Privacy Policy

Last Updated: January 15, 2025

Introduction

Effinger Law ("we," "our," or "us") operates the Halcyon Intake application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including any Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA).

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Information We Collect

Personal Information

We may collect personally identifiable information that you voluntarily provide, including:

  • Name, email address, and contact information
  • Account credentials (username and encrypted password)
  • Professional information (for attorney/paralegal users)
  • Billing and payment information

Protected Health Information (PHI)

In the course of providing our Service, we may collect and process PHI including:

  • Medical records and health history
  • Disability and medical condition information
  • Social Security Numbers (encrypted at rest)
  • Date of birth and demographic information
  • Employment and income information
  • Insurance and healthcare provider information

Automatically Collected Information

When you access our Service, we may automatically collect device information, IP address, browser type, access times, and pages viewed. This information does not include PHI and is used solely for improving our Service.

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our Service
  • Process and analyze disability case assessments
  • Generate case viability scores and recommendations
  • Communicate with you about your account and cases
  • Send administrative notifications and updates
  • Improve and optimize our Service
  • Comply with legal obligations

HIPAA Compliance

We are committed to protecting the privacy and security of PHI in accordance with HIPAA. Our HIPAA compliance measures include:

  • Data Encryption: All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Role-based access ensures only authorized personnel can access PHI
  • Audit Logging: All access to PHI is logged for compliance auditing
  • PHI Sanitization: PHI is removed from data before processing by AI systems
  • Business Associate Agreements: We maintain BAAs with all service providers handling PHI
  • Secure Infrastructure: Our systems are hosted on HIPAA-compliant AWS infrastructure

Third-Party Services

We use the following third-party services to operate our Service. All services that handle PHI are covered by Business Associate Agreements:

  • Amazon Web Services (AWS): Database hosting, file storage, email delivery, and document processing (HIPAA BAA in place)
  • Vercel: Application hosting (HIPAA BAA in place)
  • AI Services: Document analysis (PHI is sanitized before processing)
  • LemonSqueezy: Payment processing (does not receive PHI)

Data Security

We implement appropriate technical and organizational security measures to protect your information, including encryption, firewalls, secure access protocols, and regular security assessments. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. PHI is retained in accordance with applicable legal requirements and professional standards for legal records.

Your Rights

Under HIPAA and applicable privacy laws, you have the right to:

  • Access your personal information and PHI
  • Request correction of inaccurate information
  • Request deletion of your information (subject to legal retention requirements)
  • Receive a copy of your data in a portable format
  • Opt-out of certain data processing activities
  • File a complaint with the HHS Office for Civil Rights

To exercise these rights, please contact us at freddie@effingerlaw.com.

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Effinger Law

Email: freddie@effingerlaw.com

Terms of Service← Back to Home