Privacy Policy

1. Information We Collect

When you use our services β€” including our HIPAA Scanner, compliance audits, website forms, or contact us directly β€” we may collect the following categories of personal information:

  • Identifiers: Name, email address, phone number, company or practice name
  • Business Information: Website URLs submitted for scanning, business type, number of employees
  • Technical Data: IP address, browser type, device type, page views, referring URLs
  • Communications: Content of emails, form submissions, and support requests
  • Payment Information: Processed securely through Stripe; we do not store card numbers on our servers

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services (including HIPAA scans and compliance reports)
  • Communicate with you about your account, services, and support requests
  • Send relevant product updates and service announcements (you may opt out at any time)
  • Analyze usage patterns to improve our platform and user experience
  • Comply with legal obligations and enforce our terms of service

3. Data Sharing

We do not sell your personal data to third parties. We share information only with:

  • Service Providers: Trusted vendors who process data on our behalf (e.g., Stripe for payments, cloud hosting providers, email delivery services). Each provider is contractually obligated to protect your data.
  • Legal Requirements: When required by law, subpoena, or government request, or to protect the rights, property, or safety of CC3PO, our users, or the public.
  • Business Transfers: In connection with any merger, acquisition, or sale of company assets, your data may be transferred to the acquiring entity.

4. CCPA Rights (California Consumers)

Under the California Consumer Privacy Act (CCPA), California residents have the following rights:

  • Right to Know: You may request a copy of the personal information we have collected about you in the past 12 months.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions required by law.
  • Right to Opt-Out of Sale: We do not sell personal data. You may still exercise this right by contacting us.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise your CCPA rights, contact us at legal@cc3po.com. We will respond to verified requests within 45 days.

5. HIPAA Compliance Data

Scan results are encrypted in transit and at rest. We do not store Protected Health Information (PHI) through our scanner. You own all data generated by your scan. Scan results are retained for 90 days and then permanently deleted.

6. SMS Communications

By opting in to SMS, you consent to receive text messages from CC3PO LLC related to service notifications, compliance alerts, appointment reminders, account updates, and customer support. Message frequency varies (up to approximately 4 messages per month for service notifications, plus support replies). Reply STOP to cancel at any time. Reply HELP for assistance. Msg & data rates may apply. Consent is not a condition of purchasing any goods or services.

We will not send promotional SMS without your explicit opt-in. We do not sell, rent, share, or transfer your mobile opt-in data to third-party lead generators, data brokers, or marketing companies. Your phone number is used solely for the SMS program described above and related customer support. For full SMS terms, see our SMS Consent & Disclosure page.

7. Data Retention

  • Lead form submissions: retained for 12 months
  • Scan results: retained for 90 days, then permanently deleted
  • Account data: retained for the duration of your active subscription
  • All personal data: deleted within 30 days of a verified deletion request

8. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information, including encryption in transit (TLS 1.3), access controls, and regular security assessments.

9. Your Rights

In addition to CCPA rights, you may:

  • Access your personal data
  • Request correction of inaccurate data
  • Opt out of marketing communications at any time
  • Request a copy of your data in a portable format

10. GDPR Compliance (EU Users)

If you are a resident of the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You may request a copy of all personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate personal data.
  • Right to Erasure: You may request deletion of your personal data ("right to be forgotten").
  • Right to Data Portability: You may request your data in a structured, machine-readable format.
  • Right to Object: You may object to processing of your data for direct marketing or profiling.
  • Right to Restrict Processing: You may request that we limit how we use your data while concerns are resolved.

Our lawful basis for processing is legitimate interest (service delivery, security, and improvement) unless otherwise stated. We do not conduct automated decision-making that produces legal effects. For questions about your GDPR rights, contact our Data Protection Officer at legal@cc3po.com.

11. Data Breach Notification

In the event of a personal data breach, CC3PO LLC is committed to transparency and compliance:

  • Notification Timeline: We will notify affected users within 72 hours of becoming aware of a breach, as required by GDPR Article 33.
  • Notification Method: Notifications will be sent via email to the address associated with your account, and a prominent notice will be displayed on our website.
  • Notification Content: Each notification will include: the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address the breach.
  • Authority Reporting: We will report breaches to the relevant supervisory authority where required by law.
  • Prevention: We maintain technical and organizational measures including encryption (AES-256 at rest, TLS 1.3 in transit), access controls, regular security audits, and incident response plans.

If you believe a data breach has occurred, please contact us immediately at legal@cc3po.com.

12. Contact

CC3PO LLC

16299 Adobe Way, Lathrop, CA 95330

πŸ“§ legal@cc3po.com

πŸ“ž (209) 701-1137

← Back to Home