Privacy Policy
Effective Date: March 7, 2026
Bit2Sky Inc. ("Company," "we," "us," or "our") operates Bit2Sky, a HIPAA-compliant patient portal for healthcare organizations.
1. Information We Collect
We collect the following types of information:
- Personal Information: Name, email address, phone number, date of birth, and mailing address provided during account registration.
- Health Information: Protected Health Information (PHI) as defined by HIPAA, including appointment details, medical records, prescriptions, and clinical notes shared through the platform.
- Communication Data: SMS messages, call logs, and telehealth session metadata.
- Technical Data: IP address, browser type, device information, and usage analytics.
2. How We Use Your Information
We use your information to:
- Provide and maintain the Bit2Sky patient portal services
- Send appointment reminders, scheduling confirmations, and care coordination notifications via SMS
- Send verification codes for account security
- Facilitate telehealth video visits between patients and providers
- Process prescriptions and manage patient records
- Improve our services and user experience
- Comply with legal and regulatory requirements, including HIPAA
3. SMS Communications
By providing your phone number and opting in to SMS notifications, you consent to receive the following types of text messages from Bit2Sky:
- Appointment reminders and confirmations
- Telehealth session notifications and join links
- Account verification codes
- Prescription and care coordination notifications
Message frequency: Varies based on your appointments and account activity. Typically 1-10 messages per month.
Message and data rates may apply. Contact your wireless carrier for details about your messaging plan.
You may opt out of SMS notifications at any time by replying STOP to any message. Reply HELP for assistance. Opting out of SMS will not affect your ability to use the Bit2Sky portal.
4. HIPAA Compliance
Bit2Sky is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA). We implement administrative, physical, and technical safeguards to protect your Protected Health Information (PHI), including:
- End-to-end encryption for telehealth sessions
- Encrypted data storage and transmission
- Role-based access controls
- Audit logging of all data access
- Business Associate Agreements (BAAs) with all service providers
5. Information Sharing
We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:
- Healthcare Providers: With your healthcare providers as necessary for treatment, payment, and healthcare operations
- Service Providers: With trusted third-party service providers who assist us in operating the platform (e.g., Azure Communication Services for SMS, cloud hosting), under strict confidentiality and BAA agreements
- Legal Requirements: When required by law, regulation, or legal process
- Emergency: To prevent serious harm to you or others
6. Data Security
We use industry-standard security measures to protect your data, including:
- TLS/SSL encryption for all data in transit
- AES-256 encryption for data at rest
- Multi-factor authentication
- Regular security audits and vulnerability assessments
- Azure cloud infrastructure with SOC 2, HIPAA, and HITRUST certifications
7. Data Retention
We retain your personal and health information for as long as your account is active or as needed to provide services. Medical records are retained in accordance with applicable state and federal regulations. You may request deletion of your account by contacting us.
8. Your Rights
You have the right to:
- Access your personal and health information
- Request corrections to inaccurate information
- Request deletion of your account and data (subject to legal retention requirements)
- Opt out of SMS communications at any time
- Receive a copy of your health records
- File a complaint if you believe your privacy rights have been violated
9. Children's Privacy
Bit2Sky is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13 without parental consent.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us: