Legal

Privacy Policy

How MySurgeryQuote collects, uses, and protects your information.

This Privacy Policy is provided as a starting point and should be reviewed by your legal counsel before relying on it. Last updated May 27, 2026.

Overview

MySurgeryQuote ("MySurgeryQuote," "we," "us") provides quoting software for surgical practices and medical spas. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to our marketing site and to the MySurgeryQuote application. Effective date: May 27, 2026.

Information We Collect

We collect three categories of information:

  • Account data. Name, work email, phone, practice name, role, and billing details you provide when you create or manage an account.
  • Usage data. Log data, device and browser information, and product analytics about how you use the application, used to operate and improve the service.
  • Patient data. Information your practice enters to build quotes, which may include protected health information (PHI) that you process through the application.

HIPAA & PHI Handling

When we handle PHI on behalf of a Covered Entity, we act as a Business Associate under HIPAA. We make a Business Associate Agreement (BAA) available on request, and we handle PHI only as permitted by that BAA and applicable law. Please do not send PHI through our marketing forms; use the application for any patient-related data.

How We Use Information

We use information to:

  • Provide, maintain, and secure the service.
  • Respond to support requests and communicate with customers.
  • Improve product features, performance, and reliability.
  • Process billing and prevent fraud or abuse.

How We Share Information

We do not sell your data. We share information with subprocessors that help us run the service: hosting providers (such as AWS, Vercel, and Render), payment processing (Stripe), and transactional email (Resend). Each subprocessor is bound by contractual confidentiality and security obligations. We may also disclose information when required by law.

Data Retention

We retain account data for as long as your account is active and for up to seven years thereafter for billing and tax records. PHI is retained and disposed of in accordance with the terms of your BAA and your instructions.

Security

We protect data with encryption at rest and in transit, multi-factor authentication, role-based access control, access logging, and automatic session timeouts. No system is perfectly secure, but we work to apply industry-standard safeguards appropriate to the sensitivity of the data.

Your Rights

You may request access to, correction of, or deletion of your personal information, subject to legal and contractual retention requirements. For data within the application, your practice controls patient records and is responsible for responding to patient requests as the Covered Entity.

Children's Privacy

The service is intended for medical practices and is not directed to children under 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify customers by email or through the application. Continued use of the service after an update constitutes acceptance of the revised policy.

Contact

Questions about this policy? Reach us through the contact form.