Legal
Privacy Policy
Effective Date: June 1, 2025 | Last Updated: June 9, 2026
GetSurveyReady, LLC ("GetSurveyReady," "we," "our," or "us") is committed to protecting the privacy and security of the information we collect. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform and services (the "Service"). Please read this policy carefully. By using the Service, you agree to the practices described herein.
This Privacy Policy addresses our obligations as a Business Associate under HIPAA and as a software service provider collecting business contact and platform usage data. Where our customers submit Protected Health Information (PHI) or employee health-related data, that data is governed by our Business Associate Agreement (BAA).
1. Information We Collect
1.1 Information You Provide Directly
- Account information: Organization name, administrator name, email address, phone number, and billing information when you register or subscribe.
- Staff and employee records: Names, email addresses, job titles, hire dates, credential information, training completion records, attestation signatures, and other personnel data entered by your organization's administrators.
- Health-related attestations: TB screening status, hepatitis B vaccination status, and similar occupational health records submitted as part of personnel file management. This data is treated as PHI/sensitive data and is governed by the BAA.
- Communications: Messages, feedback, and support requests you send to us.
1.2 Information Collected Automatically
- Log data: IP addresses, browser type, operating system, pages viewed, timestamps, and referring URLs when you access the Service.
- Usage data: Features accessed, modules completed, time spent on the platform, and other interaction data used to improve the Service.
- Cookies and similar technologies: Session cookies necessary for authentication and service functionality. We do not use third-party advertising cookies. See Section 7 for more.
1.3 Information from Third Parties
We may receive information from payment processors (e.g., billing confirmations) and cloud infrastructure providers. We do not purchase or receive personal data from data brokers.
2. How We Use Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide and operate the Service | Account info, staff records, usage data | Contract performance |
| Process payments | Billing information | Contract performance |
| Send transactional communications (receipts, password resets, notifications) | Email address | Contract performance |
| Provide customer support | Account info, support communications | Legitimate interest |
| Improve and develop the Service | Aggregated, de-identified usage data | Legitimate interest |
| Comply with legal obligations | As required by law | Legal obligation |
| Send product updates and marketing (opt-in) | Email address | Consent |
We do not sell your personal data or Customer Data to third parties. We do not use Customer Data for advertising purposes.
3. HIPAA Compliance
GetSurveyReady acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) when processing Protected Health Information (PHI) on behalf of Covered Entities. This includes any employee health records such as TB screening results, hepatitis B vaccination status, or other occupational health information entered into the platform.
As a Business Associate, we:
- Use and disclose PHI only as permitted by the BAA and applicable law;
- Implement appropriate administrative, physical, and technical safeguards (the HIPAA Security Rule);
- Report breaches of unsecured PHI to Covered Entities within the timeframes required by the HIPAA Breach Notification Rule;
- Do not use PHI for our own purposes beyond what is necessary to provide the Service;
- Ensure any subcontractors who access PHI enter into appropriate Business Associate Agreements.
Our complete obligations are set forth in the Business Associate Agreement, which governs over this Privacy Policy for PHI.
4. How We Share Information
We do not sell or rent personal information. We may share information in the following limited circumstances:
- Service providers and subprocessors: We engage trusted vendors (cloud hosting, email delivery, payment processing) who process data on our behalf under contractual data protection obligations. Current subprocessors include Amazon Web Services (hosting) and Gmail/Google (transactional email).
- Legal requirements: We may disclose information when required by law, court order, or governmental authority, or to protect the rights, property, or safety of GetSurveyReady, our customers, or others.
- Business transfers: In connection with a merger, acquisition, or sale of assets, Customer Data may be transferred to a successor entity, subject to the same privacy protections.
- With your consent: In any other circumstance with your explicit consent.
5. Data Retention
We retain Customer Data for as long as your subscription is active. Following termination, Customer Data is available for export for 30 days, after which it is deleted from production systems. Backup copies may persist for up to 90 days before being purged. Aggregated, de-identified data may be retained indefinitely for analytics purposes. Log data is retained for up to 12 months.
6. Data Security
GetSurveyReady employs industry-standard security measures to protect your data, including:
- Encryption of data in transit using TLS 1.2 or higher;
- Encryption of sensitive data at rest;
- Role-based access controls limiting data access to authorized personnel;
- Regular security reviews and vulnerability assessments;
- Audit logging of significant data access and modification events.
No method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately at hello@getsurveyready.com.
7. Cookies
The Service uses the following cookies:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| auth_token | Essential | Authentication session management | Session / 1 hour |
| refresh_token | Essential | Session refresh | 7 days |
We do not use analytics cookies, advertising cookies, or third-party tracking cookies. Because we use only essential cookies, no cookie consent banner is required under current regulations; however, you may disable cookies in your browser settings, which will prevent you from logging into the Service.
8. Children's Privacy
The Service is intended for use by adults in a professional healthcare setting. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such information, we will delete it promptly.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your personal data, subject to legal obligations and legitimate business needs.
- Portability: Request your data in a structured, machine-readable format.
- Objection / Restriction: Object to or request restriction of certain processing activities.
- Withdraw Consent: Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.
Employee data within Customer accounts is controlled by the employing organization. Employees seeking to exercise data rights with respect to their employment records should contact their employer directly. To exercise rights with respect to GetSurveyReady's own data processing, contact hello@getsurveyready.com.
California residents may have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information as defined under the CCPA.
10. International Data Transfers
The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have data protection laws different from those in your country. By using the Service, you consent to this transfer.
11. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email to the address on file or by posting a prominent notice in the Service. The updated policy is effective upon posting. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.
13. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact our privacy team:
GetSurveyReady, LLC
Privacy & Compliance
hello@getsurveyready.com
We will respond to privacy inquiries within 30 days.