Privacy Policy


Effective Date: May 24, 2025
Last Updated: May 24, 2025

At PostSurgy, Inc. ("PostSurgy," "we," "our," or "us"), we recognize the importance of privacy and are committed to safeguarding the personal and health information of patients, providers, and visitors who interact with our products and services. This Privacy Policy describes how we collect, use, share, store, and protect your information when you visit our website (www.postsurgy.com), use our applications, or otherwise engage with any of our services (collectively, the "Services").

1. Scope of This Privacy Policy

This Privacy Policy applies to:

  • Visitors to our website who browse informational content or contact us via forms;

  • Healthcare providers and administrators who use our platform to coordinate care;

  • Patients who receive post-operative support messages, alerts, and follow-ups through our Services;

  • Any individual whose personal or health-related data is processed by PostSurgy.

This Policy governs all data collected through:

  • Web portals applications developed by PostSurgy;

  • SMS and email communication services used for post-surgical support;

  • API integrations with electronic health records (EHRs) or practice management systems.

2. Information We Collect

A. Information You Provide to Us Directly:

  • User Registration Information: Name, email, phone number, practice name, provider NPI (if applicable), and password.

  • Patient Information: Name, date of birth, phone number, medical history, surgical procedure details, prescribed medications, reported symptoms, recovery responses.

  • Communications: Messages exchanged between patients and care coordinators or automated notifications sent via SMS.

  • Feedback and Survey Data: Input shared via product surveys, support tickets, or beta feature trials.

B. Information Collected Automatically:

  • Device and Browser Metadata: IP address, browser type and version, device identifiers, operating system, referring URL.

  • Usage Data: Log files, clickstream patterns, session timestamps, interaction logs, performance diagnostics.

  • Cookies and Similar Technologies: Session cookies for login persistence, analytics cookies for site usage, and third-party integrations for crash/error reporting.

C. Third-Party Data Sources:

  • Referring physicians, affiliated healthcare systems, and EHR vendors may send us patient data to coordinate care.

  • Communication tools and infrastructure vendors may provide engagement metrics, bounce rates, and delivery statuses.

3. How We Use Your Information

We use collected data to:

  • Deliver Core Functionality: Enable account setup, manage procedure tracking workflows, and power personalized patient messaging flows.

  • Ensure Continuity of Care: Inform providers of patient-reported outcomes, flag post-surgical complications, and drive follow-up tasks.

  • Improve Product Quality: Monitor usage trends, identify feature adoption rates, prioritize bug fixes, and plan UI/UX improvements.

  • Conduct Research and Development: Use de-identified datasets to study treatment pathways, analyze care response rates, and develop predictive models.

  • Provide Support: Respond to user inquiries, troubleshoot issues, manage tickets, and route critical alerts to the right team members.

  • Comply with Legal Requirements: Respond to subpoenas, fulfill regulatory audits, and maintain records required under healthcare laws.

4. How We Share Your Information

We do not sell your information. We may share data only in the following circumstances:

  • With Covered Healthcare Providers: For the purposes of delivering or coordinating medical care.

  • With Subprocessors and Vendors: Cloud service providers (e.g., AWS), SMS delivery vendors (e.g., Twilio), analytics providers (e.g., Datadog), who operate under signed Business Associate Agreements (BAAs).

  • With Regulatory Authorities: When legally compelled to do so, such as by court order or compliance audit.

  • With Business Successors: If PostSurgy undergoes a merger, acquisition, or reorganization, user data may transfer to the new entity under confidentiality obligations.

5. Data Retention and Deletion

  • PHI and Medical Records: Retained in accordance with federal and state regulations, usually for at least 6 years.

  • User Accounts: Retained as long as the account is active and for a reasonable period thereafter.

  • De-Identification: After retention periods expire, we anonymize data using irreversible processes.

  • Deletion Requests: Subject to legal and contractual limits, users may request deletion of their information by contacting us at privacy@postsurgy.com.

6. Your Rights

You have specific rights under HIPAA, CCPA (for California residents), and GDPR (for users in the EU):

  • Access: You can request access to your personal or health data.

  • Correction: You can request corrections to incorrect or incomplete data.

  • Deletion: You can request that we delete your personal data, subject to certain exceptions.

  • Portability: You can request a copy of your data in a portable format.

  • Restrictions: You can request limitations on the use or disclosure of your information.

  • Withdraw Consent: If consent was previously given, you can revoke it at any time for future processing.

To exercise any of these rights, email privacy@postsurgy.com.

7. Data Security

We implement strict security measures including:

  • Encryption of data at rest (AES-256) and in transit (TLS 1.2 or higher);

  • Role-based access controls (RBAC) and user authentication via OAuth2;

  • Continuous monitoring, audit logs, and regular vulnerability scans;

  • HIPAA-aligned security controls for all infrastructure components.

In the event of a breach involving PHI, we will notify affected users and regulators in accordance with HIPAA Breach Notification Rules.

8. Children’s Privacy

Our Services are not directed to individuals under 13. We do not knowingly collect information from children without verified parental or guardian consent. If you believe that we have unintentionally collected such data, please contact us for prompt removal.

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Session Management: Keep users logged in across interactions;

  • Performance Analytics: Identify latency and improve system reliability;

  • User Experience Optimization: Store UI preferences and personalize content.

You can manage or disable cookies via your browser settings. Disabling cookies may impact the functionality of certain Services.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If material changes are made, we will notify users via email or within the product interface. All changes are effective immediately unless otherwise specified.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, you may contact us at:

PostSurgy, Inc.
Email: privacy@postsurgy.com

We are committed to protecting your privacy and ensuring you have confidence in how your data is handled. Thank you for choosing PostSurgy.