Privacy Policy

This Privacy Policy describes how Archpoint Labs, LLC ("Archpoint Labs," "we," "us," or "our") collects, uses, stores, and shares information in connection with Archpoint Claims (the "Platform"). The Platform is used by healthcare practices and related administrative organizations to support claim handling and billing workflows.

1. Information We Collect

We may collect the following categories of information:

• Account information, including name, email address, organization, role, and authentication settings;
• Customer configuration data, including practice details, EHR connection settings, billing rules, schedules, and platform preferences;
• Operational data, including job logs, audit logs, support requests, error reports, and platform usage events;
• Billing information, including subscription status, billable practice counts, commission configuration, and payment processor identifiers;
• Connected-system data that customers authorize us to access, which may include claim, appointment, payer, clinician, patient, and billing information; and
• Technical information, including IP address, browser type, device information, request metadata, cookies, and similar diagnostic information.

2. Google Sign-In Data

If you choose to sign in or accept an invitation using Google, we request limited Google account information through the standard OpenID Connect scopes: openid, email, and profile. This may include your Google account identifier, email address, email verification status, name, and basic profile details provided by Google.

We use Google Sign-In data only to verify your identity, match your Google account to your Archpoint Claims account or invitation, create or maintain the account link, and protect the security of the Platform. We do not use Google Sign-In data for advertising, and we do not sell Google user data.

3. How We Use Information

We use information to:

• Provide, operate, secure, and improve the Platform;
• Authenticate users and manage account access, roles, sessions, MFA, and invitations;
• Perform customer-authorized claim handling, billing, review, reporting, and automation workflows;
• Generate audit logs, job status records, operational alerts, and customer support context;
• Process billing, subscriptions, commissions, and related accounting records;
• Detect, investigate, and prevent security incidents, misuse, fraud, and service errors; and
• Comply with applicable legal, contractual, regulatory, and payer-related obligations.

4. Customer Data and Protected Health Information

Customers control the data they submit to or authorize the Platform to access. To the extent the Platform processes Protected Health Information ("PHI") as defined by HIPAA, Archpoint Labs acts as a business associate and processes PHI according to the applicable Business Associate Agreement and customer instructions.

Customers are responsible for ensuring they have the authority to provide or authorize access to data processed through the Platform, including any patient, claim, billing, and connected-system data.

5. How We Share Information

We do not sell personal information or Google user data. We may share information only as needed to operate the Platform, including with:

• Service providers that host infrastructure, databases, email delivery, monitoring, billing, and support systems;
• Connected systems, EHRs, billing platforms, payers, clearinghouses, or other services that customers authorize the Platform to use;
• Customer administrators and authorized users within the relevant organization;
• Professional advisors, auditors, insurers, or legal representatives when reasonably necessary; and
• Government authorities or other third parties when required by law, legal process, or to protect rights, safety, and security.

6. Data Protection

We use administrative, technical, and organizational safeguards designed to protect information processed by the Platform. These safeguards may include encryption in transit, restricted access controls, audit logging, credential encryption, monitoring, and separation of tenant data. No system can be guaranteed to be completely secure, but we work to maintain safeguards appropriate to the nature of the data we process.

7. Cookies and Session Data

We use cookies and similar technologies to support authentication, session management, security, and essential Platform functionality. These cookies help keep users signed in, apply session timeouts, and protect against unauthorized access.

8. Data Retention

We retain information for as long as reasonably necessary to provide the Platform, comply with legal or contractual obligations, maintain audit and security records, resolve disputes, and enforce agreements. Retention periods may vary based on the type of data, customer instructions, legal requirements, and operational needs.

9. User Choices and Requests

Users should contact their organization administrator to update account details, change access, or request removal from an organization. Customers may contact Archpoint Labs to request assistance with data access, correction, export, or deletion where available and legally permitted.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Platform, by email, or by updating the effective date above. Continued use of the Platform after an update means the revised policy applies going forward.

11. Contact

Questions about this Privacy Policy or Archpoint Claims privacy practices may be directed to Archpoint Labs at claims@archpointlabs.com.