Curve Compliance – Privacy Policy

Last Updated: November, 2025

Curve Compliance ("Curve," "we," "our," or "us") provides HIPAA-compliant analytics, server-side tracking infrastructure, and related services that enable healthcare organizations and other regulated entities to operate privacy-safe marketing and data workflows. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, curvecompliance.com (the "Site"), or interact with our services.

By accessing or using our Site, you agree to this Privacy Policy.

If you do not agree, please discontinue use of the Site.

1. Information We Collect

We collect information in the following ways:

A. Information You Provide

When you interact with us through the Site, you may provide:

  • Name
  • Email address
  • Company name
  • Job title
  • Phone number
  • Any other information submitted via contact forms, demo requests, surveys, or support inquiries

B. Automatically Collected Information

When you visit the Site, we may automatically collect:

  • IP address (processed via compliant methods)
  • Browser type and version
  • Device information
  • Referring website
  • Pages viewed and actions taken on the Site
  • Time and date of access
  • General location (city/region, non-precise)

We use privacy-preserving analytics tools and methods. Any tracking on the Site is implemented in a compliant, server-side, non-PHI context, and not used to identify individual patients or consumers.

C. Cookies and Similar Technologies

We may use cookies or similar technologies to:

  • Provide core website functionality
  • Improve performance and usability
  • Analyze traffic in a compliant manner

You can adjust cookie settings through your browser.

2. How We Use Information

We may use collected information to:

  • Provide, operate, and maintain the Site
  • Communicate with you (e.g., responding to inquiries, scheduling demos)
  • Send newsletters, updates, or promotional materials
  • Improve website functionality, performance, and user experience
  • Analyze usage trends to enhance our content and services
  • Enforce our policies, prevent fraudulent activity, and maintain security
  • Comply with legal and regulatory obligations

We do not sell personal information.

3. HIPAA & PHI

Curve Compliance provides tools that enable customers to manage data flows in a HIPAA-compliant manner.

However:

  • Our public website does not collect or process any Protected Health Information (PHI).
  • Any PHI processed by customers through Curve's platform occurs within the customer's secure account under a signed Business Associate Agreement (BAA).
  • PHI is never used for advertising, marketing, or cross-context behavioral profiling.
  • We maintain industry-standard administrative, technical, and physical safeguards to protect PHI when acting as a Business Associate.

4. How We Share Information

We may share information with:

A. Service Providers

Trusted vendors who assist with:

  • Website hosting
  • Security and performance monitoring
  • Communication tools (e.g., email)
  • Analytics (privacy-preserving)

These providers only receive the minimum data necessary.

B. Legal & Regulatory Authorities

We may disclose information where required by law, regulation, subpoena, or legal process.

C. Corporate Transactions

In the case of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not share information with advertisers, data brokers, or third parties for cross-site profiling.

5. Data Security

We implement administrative, technical, and physical safeguards to protect information, including:

  • Encryption in transit and at rest
  • Least-privilege access controls
  • Network and application-level security monitoring
  • Regular security assessments and audits

No system is 100% secure, but we take reasonable measures to safeguard data.

6. Data Retention

We retain information only as long as necessary to:

  • Fulfill the purposes described in this policy
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

Users may request deletion of their data at any time (see Section 8).

7. Your Rights

Depending on your location, you may have rights including:

  • Access to personal information we hold
  • Request correction or deletion
  • Opt-out of marketing communications
  • Restrict or object to certain data uses
  • Request a copy of your data (where applicable)

To exercise rights, email privacy@curvecompliance.com.

8. International Transfers

If you access the Site from outside the United States, information may be transferred to servers located in the U.S.

We take reasonable steps to ensure adequate protection for such transfers.

9. Third-Party Links

Our Site may include links to third-party websites or services.

We are not responsible for the privacy practices or content of those external sites.

10. Children's Privacy

Our Site is not directed to individuals under 13.

We do not knowingly collect information from children.

If we become aware that a child has provided information, we will delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

We will post a new "Last Updated" date when changes occur.

Continued use of the Site constitutes acceptance of any updates.

12. Contact Us

For questions about this Privacy Policy or your data:

Curve Compliance

Email: hey@curvecompliance.com

Website: curvecompliance.com