonymization and collects only aggregated usage metrics.
PayPal may set strictly necessary cookies required to process secure transactions.
You may delete all locally stored data at any time through your browser’s clear-data function.

4. Data Stored in Our Database

Subscription data: subscription ID, plan type, and status from PayPal — required to unlock paid access. We do not store payer names or email addresses.
De-identified audit summaries: anonymous IDs and overall compliance results (for example, completion %, risk levels). No patient information or detailed answers are retained.
System reference data: checklist content and official eCFR update timestamps.
Operational logs: event records with anonymous IDs for reliability and security diagnostics.
Optional reminders: encrypted browser push keys used only to deliver opt-in notification reminders; no personal data included.
Users may clear browser data at any time. Upon written request, anonymized database records linked to your generated ID can also be deleted.

5. Liability & Applicable Law

The service is provided “as is” without warranties of any kind, express or implied.
We are not responsible for indirect, incidental, or consequential damages resulting from use of this app.
The platform operates under applicable United States laws governing educational software, privacy, and data-security practices.

6. Contact

For questions or data-removal requests, contact: support@gethipaacheck.com

7. Disclaimer

GetHIPAAcheck is an independent educational tool that helps users perform basic HIPAA self-assessments and prepare internal documentation. It is not legal advice and does not create any attorney–client or professional relationship.

We are not affiliated with the U.S. Department of Health and Human Services (HHS) or the Office for Civil Rights (OCR). Tool outputs are for educational and organizational purposes only. Compliance acceptance by OCR depends on your actual safeguards, documentation, and professional review.