Privacy Policy

Linear Health (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our platform. If you do not agree with the terms of this policy, please do not access the site or use our services.

This policy applies to the Linear Health marketing website and our electronic health record (EHR) platform. For platform users, additional terms may apply as outlined in your service agreement and BAA.

Information you provide:

• Name, email address, phone number, and agency information when you request a demo or contact us
• Professional information such as job title and agency name
• Communication preferences
• Any other information you voluntarily provide through forms or correspondence

Information collected automatically:

• IP address, browser type, and operating system
• Pages viewed, links clicked, and time spent on pages
• Referring website addresses
• Device identifiers and analytics data

Protected Health Information (PHI):

Patient data entered into the Linear Health platform by authorized users is governed by your BAA and HIPAA regulations. We act as a Business Associate and process PHI only as directed by the covered entity (your agency) and as permitted by law.

• Respond to your inquiries and provide customer support
• Process demo requests and service agreements
• Send product updates, security notifications, and service communications
• Improve our website, platform, and user experience
• Conduct analytics and research to enhance our offerings
• Comply with legal obligations and protect our rights
• Send marketing communications (only with your consent)

We may share your information in these circumstances:

• Service Providers: Third-party vendors who perform services on our behalf (hosting, analytics, email delivery) under contractual obligations to protect your data.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
• Legal Requirements: When required by law, court order, or governmental regulation, or to protect our rights and safety.
• With Your Consent: When you give us explicit permission to share your information.

We never share PHI except as permitted by your BAA and applicable law.

Linear Health is designed to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA). Our security measures include:

• AES-256 encryption for data at rest
• TLS 1.2+ encryption for data in transit
• Role-based access controls and audit logging
• Regular security assessments and penetration testing
• Signed Business Associate Agreements with all customers and subcontractors
• Employee security training and background checks

While we implement industry-standard protections, no method of electronic storage or transmission is 100% secure. We continuously evaluate and improve our security posture.

We use cookies and similar technologies to improve your experience on our website. These help us:

• Remember your preferences and settings
• Understand how you navigate our website
• Improve website performance and functionality
• Measure the effectiveness of our communications

You can control cookies through your browser settings. We may use third-party analytics services such as Google Analytics. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Depending on your location, you may have the following rights:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Opt-Out: Opt out of marketing communications at any time
• Data Portability: Request a copy of your data in a structured format

To exercise any of these rights, contact us at privacy@linearhealth.io.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• The right to know what personal information we collect and how it is used
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy and revising the “Last updated” date. We encourage you to review this policy periodically.