Privacy Policy

Last Updated: October 25, 2025

EHR Management ("we," "us," or "our") operates EquityGuard: Intersect™ and ehrmanagement.com (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites or use our services.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Services.

1. Information We Collect

1.1 Personal Information You Provide

We collect information that you voluntarily provide when you:

• Register for an account
• Purchase our products or services
• Subscribe to our newsletter
• Contact us for support
• Participate in surveys or promotions

This information may include:

• Name, email address, phone number
• Company name, job title
• Billing and payment information
• Username and password
• Communications with us

1.2 HR Data You Upload (For Software Platform Users)

If you use our Software Platform, you may upload organizational HR data including:

• Employee demographic information (EEO-1 categories)
• Hire dates, promotion dates, termination dates
• Compensation and performance ratings
• Job titles and department assignments

Important: You are the data controller for this information. We process it solely on your behalf as a data processor. See Section 7 for more details.

1.3 Automatically Collected Information

When you visit our websites, we automatically collect:

• IP address and device information
• Browser type and version
• Pages viewed and time spent
• Referring website
• Operating system
• Cookies and similar tracking technologies (see Section 5)

2. How We Use Your Information

We use the information we collect to:

2.1 Provide and Improve Our Services

• Process your orders and payments
• Deliver products and services you've purchased
• Provide customer support
• Analyze usage patterns to improve functionality
• Develop new features and services

2.2 Communicate With You

• Send transactional emails (order confirmations, receipts)
• Provide technical support and updates
• Send marketing communications (with your consent)
• Respond to your inquiries

2.3 Legal and Security Purposes

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service
• Protect the rights and safety of our users

2.4 Analyze HR Data (Software Platform Only)

• Calculate disparate impact ratios
• Detect bias patterns and compliance violations
• Generate reports and dashboards
• Provide compliance recommendations

We do NOT:

• Sell your HR data to third parties
• Use your HR data for any purpose other than providing services to you
• Share identifiable HR data across customers

3. How We Share Your Information

We may share your information in the following circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf:

• Payment Processors: Stripe, PayPal (for payment processing)
• Email Services: SendGrid, Mailchimp (for communications)
• Cloud Hosting: AWS, Google Cloud (for data storage)
• Analytics: Google Analytics (for website analytics)

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders or subpoenas
• Government investigations
• Legal processes
• Protection of our legal rights

3.3 Business Transfers

If we undergo a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the successor organization.

3.4 With Your Consent

We may share information for any other purpose with your explicit consent.

4. Data Security

We implement industry-standard security measures to protect your information:

4.1 Technical Safeguards

• Encryption: All data transmitted to our servers uses TLS/SSL encryption
• Data at Rest: HR data is encrypted when stored
• Access Controls: Role-based permissions and multi-factor authentication
• Firewalls: Network security to prevent unauthorized access
• Regular Audits: Security assessments and penetration testing

4.2 Organizational Safeguards

• Employee background checks and confidentiality agreements
• Security training for all personnel
• Incident response procedures
• Regular security updates and patches

Important: No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

5.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality (login, shopping cart)
• Analytics Cookies: Help us understand how visitors use our site (Google Analytics)
• Marketing Cookies: Track visits across websites to deliver relevant ads
• Preference Cookies: Remember your settings and preferences

5.2 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may limit functionality. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Delete cookies when you close your browser

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to:

• Know: Request disclosure of personal information we collect
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the sale of personal information (we do NOT sell data)
• Non-Discrimination: Equal service regardless of privacy rights exercise

6.2 European Residents (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restrict Processing: Limit how we use your data
• Data Portability: Receive your data in a structured format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time

6.3 All Users

• Opt-Out of Marketing: Unsubscribe from promotional emails via the link in each email
• Update Information: Access and update your account information anytime
• Close Account: Request account closure and data deletion

6.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@ehrmanagement.com
• Subject Line: "Privacy Rights Request"

We will respond within 30 days (or as required by applicable law).

7. Data Processing for Software Platform Customers

7.1 You Are the Data Controller

When you upload HR data to our Software Platform:

• You remain the data controller
• We act as a data processor on your behalf
• You are responsible for compliance with employment laws and privacy regulations

7.2 Data Processing Agreement (DPA)

Our Terms of Service include a Data Processing Agreement that covers:

• Purpose and scope of processing
• Data security obligations
• Subprocessor requirements
• Data subject rights assistance
• Data breach notification procedures
• Data retention and deletion

7.3 Your Obligations

You agree to:

• Obtain necessary consent from employees whose data you upload
• Comply with applicable employment and privacy laws
• Provide required notices to employees
• Not upload unnecessary sensitive information

8. Data Retention

We retain your information for different periods depending on the type:

8.1 Account Information

• Active Accounts: Retained while your account is active
• Closed Accounts: Deleted within 90 days of closure (unless legal obligation requires longer retention)

8.2 HR Data (Software Platform)

• During Subscription: Retained as long as you maintain your subscription
• After Cancellation: Deleted within 30 days unless you request extended retention
• Backup Systems: May remain in backups for up to 90 days

8.3 Financial Records

• Retained for 7 years to comply with tax and accounting requirements

8.4 Marketing Data

• Retained until you unsubscribe or request deletion

9. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions where applicable
• Compliance with Privacy Shield principles (where applicable)

11. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will:

• Send email notification to registered users
• Display a prominent notice on our website
• Require acceptance for continued use (where required by law)

Your continued use of our Services after changes constitutes acceptance of the updated policy.

13. Contact Us

14. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

• Contract Performance: To provide services you've requested
• Consent: Where you've given explicit permission (e.g., marketing)
• Legitimate Interests: To improve our services and prevent fraud
• Legal Obligations: To comply with applicable laws