Privacy Policy

Effective Date: January 1, 2026

1. Overview

Group Practice Dashboards LLC ("GPD," "we," "us," or "our") provides analytics and business intelligence dashboards for mental health group practices. This Privacy Policy describes how we collect, use, store, and protect information obtained through our services.

2. Information We Collect

We collect and process the following types of information:

• Practice Data: Information from your Electronic Health Record (EHR) systems, payroll systems (i.e. Gusto), and accounting systems (i.e. QuickBooks), including:
  • Appointment dates, statuses, and services provided
  • Client names and demographic information
  • Practitioner names and schedules
  • Financial transaction data
  • Payroll and employee compensation information
• Account Information: Email addresses, login credentials, and billing information for authorized users.

3. How We Use Information

We use collected information solely to:

• Generate analytics dashboards and reports for your practice
• Provide technical support and improve our services
• Maintain system security and prevent unauthorized access
• Comply with legal obligations and respond to lawful requests

4. Data Storage and Security

Infrastructure

All data is stored on Microsoft Azure's enterprise-grade infrastructure with:

• Encryption at rest using Azure SQL Database encryption
• Encryption in transit using TLS 1.2 or higher
• Isolated databases per client for data separation
• Secure credential management using Azure Key Vault

Access Controls

Access to your data is restricted to:

• Authorized users within your organization
• GPD personnel on a need-to-know basis for support and maintenance

5. Data Sharing

We do not sell, rent, or share your practice data with third parties except:

• With your explicit consent
• To comply with legal obligations or court orders
• With service providers (Microsoft Azure, Gusto, QuickBooks) necessary to deliver our services, who are contractually obligated to protect your data

6. Data Retention

We retain your practice data for the duration of your subscription plus 90 days to allow for service recovery or data export requests. After this period, data is permanently deleted according to our Data Retention and Destruction Policy.

7. Your Rights

You have the right to:

• Access your data and receive a copy in a portable format
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Withdraw consent for data processing at any time

8. HIPAA Compliance

GPD serves as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) for covered entities and their business associates. We process Protected Health Information (PHI) on behalf of our customers, including:

• Client names and contact information
• Appointment dates and clinical service information
• Demographic data
• Other individually identifiable health information

HIPAA Safeguards

• Business Associate Agreement (BAA): We execute a BAA with each customer that processes PHI, as required by HIPAA
• Microsoft Azure BAA: Our infrastructure provider (Microsoft Azure) has executed a BAA covering all services used to store and process PHI
• Administrative Safeguards: Access controls, workforce training, and security policies
• Physical Safeguards: Azure's secure data centers with physical access controls
• Technical Safeguards: Encryption at rest and in transit, audit controls, and automatic logoff

Breach Notification

In the event of a breach of unsecured PHI, we will notify affected customers within 60 days of discovery, as required by HIPAA. Customers remain responsible for notifying affected individuals and, where required, the Department of Health and Human Services.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email and update the "Effective Date" at the top of this document.

10. Contact Us