1. Notice and Policy Updates

This Privacy Policy establishes the standards for how we handle data within our platform. We ensure that notice is provided to all users at or before the point of data collection through the following methods:

· For all new accounts, this policy is provided during the onboarding process. Access to the platform is contingent upon the review and acceptance of these terms.

· For users with accounts established prior to the effective date of this policy, a formal notice will be provided via email. Upon the first login following the effective date, users will be required to review and electronically acknowledge the policy to maintain continued access.

· We reserve the right to modify this policy. For changes that significantly affect your rights or the nature of our data processing, we will provide notification via the platform login page or the email address on file at least 7 days before such changes take effect.

· Minor updates that do not materially impact data usage or privacy rights will be effective immediately upon being posted to the platform.

2. Collection of Personal Information

We limit the collection of information to the data categories necessary to perform medical claim repricing and payment optimization. These categories include:

· Professional and billing identifiers such as provider names, National Provider Identifiers (NPI), Tax IDs, and service location addresses.

· Patient demographics including names, gender, and dates of birth.

· Claim metadata and clinical coding including claim numbers, dates of service, and standardized medical codes such as procedure, diagnosis, and revenue codes.

· Financial processing attributes including billed charges, fee schedules, allowed amounts, and calculated savings.

3. Intended Use and Explicit Consent

By utilizing the platform and clicking "I Consent," you provide explicit consent for the processing of the data categories identified in Section 2.

· Data is used primarily to calculate allowed amounts and savings and to return repricing results to the requesting party.

· Anonymized data, stripped of all individual identifiers, may be retained long-term for system trend analysis and benchmarking.

· Consent is a condition of service for this closed B2B platform. While you may withdraw consent at any time, doing so will result in the immediate suspension of platform access.

· Withdrawal of consent does not waive or modify any existing contractual or financial obligations under your Master Service Agreement.

4. Data Retention, Disposal, and Residency

· To comply with HIPAA requirements, which mandate the retention of certain records for at least 6 years, we maintain identifiable claim data for a standard period of 7 years. This additional year ensures the completion of all administrative processing, facilitates potential audits, and satisfies various state or federal legal requirements.

· Upon the expiration of the 7-year retention period, data is securely deleted or fully anonymized.

· All primary data processing and persistent data storage occur exclusively on secure servers located within the United States.

5. Disclosure to Third Parties

Personal information is disclosed or made accessible only to the following categories of third parties:

· The originating party (Client) that initiated the specific API request or data upload.

· Cloud infrastructure providers utilized for secure, US-based hosting and data storage.

· Managed service providers and technical consultants responsible for system administration and maintenance.

· Professional software development firms engaged for system optimization and support. These partners are contractually required to maintain strict confidentiality and security standards equivalent to our own. Access to personal information is provided through secure, monitored channels, and the storage of any such information on unauthorized or local developer devices is strictly prohibited.

· Security partners utilizing automated tools to monitor and protect the system environment.

6. Rights of Access and Correction

· Authorized users may review their information and request corrections by contacting privacy@trpndirectpay.com.

· As a Business Associate and service provider, we process data solely on behalf of our Clients. Any data requests received directly from patients will be referred to the relevant Client (the Covered Entity) for fulfillment and response.

· We strive to ensure the accuracy and completeness of all information used for repricing purposes.

7. Right to Challenge a Denial

If a request for data access or correction is denied due to legal restrictions, regulatory requirements, or the finalized status of a claim, we will provide a written explanation for the denial. You have the right to challenge this decision by submitting a formal appeal using the Privacy email provided above.

8. Breach Notification and Reporting

In the event of a suspected or actual unauthorized disclosure of personal information, we will notify affected clients as soon as possible, and no later than 60 days following discovery, in accordance with HIPAA regulations. If you identify a potential security vulnerability or suspect an unauthorized disclosure has occurred, please report it immediately to security@trpndirectpay.com.

9. Security Statement

We implement administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your data. However, no system can be guaranteed to be 100% secure.

· Users are responsible for maintaining the security of their own account credentials and for ensuring that data is uploaded via secure, authorized channels.

· We are not responsible for unauthorized access resulting from a compromise of user-managed credentials or unsecured local environments.

· Our liability regarding data security is limited to the terms established in your signed Agreement and Business Associate Agreement (BAA).

10. Contact Us

If you have any questions about this Privacy Policy, our data handling practices, or your rights under this policy, please contact us at privacy@trpndirectpay.com.