updateLast Updated: May 17, 2026

Privacy Policy

At IntakeMatrix, we architect our infrastructure with precision and security at the forefront. This Privacy Policy outlines our uncompromising approach to managing, processing, and safeguarding your data across our platforms.

01. Information We Collect

We systematically collect discrete datasets to operate our infrastructure effectively:

  • Account Data: Cryptographically hashed credentials, administrative contacts, and organization identifiers.
  • Operational & Patient Data: Securely ingested forms, scheduling matrices, and encrypted patient intake streams.
  • Technical Log Data: Telemetry, IP addresses, agent strings, and latency metrics for operational integrity.

02. How We Use Your Information

Data utilization is strictly confined to system performance and provisioning. We do not monetize data. Usage includes:

deployed_code

Provisioning & Routing

Executing intake workflows and deterministic routing of patient data.

credit_card

Transaction Processing

Secure billing operations managed via Lemon Squeezy integration.

03.Data Processing & Healthcare Compliance

verified_user

HIPAA Compliance Protocol

Our infrastructure is engineered for Business Associate Agreement (BAA) standards. Protected Health Information (PHI) is isolated, encrypted at rest (AES-256) and in transit, with immutable audit logs ensuring compliance.

public

GDPR Directives

We adhere to strict data localization and subject access rights for EU entities, enforcing the principle of least privilege across all nodes.

04.Data Sharing & Sub-Processors

We maintain a minimal, audited list of sub-processors to maintain operational capabilities:

Lemon Squeezy
Merchant of Record & Billing
check_circle
Google / Vercel
Cloud Infrastructure & Edge Routing
check_circle
Telecomm Operators
SMS/Voice routing endpoints
check_circle

05. Data Security

Security is mathematically enforced. All data at rest is encrypted utilizing AES-256 block ciphers. Transit layers mandate TLS 1.3 protocols. We implement continuous vulnerability scanning and zero-trust internal architecture.

06. Regional Privacy Rights (CCPA / CPRA)

California residents possess explicit rights regarding data access, deletion, and the prohibition of data sales. IntakeMatrix honors these rights universally, ensuring "Do Not Sell My Personal Information" directives are hardcoded into our handling policies.

07. Changes to This Privacy Policy

We may iterate on this policy to reflect infrastructural or regulatory shifts. Significant architectural changes affecting privacy will be broadcasted to administrative contacts prior to deployment.

08. Contact Information

mail
Privacy Operations
solutions@getintakematrix.com