CaseMgmt

Privacy Policy

Last updated: February 28, 2026

1. Introduction

CaseMgmt (“we,” “our,” or “us”) is committed to protecting the privacy of our users and the individuals whose information is managed through our platform. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at casemgmt.io and use our case management platform.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, phone number, company name, and billing information. This information is necessary to provide our services.

Protected Health Information (PHI)

Our platform is used to manage patient case information, which may include Protected Health Information as defined by HIPAA. We process this information solely on behalf of our customers (covered entities) and in accordance with our Business Associate Agreement (BAA).

Usage Data

We automatically collect certain information about your device and usage of our services, including IP address, browser type, operating system, pages visited, and time spent on our platform.

Cookies & Tracking Technologies

We use essential cookies required for the platform to function, including session cookies and authentication tokens. We do not use third-party advertising cookies or tracking pixels.

3. How We Use Your Information

  • To provide, maintain, and improve our case management platform
  • To process billing and subscription management
  • To send transactional emails (account confirmations, billing receipts, security alerts)
  • To provide customer support
  • To comply with legal obligations, including HIPAA requirements
  • To detect and prevent fraud, abuse, or security incidents
  • To generate anonymized, aggregate analytics to improve our services

4. HIPAA Compliance

CaseMgmt operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We enter into a Business Associate Agreement (BAA) with each customer who uses our platform to manage Protected Health Information (PHI).

We implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule, including encryption of PHI at rest and in transit, access controls, audit logging, and workforce training.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share information with:

  • Service providers: Cloud hosting (AWS), payment processing (Stripe), email delivery, and AI services that assist in platform functionality, all bound by data processing agreements
  • Legal compliance: When required by law, subpoena, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets
  • With your consent: When you explicitly authorize disclosure

6. Data Security

We implement industry-standard security measures including:

  • 256-bit AES encryption for data at rest
  • TLS 1.2+ encryption for data in transit
  • Role-based access controls (RBAC)
  • Comprehensive audit logging
  • Regular security assessments
  • Automatic session management and timeout
  • Single-session enforcement to prevent unauthorized concurrent access

7. Data Retention

We retain your account information for as long as your account is active or as needed to provide services. Patient and case data managed through the platform is retained according to your organization's retention policies and applicable regulatory requirements. Upon account termination, we will delete or de-identify your data within 90 days, unless retention is required by law.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and receive a copy of your personal data
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time

To exercise any of these rights, please contact us at privacy@casemgmt.io.

9. Children's Privacy

Our platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If patient records include information about minors, such data is managed by the covered entity in accordance with applicable laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending an email to your registered email address. Your continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

CaseMgmt

Email: privacy@casemgmt.io

Website: casemgmt.io