§ 01Who we are
ibusiness LLC ('ibusiness', 'we', 'us') is a Delaware-registered HealthTech studio building software for American private medical practices. This Privacy Policy describes how we collect, use, and protect personal information — including Protected Health Information (PHI) — in connection with our services.
§ 02HIPAA & PHI
Where ibusiness functions as a Business Associate to a HIPAA-covered entity, we sign a Business Associate Agreement (BAA) before any PHI is exchanged. We comply with HIPAA's Privacy, Security, and Breach Notification Rules, and we cascade BAAs to every subprocessor that touches PHI on our behalf.
All PHI is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is restricted by role and audited on a per-record basis.
§ 03Information we collect
From visitors: name, email, phone, practice name, role, and the message content you provide when requesting a briefing.
From clients (under BAA): patient identifiers, appointment metadata, and conversational logs strictly to operate the services you've contracted.
Automatically: minimal analytics (page views, referrer) using a privacy-respecting tool with IP anonymization.
§ 04How we use it
To respond to your briefing request, deliver contracted services, satisfy legal obligations, and improve our software. We do not sell personal information. We do not use PHI to train AI models, and our LLM providers are configured for zero data retention.
§ 05Subprocessors
We engage industry-standard subprocessors — including AWS, Twilio, SendGrid, Anthropic, and OpenAI — each under a BAA where PHI is involved. A current list is available on request.
§ 06Your rights
You may request access, correction, or deletion of personal information we hold about you. California residents have additional rights under the CCPA; EU residents under the GDPR; healthcare data subjects under HIPAA's right of access. Email hello@ibusiness.com to exercise any of these rights.
§ 07Security
Encryption (TLS 1.3 / AES-256), role-based access control, MFA-only administrative access, penetration testing on a defined cadence, and a documented incident response procedure including 60-day breach notification.
§ 08Retention
We retain personal information only as long as necessary to provide our services or as required by HIPAA, contractual obligations, or applicable law. Retention periods are documented per data category and disclosed under BAA.
§ 09International transfers
ibusiness operates from the United States. If you contact us from outside the U.S., your information will be processed in the U.S. under appropriate safeguards.
§ 10Changes to this policy
We will post updates here and update the 'Last updated' date. Material changes affecting BAA-covered services will be communicated directly to affected clients.
§ 11Contact
ibusiness LLC · Austin TX · hello@ibusiness.com