Copay Privacy and Security Policy

Copay Inc. (“Copay” or “Us” or “We”) is serious about protecting the privacy of your personal information. We have implemented strict policies to ensure that the privacy of your personal and healthcare-related information is protected while still enabling you to make use of our website (the “Site”) or any mobile application, factoring platform, or other products or services provided by Copay (collectively with the Site, the “Services”). We use information collected about you through the use of the Services or on the Site solely for the purposes set out in this policy. The terms of this policy are also incorporated into the Copay Terms of Use, Application Agreement, Credit and Background Check Authorization, E-sign Consent Agreement, and SMS Terms and Conditions.

This Privacy and Security Policy outlines how Copay collects, uses, shares, and protects your information, including healthcare-related sensitive data, in compliance with applicable laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA).

Information We Collect
We collect personal and healthcare-related information to provide our factoring services effectively. This includes: Personal Information (name, address, email, phone number, Social Security Number, financial information such as bank account details, and identification documents such as government-issued IDs); Healthcare-Specific Information (PHI) (patient billing and adjudication data, claims data submitted for factoring purposes, and other data classified as Protected Health Information (PHI) under HIPAA); Automatically Collected Information (device and browser data, IP address and location information, and usage data via cookies and tracking technologies).

How We Use Your Information
We use the information collected to provide and improve our factoring services; verify your identity and conduct necessary background checks; process medical claims and ensure compliance with healthcare regulations; detect and prevent fraud or unauthorized access; and comply with legal and regulatory requirements. For PHI, we comply with HIPAA’s minimum necessary standard, using or disclosing only the information required to fulfill our obligations.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties

Sharing Your Information
We may share your information with Trusted Business Partners (entities assisting with operational support, including payment processing and claims verification); Healthcare Providers and Payers (to facilitate factoring services and resolve claims-related issues); Regulators and Law Enforcement (as required by law or to comply with legal obligations). For PHI, we ensure all third parties sign Business Associate Agreements (BAAs), committing them to safeguard your data under HIPAA.

Your Rights
As a user of our services, you have the right to access your personal and healthcare-related data; request corrections to inaccurate or incomplete information; restrict certain uses and disclosures of PHI; and receive an accounting of disclosures of PHI. To exercise these rights, contact us at hello@copay.com.

Security Measures
We take extensive precautions to protect your information, including Encryption (securing all data transmissions and storage using industry-standard encryption protocols); Access Controls (restricting data access to authorized personnel only); Monitoring and Audits (regularly reviewing systems to detect vulnerabilities and ensure compliance); Compliance Certifications HIPAA compliance standards. Despite these measures, no system is completely secure, and we encourage you to safeguard your account credentials.

Breach Notification
In the event of a breach involving PHI or other sensitive data, we will notify affected individuals and relevant authorities promptly, as required by HIPAA and applicable laws.

Cookies and Tracking Technologies
We use cookies and similar technologies to enhance user experience and improve site functionality; analyze website traffic and usage patterns; and deliver personalized marketing messages. You can manage your cookie preferences through your browser settings or opt out using tools provided by organizations like the Digital Advertising Alliance (DAA).

Data Retention
We retain personal information and PHI only as long as necessary to fulfill our services or comply with legal and regulatory obligations. Once data is no longer needed, it is securely destroyed or anonymized.

Updates to This Policy
We may update this policy periodically to reflect changes in our practices or legal requirements. Significant updates will be communicated to users via email or a notification on our website.

Contact Us
For questions about this Privacy and Security Policy or to exercise your rights, please contact us at hello@copay.com