Rounds.One
Privacy Policy
At Rounds.One, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our healthcare communication platform. We are committed to protecting patient information and complying with HIPAA regulations.
1. Information We Collect
Facility Information: Facility name, address, license number, number of beds, administrator contact information.
User Information: Names, email addresses, phone numbers, job roles, floors/units assigned, and professional credentials.
Patient Information: Room numbers, bed letters, care notes, task assignments, and preferences (all encrypted).
Usage Data: Login activity, task completions, message logs, alarm acknowledgements, and feature usage statistics.
Technical Data: IP addresses, device information, browser type, and app version.
2. How We Collect Information
- Direct input during account registration and user management
- Task creation and completion activities
- Message sending and receipt
- Room note updates
- Alarm triggers and acknowledgements
- Automatic logging of system access
3. How We Use Your Information
- Provide and maintain the Rounds.One platform
- Route messages and tasks to appropriate staff members
- Generate reports on task completion and staff performance
- Improve our algorithms for room assignment and task distribution
- Send important notifications about alarms or urgent tasks
- Comply with legal and regulatory requirements
- Bill for subscription services
4. Encryption and Security
All sensitive data is encrypted using AES-256 encryption before storage. Message content, room notes, tasks, alarms and personally identifiable information are never stored in plain text. We use industry-standard TLS 1.3 for data transmission. Encryption keys are stored separately from data.
5. Data Sharing and Disclosure
We do not sell your data. We share information only in the following circumstances:
- Within your facility: Staff members can access data based on their roles and permissions
- Service providers: Third-party hosting and infrastructure providers under confidentiality agreements
- Legal requirements: When required by law, court order, or government investigation
- Business transfers: In the event of merger or acquisition, with notice to affected facilities
6. Data Retention
We retain your data as long as your facility maintains an active subscription. Upon cancellation, data is retained for 30 days for export, then permanently deleted. Audit logs and anonymized usage statistics may be retained longer for compliance purposes.
7. Your Rights
You have the right to:
- Access all data associated with your facility
- Export your data in standard formats (CSV/JSON)
- Request correction of inaccurate data
- Request deletion of data after account termination
- Opt out of non-essential communications
- Receive a copy of our Business Associate Agreement
8. HIPAA Compliance
Rounds.One is designed to help facilities meet HIPAA requirements. We:
- Sign Business Associate Agreements (BAAs) with covered entities
- Implement administrative, physical, and technical safeguards
- Maintain audit logs of access to electronic protected health information (ePHI)
- Provide breach notification as required by HIPAA
9. Children's Privacy
Our platform is not intended for children under 18. We do not knowingly collect information from minors.
10. International Data Transfers
Our servers are located in the United States. If you access Rounds.One from outside the US, your data will be transferred to and processed in the US.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Material changes will be notified via email to facility administrators at least 30 days in advance. Continued use of the platform constitutes acceptance of updated terms.
12. Breach Notification
In the event of a data breach affecting ePHI, we will notify affected facilities within 60 days as required by HIPAA. We will also notify regulatory authorities and affected individuals as required by law.
13. Contact Information
For privacy-related questions, to request a BAA, or to exercise your data rights:
Privacy Officer: privacy@rounds.one
For data export requests, please submit a written request from an authorized facility administrator.
← Back to Home