Privacy Policy
We believe you deserve to know exactly how your information is handled. This policy is written to be genuinely readable — not just legal boilerplate.
The short version: Betasky Health collects only what it needs to run your agency's platform, never sells your data, treats all protected health information with HIPAA-grade safeguards, and gives you meaningful control over what you share. Read on for the full details.
Betasky Health, Inc. ("Betasky," "we," "us," or "our") builds and operates cloud-based software for home health agencies. This Privacy Policy explains what information we collect across our website at betaskyhealth.com, our web platform, and our mobile application — when you visit, sign up, or work with us in any capacity. It also describes your rights and choices.
If you have a Business Associate Agreement (BAA) with Betasky, that agreement governs how we handle protected health information (PHI) in your clinical workflows. This policy supplements — and does not replace — those contractual commitments.
Who This Policy Covers
This policy applies to three groups of people:
- Visitors — anyone who browses betaskyhealth.com, reads our docs, or submits a contact or demo request without having an account.
- Platform users — agency administrators, coordinators, schedulers, billers, clinicians, and caregivers who log in to the Betasky web or mobile app.
- Customer organizations — the home health agencies and companies that purchase a Betasky subscription and deploy the platform for their staff.
Where we act as a service provider on behalf of a Customer organization, the Customer's own privacy practices govern how patient and caregiver data is used at the agency level.
What Information We Collect
We only collect information that has a clear purpose. Here is what that looks like in practice:
- Identity and account data: Full name, work email address, phone number, job title, agency name, and the role and permissions assigned to your account. This is needed to authenticate you and give you the right access level inside the platform.
- Clinical and operational records: Patient schedules, visit notes, OASIS assessments, billing claims, compliance logs, and any other information your agency enters into the system. This data belongs to your organization — we are just the secure platform that stores and processes it.
- Device and usage data: IP address, browser type, operating system, app version, pages visited, features used, session duration, and error logs. We use this to keep the platform secure, diagnose bugs, and understand how features are being used so we can improve them.
- Payment information: Billing contact name, company address, and the last four digits of your payment method. Full card numbers are handled by our PCI-compliant payment processor — we never store them directly.
- Communications: Emails, support tickets, live-chat transcripts, demo-request forms, and any feedback you send us. We keep these to resolve your issue and to improve our support quality.
- Marketing preferences: Whether you opted in to newsletters or product updates, and which topics you showed interest in. You can change these preferences at any time.
How We Use Your Information
Every piece of information we collect has a specific purpose. We never use your data for something unrelated to running and improving the platform or our business relationship with you.
- To operate the platform: Authenticate logins, enforce role-based access, run scheduling and billing workflows, generate reports, and keep the system available and reliable.
- To keep your account secure: Detect and prevent unauthorized access, run audit trails, and send security alerts when suspicious activity is detected.
- To provide support: Diagnose issues, answer questions, train your team during onboarding, and resolve incidents quickly.
- To process payments: Manage your subscription, issue invoices, and handle renewals or plan changes.
- To communicate service updates: Notify you of planned maintenance, new feature releases, compliance updates, or critical service announcements.
- To improve the product: Analyze aggregated, de-identified usage patterns to understand what works well and what needs to be built or fixed.
- To meet legal obligations: Respond to lawful government requests, comply with healthcare regulations, and enforce our agreements.
We never sell your personal information to third parties — not to advertisers, data brokers, or anyone else. Protected health information is never used for advertising, profiling, or any purpose beyond delivering the service you signed up for.
HIPAA and Protected Health Information
Home health agencies are HIPAA-covered entities. When your organization uses Betasky to store or process protected health information (PHI) — patient names, diagnoses, visit records, billing codes, and similar data — Betasky acts as your Business Associate under a signed BAA.
As a Business Associate, we are legally required to:
- Implement administrative, physical, and technical safeguards required by the HIPAA Security Rule.
- Encrypt PHI in transit (TLS 1.2+) and at rest.
- Limit access to PHI to authorized personnel with a documented legitimate business need.
- Report any suspected breach to you as required by the HIPAA Breach Notification Rule.
- Return or destroy PHI at the end of the service relationship, as agreed in the BAA.
Your agency remains the covered entity responsible for patient consent, Notice of Privacy Practices, and all other obligations you hold directly under HIPAA. Betasky supports your compliance — it does not replace it.
When and How We Share Information
Sharing your information is the exception, not the rule. We only do it in these specific situations:
- Trusted service providers: We work with a small set of vendors — cloud hosting, email delivery, payment processing, and error monitoring — who process data strictly on our instructions. All are bound by data-processing agreements that prohibit them from using your data for their own purposes.
