1. DATA CONTROLLER

AnchoredChange-LLC is the data controller responsible for the processing of personal data collected through the AnchorPoint platform in accordance with applicable privacy laws.

2. INFORMATION WE COLLECT

2.1 Information You Provide:

• Account Information: Name, email address, username, password, role, and contact details
• Resident Data: Information about residents entered by authorized staff (subject to HIPAA protections)
• Documentation: Support notes, incident reports, goals and objectives, and other case management data
• Communications: Messages, feedback, and support requests

2.2 Automatically Collected Information:

• Usage Data: Access times, pages viewed, features used, and interaction patterns
• Device Information: Browser type, operating system, device identifiers, and screen resolution
• Log Data: IP addresses, login times, session duration, and security events
• Cookies: Session cookies for authentication and functionality

3. HOW WE USE YOUR INFORMATION

We use collected information to:

• Provide, maintain, and improve the AnchorPoint platform
• Authenticate users and manage access permissions
• Process transactions and manage subscriptions
• Send important notifications and updates
• Respond to support requests and communications
• Ensure security and prevent unauthorized access
• Comply with legal obligations and regulatory requirements
• Generate anonymized analytics to improve our services

4. HIPAA COMPLIANCE

• We implement administrative, physical, and technical safeguards to protect PHI
• PHI is only accessed by authorized personnel for legitimate purposes
• We maintain audit logs of all PHI access and modifications
• A Business Associate Agreement (BAA) is available for covered entities
• Security incidents involving PHI are reported as required by law

5. DATA SHARING AND DISCLOSURE

We do not sell your personal information. We may share information only in these circumstances:

• Service Providers: With vendors who assist in operating the platform (subject to confidentiality agreements)
• Legal Requirements: When required by law, court order, or governmental authority
• Safety: To protect the rights, safety, or property of AnchoredChange-LLC or others
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Consent: With your explicit consent for other purposes

6. DATA SECURITY

We implement comprehensive security measures including:

• Encryption of data in transit and at rest
• Strong password requirements and multi-factor authentication options
• Role-based access controls and device registration
• Regular security assessments and monitoring
• Session management with automatic timeouts
• Comprehensive audit logging

7. DATA RETENTION

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Factors considered include:

• Active subscription status
• Legal and regulatory requirements (especially for healthcare records)
• Legitimate business needs
• Resolution of disputes or enforcement of agreements

8. YOUR RIGHTS

Subject to applicable law, you may have the right to:

• Access: Request a copy of personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Data Portability: Request export of your data in a machine-readable format
• Objection: Object to certain processing activities
• Restriction: Request limitation of processing in certain circumstances

To exercise these rights, contact us at privacy@anchoredchange.com.

9. COOKIES AND TRACKING

We use essential cookies for:

• User authentication and session management
• Security features (CSRF protection)
• User preferences and settings

We do not use third-party advertising cookies or tracking pixels.

10. CHILDREN'S PRIVACY

The AnchorPoint platform is intended for use by adult staff members of residential facilities. We do not knowingly collect personal information from children under 18. If resident data includes information about minors, such data is protected under HIPAA and applicable child protection laws.

11. INTERNATIONAL DATA TRANSFERS

Your information may be processed in the United States where AnchoredChange-LLC is headquartered. By using the Service, you consent to the transfer and processing of your information in the United States.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new effective date. We encourage you to review this policy periodically.

13. CONTACT US

For questions about this Privacy Policy or our privacy practices, please contact:

---