Privacy Policy

Effective Date: May 27, 2026 · Last Updated: May 27, 2026

1. Introduction

Rendyr, LLC ("Rendyr," "we," "our," or "us") operates a Medicare performance infrastructure platform for healthcare organizations. This Privacy Policy explains how we collect, use, disclose, and protect information about you and your patients when you use our services at rendyr.health and app.rendyr.health (collectively, the "Services").

Rendyr is committed to protecting the privacy and security of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and applicable state laws.

2. Information We Collect

2.1 Information You Provide

  • Account registration information (name, email, credentials, NPI)
  • Organization information (practice name, TIN, ACO affiliation)
  • Clinical documentation entered through the platform
  • Patient census data uploaded by authorized users

2.2 Protected Health Information (PHI)

As a Business Associate under HIPAA, Rendyr processes PHI solely on behalf of Covered Entities (healthcare organizations) that have executed a Business Associate Agreement (BAA) with us. PHI is used only to provide the contracted services and is never sold or used for advertising purposes.

2.3 Automatically Collected Information

  • IP addresses and user agent strings (for security audit logging)
  • Access timestamps and actions taken within the platform
  • Browser type and operating system

3. How We Use Information

We use information we collect to:

  • Provide, maintain, and improve the Services
  • Generate clinical documentation, coding suggestions, and quality measure tracking
  • Maintain HIPAA-required audit logs of all PHI access
  • Communicate with you about the Services
  • Comply with legal obligations
  • Detect and prevent fraud and security incidents

We apply a minimum necessary standard — we access PHI only to the extent required to perform the contracted services.

4. How We Share Information

We do not sell, rent, or share PHI with third parties except as required to provide the Services or as permitted by HIPAA:

  • Service Providers: We share data with subprocessors (Google Cloud, Clerk) who have executed appropriate BAAs and are bound by confidentiality obligations
  • Legal Requirements: We may disclose information when required by law or to protect the rights and safety of our users
  • Business Transfers: In the event of a merger or acquisition, PHI will remain protected under HIPAA

5. Data Security

We implement administrative, physical, and technical safeguards to protect PHI, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Role-based access controls and multi-factor authentication
  • PHI tokenization before AI/LLM processing
  • Comprehensive audit logging of all PHI access per HIPAA §164.312(b)
  • Organization-level data isolation — no cross-tenant data access

6. Data Retention

We retain PHI and audit logs for a minimum of six (6) years from the date of creation or last effective date, in compliance with HIPAA §164.530(j) and Tennessee state law. Upon termination of services, PHI will be returned or destroyed in accordance with the applicable BAA.

7. Your Rights

Healthcare organizations using Rendyr retain all rights to their patients' PHI. Patients wishing to exercise their HIPAA rights (access, amendment, accounting of disclosures) should contact their healthcare provider directly. For questions about how Rendyr processes PHI on behalf of your organization, contact us at privacy@rendyr.health.

8. Business Associate Agreements

All healthcare organizations using Rendyr must execute a Business Associate Agreement before uploading any PHI. The BAA governs the use and disclosure of PHI and takes precedence over this Privacy Policy with respect to PHI handling.

9. Cookies and Tracking

Rendyr products are ad-free. We do not use advertising cookies or sell data to advertisers. We use essential cookies only for authentication and session management. We do not use third-party analytics that track individual users across sites.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify customers of material changes via email or in-app notification at least 30 days before the changes take effect.

11. Contact Us

For privacy-related questions or to report a security concern:

Rendyr, LLC
Thompson's Station, Tennessee
Email: privacy@rendyr.health