Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your information.

Last Updated: November 28, 2025

1. Introduction

AraSync Health Systems ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our AraSync mobile application (the "App"), available on the Apple App Store, our Electronic Health Record (EHR) and Electronic Visit Verification (EVV) platform, website, or interact with our services.

By downloading, installing, or using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not download, install, or use our App.

2. Information We Collect

We collect the following categories of data when you use our App:

2.1 Account Information

User accounts are created and managed by your healthcare organization's administrator. We do not collect personal contact information (such as name, email, or phone number) directly from you through the App. Your organization provides this information when setting up your account.

2.2 Information Collected Through App Usage

  • Healthcare Data: As a Business Associate under HIPAA, we process Protected Health Information (PHI) on behalf of healthcare providers using our EHR/EVV platform, including patient health records, visit documentation, and care notes.
  • Electronic Signatures: Digital signatures captured for visit verification and documentation purposes.
  • Precise Location Data: GPS coordinates collected through our EVV mobile application for visit verification purposes. Location is only collected when the app is in use and with your explicit consent. This is essential for Electronic Visit Verification compliance as required by state and federal regulations.

2.3 Information Collected Automatically

  • Identifiers: User ID assigned by your organization for authentication purposes.

2.4 Data Linked to Your Identity

The following data may be collected and linked to your identity:

  • Health & Medical Data (patient records entered by healthcare providers)
  • Location Data (precise location for EVV check-in/check-out)
  • Identifiers (user ID assigned by your organization)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our EHR and EVV App and services
  • Verify healthcare visits through Electronic Visit Verification (EVV) using location data
  • Enable clinical documentation and patient care management
  • Process and store electronic signatures for compliance purposes
  • Send technical notices, updates, security alerts, and administrative messages
  • Respond to your comments, questions, and customer service requests
  • Detect, investigate, and prevent fraudulent transactions and unauthorized access
  • Comply with state EVV mandates and healthcare regulations
  • Comply with legal obligations and enforce our agreements

4. Location Data and Permissions

Our App requires access to your device's location services for Electronic Visit Verification (EVV) purposes:

  • When Location is Collected: Location data is only collected when you actively use the App to check in or check out of patient visits.
  • Purpose: GPS coordinates are required to comply with state and federal EVV mandates that verify healthcare visits occurred at the patient's location.
  • Your Control: You can disable location permissions in your device settings at any time. However, this will prevent the EVV check-in/check-out functionality from working.
  • Background Location: We do not collect location data when the App is in the background or closed.

5. HIPAA Compliance

As a provider of healthcare technology services, AraSync Health Systems operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We are committed to:

  • Maintaining appropriate administrative, physical, and technical safeguards to protect PHI
  • Entering into Business Associate Agreements (BAAs) with Covered Entities
  • Limiting the use and disclosure of PHI to the minimum necessary
  • Training our workforce on HIPAA requirements and data protection
  • Reporting security incidents and breaches as required by law
  • Ensuring subcontractors agree to the same restrictions regarding PHI

6. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • With Your Healthcare Organization: Data you enter in the App is shared with the healthcare organization you work for as part of their EHR/EVV system.
  • With Your Consent: When you have given us explicit permission to share your information.
  • Service Providers: With third-party vendors who assist us in providing our services (e.g., cloud hosting), subject to confidentiality agreements and HIPAA compliance.
  • Legal Requirements: When required by law, subpoena, court order, or government request.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets.
  • Protection of Rights: To protect the rights, property, and safety of AraSync, our users, or others.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

7. Data Security

We implement robust security measures to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Secure authentication with multi-factor authentication options
  • Regular security assessments and penetration testing
  • Role-based access controls and authentication mechanisms
  • Automatic session timeout and secure credential storage
  • Continuous monitoring and logging of system activities
  • Employee training on security best practices
  • Incident response procedures

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention and Deletion

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Healthcare Data: Retained in accordance with applicable state and federal regulations (typically 6-10 years depending on jurisdiction).
  • Account Data: Retained while your account is active and for a reasonable period thereafter.
  • Location Data: EVV location data is retained as required by state EVV mandates.

Account Deletion: You may request deletion of your account by contacting us at [email protected]. Note that your healthcare organization administrator may also need to process account deletion requests. Some data may be retained as required by law.

9. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Opt-Out: Unsubscribe from marketing communications at any time.
  • Data Portability: Request your data in a portable format.
  • Withdraw Consent: Withdraw consent for data processing where consent is the legal basis.
  • Location Permissions: Disable location permissions in your iOS device settings at any time.
  • Push Notifications: Disable push notifications in your iOS device settings.

To exercise these rights, please contact us at [email protected].

10. Third-Party Services

Our App uses cloud infrastructure services for secure data storage and processing. These third-party service providers are bound by contractual obligations to protect your data and comply with applicable privacy laws, including HIPAA requirements.

11. Children's Privacy

Our App is intended for use by healthcare professionals and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected].

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information is collected, used, shared, or sold
  • The right to request deletion of personal information
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising privacy rights

To exercise your CCPA rights, contact us at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy in the App and on our website
  • Updating the "Last Updated" date at the top of this policy
  • Sending a notification through the App for significant changes

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us at:

AraSync Health Systems

130 Division Street, Suite D
Waite Park, MN 56387

Email: [email protected]

Phone: (669) 278-5128

For app-specific support, you can also reach us at [email protected].