Privacy Policy

SecurePHI ("we," "us," or "our") operates the analytics platform available at securephi.app. We are based in Scranton, Pennsylvania. For privacy questions, contact us at privacy@securephi.app.

When a healthcare website embeds our Ghost Script tracker, the following data is transmitted from each page view to our edge function:

• The page's URL pathname (e.g., /services/orthopedics)
• The referring URL or referrer string, if present
• The visitor's IP address — extracted from request headers only
• The visitor's User-Agent string — extracted from request headers only

Critically: the IP address and User-Agent string are never written to any database, log file, or persistent storage. They are used exclusively as inputs to our one-way hashing function and are discarded immediately after.

Every visitor is represented in our database by a single cryptographic hash — never by any raw identifier. The hash is computed as follows:

SHA-256 is a one-way cryptographic function. It is mathematically infeasible to reverse a SHA-256 hash back to its inputs. No party — including SecurePHI — can reconstruct a visitor's IP address or User-Agent from the stored hash.

The Daily Salt is derived as HMAC-SHA256(SECRET_KEY, YYYY-MM-DD). It rotates at every UTC midnight. Because the salt changes daily, hashes from two different calendar days are cryptographically unlinkable — even if they represent the same visitor. This eliminates cross-day re-identification.

The only data stored in our analytics database per page view is:

• The 64-character hex visitor hash (not reversible to any identity)
• The page pathname
• The referrer string
• The date of the salt used (YYYY-MM-DD)
• The site ID of the healthcare website

The following data is never collected, stored, or accessible through SecurePHI:

• Names, email addresses, phone numbers, or mailing addresses
• Raw IP addresses
• Raw User-Agent strings
• Browser cookies (none are set or read)
• LocalStorage or SessionStorage values
• Device fingerprints
• Persistent cross-session identifiers
• Any of the 18 identifiers enumerated in HIPAA's Safe Harbor standard (45 CFR §164.514(b))

SecurePHI is designed to meet the HIPAA Safe Harbor de-identification standard under 45 CFR §164.514(b). Because we do not collect any of the 18 Safe Harbor identifiers and because visitor hashes are cryptographically irreversible, the data processed by SecurePHI does not constitute Protected Health Information (PHI).

Customers who sign a Business Associate Agreement (BAA) with SecurePHI receive additional contractual protections. The BAA is available at securephi.app/dashboard/baa.

When you create a SecurePHI account, we collect:

• Your email address (used for authentication and transactional emails)
• Your Stripe customer ID (for billing — we do not store card numbers)
• Your subscription plan tier
• Your site name(s) and domain(s) as entered by you

Payment processing is handled entirely by Stripe. SecurePHI never sees or stores your credit card information.

None of these providers receive raw visitor data. They receive only the anonymized hashes described in Section 3.

Anonymized analytics events are retained for the period defined by your subscription plan (30 days on Starter, 90 days on HIPAA Clinic, 1 year on Growth, custom on Enterprise). Because the data contains no PII, there is no legal obligation under HIPAA or GDPR that governs the retention period — plan limits are a product feature, not a compliance requirement.

Customer account data is retained for the duration of your subscription and for seven (7) years thereafter to comply with applicable accounting and tax regulations. You may request deletion by emailing privacy@securephi.app.

Because we store no PII about your website visitors, there is no individual visitor data to access, correct, or delete.

As a SecurePHI customer, you may request access to, correction of, or deletion of your account data at any time by contacting privacy@securephi.app.

We may update this Privacy Policy from time to time. Material changes will be communicated by email to account holders at least 14 days before they take effect. The effective date at the top of this page will be updated with each revision.

SecurePHI
Scranton, Pennsylvania
privacy@securephi.app