Privacy Policy

Last updated: February 10, 2026

Who We Are

HIPAA Hotline is a service of Cleared Systems. We provide HIPAA compliance guidance, breach incident triage, and privacy officer services to healthcare organizations and their business associates. We are not a law firm and do not provide legal advice. We are not affiliated with the federal government or any of its agencies.

Information We Collect

When you submit a form or use our chat widget, we collect the following information:

Contact information — your name, phone number or email address, and organization name if provided.

Incident details — the type of incident selected and any description you provide. We explicitly instruct visitors not to include Protected Health Information (PHI) such as patient names, dates of birth, Social Security numbers, or medical record numbers in web submissions.

Technical data — your IP address, browser user agent, and session identifiers for security and rate-limiting purposes.

Analytics data — we use Google Analytics (GA4) to collect anonymized usage data such as pages visited, scroll depth, and interactions with page elements. This data does not identify you personally.

How We Use Your Information

We use the information we collect to respond to your inquiry and provide compliance guidance, assign a case number and track the status of your request, send you a confirmation email acknowledging your submission, contact you via the phone number or email address you provide, and improve our services through aggregated analytics data.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Data Storage and Security

Your information is stored in a secured database on servers located in the United States. We implement industry-standard security measures including encrypted connections (TLS/SSL) for all data in transit, parameterized database queries to prevent injection attacks, CSRF protection on all form submissions, rate limiting to prevent abuse, and access controls that restrict data to authorized personnel only.

While we take reasonable precautions to protect your data, no method of electronic transmission or storage is 100% secure.

Email Communications

When you submit a form and provide an email address, we send a one-time confirmation email with your case number. Admin notification emails are sent to our compliance team so they can respond to your inquiry. We do not subscribe you to any mailing list or send promotional emails as a result of your submission.

Third-Party Services

We use the following third-party services:

Postmark (by ActiveCampaign) — for transactional email delivery. Postmark processes your email address and the content of confirmation emails. Their privacy policy is available at postmarkapp.com.

Google Analytics — for anonymized website usage analytics. Google's privacy policy is available at policies.google.com/privacy.

Cookies

We use a session cookie (PHPSESSID) that is essential for form security (CSRF protection). This cookie is HTTP-only, secure, and set to strict same-site policy. It does not track you across websites and expires when you close your browser. Google Analytics may set additional cookies for usage analytics.

Data Retention

Case records are retained for as long as necessary to provide our services and comply with applicable legal obligations. Rate-limiting records are automatically purged after 24 hours.

Your Rights

You may request access to, correction of, or deletion of your personal information by contacting us at carl@clearedsystems.com. We will respond to your request within 30 days.

Children's Privacy

Our services are intended for use by healthcare organizations and their personnel. We do not knowingly collect information from individuals under 18 years of age.

Changes to This Policy

We may update this privacy policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Continued use of our services after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or how we handle your data, contact us at carl@clearedsystems.com or call 1-800-555-1234.