Privacy Policy

1. Information We Collect

We collect information in the following ways:

A. Information You Provide

When you interact with us through the Site, you may provide:

• Name
• Email address
• Company name
• Job title
• Phone number
• Any other information submitted via contact forms, demo requests, surveys, or support inquiries

B. Automatically Collected Information

When you visit the Site, we may automatically collect:

• IP address (processed via compliant methods)
• Browser type and version
• Device information
• Referring website
• Pages viewed and actions taken on the Site
• Time and date of access
• General location (city/region, non-precise)

We use privacy-preserving analytics tools and methods. Any tracking on the Site is implemented in a compliant, server-side, non-PHI context, and not used to identify individual patients or consumers.

C. Cookies and Similar Technologies

We may use cookies or similar technologies to:

• Provide core website functionality
• Improve performance and usability
• Analyze traffic in a compliant manner

You can adjust cookie settings through your browser.

2. How We Use Information

We may use collected information to:

• Provide, operate, and maintain the Site
• Communicate with you (e.g., responding to inquiries, scheduling demos)
• Send newsletters, updates, or promotional materials
• Improve website functionality, performance, and user experience
• Analyze usage trends to enhance our content and services
• Enforce our policies, prevent fraudulent activity, and maintain security
• Comply with legal and regulatory obligations

We do not sell personal information.

3. SMS / Text Messaging Communications

If you provide your phone number and consent to receive SMS messages from Curve Compliance, this section explains what we collect, how it is used, your opt-out rights, and our commitment that your SMS opt-in information is never shared.

A. SMS Program Overview

Curve Compliance operates an SMS program for: account-related notifications (login codes, security alerts, billing reminders); customer support follow-up and service updates; sales and marketing communications including responses to demo requests, onboarding guidance, product updates, and events (only when you have separately opted in to marketing messages).

B. Information Collected for SMS

• Your mobile phone number
• Date, time, and source of your opt-in (e.g., the form, page, or interaction where consent was provided)
• Your message preferences and history of opt-out requests
• Carrier information necessary to deliver messages

C. How You Opt In

• Submitting a form on our Site that includes a clear, unchecked consent checkbox or statement
• Replying to a confirmation message we send when you provide your phone number
• Verbally agreeing during a recorded sales or onboarding call
• Through your account settings inside the Curve platform

Your consent to receive SMS messages is not a condition of any purchase.

D. How You Opt Out

You may opt out of SMS communications at any time. To stop receiving messages:

• Reply STOP to any SMS message you receive from us
• Email hey@curvecompliance.com
• Update your communication preferences inside your account settings

After you reply STOP, you will receive a single confirmation message. You will not receive further messages unless you opt in again.

E. Help

For help, reply HELP to any SMS message, or contact hey@curvecompliance.com.

F. Message Frequency

Message frequency varies depending on the type of communications you have opted into. Account and security messages are transactional and triggered by your activity. Marketing messages, where consented, will not exceed approximately ten (10) messages per month.

G. Message and Data Rates

Message and data rates may apply. Curve Compliance does not charge for SMS messages, but your mobile carrier may charge you for messages sent to or received from us. Contact your carrier for details about your plan.

H. Carriers

T-Mobile, AT&T, Verizon, Sprint, US Cellular, and other carriers are not liable for delayed or undelivered messages.

I. No Sharing of SMS Opt-In Information

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other categories of information described in this Privacy Policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. SMS consent and phone numbers are used only by Curve Compliance to deliver the messages you have opted in to receive.

J. Eligibility

You must be at least 18 years old to opt in to receive SMS messages from Curve Compliance.

4. HIPAA & PHI

Curve Compliance provides tools that enable customers to manage data flows in a HIPAA-compliant manner.

However:

• Our public website does not collect or process any Protected Health Information (PHI).
• Any PHI processed by customers through Curve's platform occurs within the customer's secure account under a signed Business Associate Agreement (BAA).
• PHI is never used for advertising, marketing, or cross-context behavioral profiling.
• We maintain industry-standard administrative, technical, and physical safeguards to protect PHI when acting as a Business Associate.

5. How We Share Information

We may share information with:

A. Service Providers

Trusted vendors who assist with:

• Website hosting
• Security and performance monitoring
• Communication tools (e.g., email)
• Analytics (privacy-preserving)

These providers only receive the minimum data necessary.

B. Legal & Regulatory Authorities

We may disclose information where required by law, regulation, subpoena, or legal process.

C. Corporate Transactions

In the case of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not share information with advertisers, data brokers, or third parties for cross-site profiling.

6. Data Security

We implement administrative, technical, and physical safeguards to protect information, including:

• Encryption in transit and at rest
• Least-privilege access controls
• Network and application-level security monitoring
• Regular security assessments and audits

No system is 100% secure, but we take reasonable measures to safeguard data.

7. Data Retention

We retain information only as long as necessary to:

• Fulfill the purposes described in this policy
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

Users may request deletion of their data at any time (see Section 8).

8. Your Rights

Depending on your location, you may have rights including:

• Access to personal information we hold
• Request correction or deletion
• Opt-out of marketing communications
• Opt-out of SMS messages at any time by replying STOP to any message
• Restrict or object to certain data uses
• Request a copy of your data (where applicable)

To exercise rights, email hey@curvecompliance.com.

9. International Transfers

If you access the Site from outside the United States, information may be transferred to servers located in the U.S.

We take reasonable steps to ensure adequate protection for such transfers.

10. Third-Party Links

Our Site may include links to third-party websites or services.

We are not responsible for the privacy practices or content of those external sites.

11. Children's Privacy

Our Site is not directed to individuals under 13.

We do not knowingly collect information from children.

If we become aware that a child has provided information, we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

We will post a new "Last Updated" date when changes occur.

Continued use of the Site constitutes acceptance of any updates.

13. Contact Us

For questions about this Privacy Policy or your data:

Curve Compliance

Email: hey@curvecompliance.com

Website: curvecompliance.com