- Integrations you configure: If your agency connects Betasky to a payer portal, clearinghouse, EHR, or other third-party system, information flows to that system based on your configuration and authorization. You control what you connect.
- Legal and safety requirements: We may disclose information if required by a valid court order, subpoena, or regulatory authority, or when necessary to prevent imminent harm or protect our rights and users.
- Business transactions: If Betasky is acquired, merged, or undergoes a significant change in ownership, your information may transfer to the successor entity — subject to the same protections described in this policy and in your contractual agreements with us.
Data Security
Protecting your data is not a checkbox for us — it is a core part of how we build and operate the platform. Our security measures include:
- End-to-end encryption for data in transit using TLS 1.2 or higher.
- Encryption at rest for databases and file storage containing sensitive or clinical data.
- Role-based access control ensuring staff only see what their role requires.
- Multi-factor authentication (MFA) support for all platform users.
- Continuous monitoring, intrusion detection, and anomaly alerting.
- Regular third-party security assessments and penetration testing.
- Formal incident response plan with defined escalation paths and breach notification procedures.
No system is completely immune to attack. If you discover a security issue, please report it to us immediately at security@betaskyhealth.com so we can respond quickly.
Data Retention
We keep your information for as long as necessary to deliver the service and meet our obligations:
- Active accounts: Retained for the duration of your subscription and for a reasonable period afterward to support billing inquiries and regulatory audits.
- Clinical and PHI data: Retained in accordance with your BAA and applicable state and federal record-keeping requirements. Your agency retains ownership and may request data export or deletion according to the terms of your agreement.
- Support and communication records: Retained for up to three years to support quality review and dispute resolution.
- Anonymized analytics: May be retained indefinitely as aggregate statistics with no link back to any individual.
Your Rights and Choices
You have meaningful control over your information. Depending on your relationship with Betasky and the laws that apply to you, these rights may include:
- Access: Request a copy of the personal information we hold about you.
- Correction: Ask us to fix inaccurate or incomplete information in your account.
- Deletion: Request deletion of personal information where no legal or contractual obligation requires us to keep it.
- Portability: Request your data in a structured, machine-readable format where technically feasible.
- Opt-out of marketing: Unsubscribe from promotional emails at any time using the link in the footer of each email, or by contacting us directly.
For patient records: Patients and their authorized representatives should contact their home health agency directly to exercise HIPAA rights over medical records. Betasky processes those records on the agency's behalf and will act on verified, authorized instructions from the agency.
Cookies and Tracking Technologies
Our website uses cookies and similar technologies for three purposes:
- Essential cookies: Required for the site and platform to function — keeping you logged in, remembering your preferences, and protecting against cross-site request forgery.
- Analytics cookies: Help us understand how visitors navigate the site so we can improve page structure and content. Data is aggregated and does not personally identify you.
- Marketing cookies: Used only if you arrive from a partner link or ad campaign, to attribute the conversion accurately. No behavioral advertising profiles are built on individual users.
You can disable non-essential cookies through your browser settings or any cookie-preference mechanism displayed on the site. Essential cookies cannot be turned off without affecting core functionality.
Children's Privacy
Our website and marketing materials are not directed to children under 13, and we do not knowingly collect personal information from children through public-facing channels. Within the clinical platform, information about pediatric patients may be entered by licensed healthcare providers as part of lawful care delivery — this is governed by the healthcare provider's own obligations, your BAA, and applicable law.
International Users
Betasky Health is headquartered and operated in the United States. If you access our services from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the U.S. or in other countries where our service providers operate. By using our services, you acknowledge this transfer. We apply equivalent data-protection standards regardless of where processing occurs.
Changes to This Privacy Policy
We will update this policy as our practices evolve or as law requires. When we make changes, we will:
- Post the revised policy on this page with a new "Last updated" date.
- For material changes affecting how we handle PHI or sensitive personal data, notify affected Customers at least 30 days in advance through the platform or by email.
- For minor clarifications or administrative changes, update the page without additional notice.
Continued use of Betasky after a policy update takes effect constitutes acceptance of the revised terms.
Contact Us
We take privacy seriously and want to make it easy to reach us. If you have questions about this policy, want to exercise a data right, or need to report a concern:
- Privacy inquiries: privacy@betaskyhealth.com
- Security reports: security@betaskyhealth.com
- General contact form: betaskyhealth.com/contact
We aim to respond to all privacy-related requests within 5 business days.
Betasky Health, Inc. · betaskyhealth.com
