Privacy Policy

Last updated: June 22, 2026

Beckersoft, Inc. ("PreAuthIQ") respects your privacy. This page explains what we collect, why, and your choices. For Protected Health Information (PHI), our HIPAA Business Associate Agreement controls; this policy describes everything else.

1. Our role

We are a Business Associate for clinic customers with respect to PHI, and a Data Controller for our marketing site, billing, and account telemetry.

2. What we collect

  • Account data: name, work email, clinic, role.
  • PHI: patient demographics, encounters, payer info, clinical notes — submitted by your clinic.
  • Billing data: Auth-credit balance, transaction history; payment methods held by Stripe.
  • Telemetry: page views, feature events, error reports, IP, user-agent.
  • Communications: support tickets, transcripts you initiate.

We do not sell personal information, and we do not use PHI for advertising.

3. How we use it

To operate the Service, authenticate users, bill, support, secure the platform, comply with law, and improve the Service using de-identified, aggregated data only.

4. Subprocessors

Lovable Cloud / Supabase (hosting, DB, auth, storage), Cloudflare (edge, DNS, WAF), Lovable AI Gateway (model inference; no training on customer data), Stripe (payments), Resend / Twilio (email, voice, SMS), Sentry (error monitoring, PHI scrubbed). All under contract; BAAs where PHI is involved.

5. Security

TLS 1.2+ in transit; AES-256 at rest. Tenant isolation enforced at the database layer via Postgres Row-Level Security keyed to clinic_id. Role-based access with least privilege. Audit logs of PHI access. Storage scoped by clinic folder. 72-hour breach notification target to Covered Entities.

6. Retention

  • Account data: lifetime of account + 90 days.
  • PHI: per Customer instructions and BAA; default 7 years.
  • Billing: 7 years.
  • Telemetry: 13 months, then aggregated or deleted.
  • Backups: 35-day rolling.

7. Your rights

Subject to HIPAA, CCPA/CPRA, and GDPR/UK GDPR where applicable, you may have rights of access, correction, deletion, portability, and to lodge a complaint. For PHI, contact your clinic; we will support requests as Business Associate. For non-PHI requests, email privacy@preauthiq.com.

8. Cookies

We use strictly necessary cookies (session, auth, CSRF) and a minimal first-party analytics cookie. No third-party advertising or cross-site tracking.

9. International transfers

Primary processing occurs in the United States. EEA/UK transfers use SCCs.

10. Children

The Service is not directed to individuals under 18 (except as PHI submitted by a Covered Entity in the course of treatment).

11. Changes

We will post material updates with a new "Last updated" date and notify account owners by email at least 14 days before changes affecting PHI handling.

12. Contact

Privacy: privacy@preauthiq.com · Security: security@preauthiq.com · Beckersoft, Inc., Attn: Privacy Office, Wilmington, DE.