Privacy Policy

Updated: May 5, 2025

Introduction

This Privacy Policy describes how Worklift ("we," "our," or "us") collects, uses, maintains, and discloses information collected from users ("you" or "users") of our services, which may include our website, applications, browser extensions, and other tools (collectively referred to as "Services"). This policy has been developed to ensure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and to demonstrate our commitment to protecting your privacy.

HIPAA Compliance Statement

Worklift Extension is designed to be HIPAA-compliant and implements administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of Protected Health Information (PHI) as required by the HIPAA Security Rule. We maintain appropriate security measures to prevent unauthorized access, disclosure, or improper use of PHI.

Information We Collect

Protected Health Information (PHI)

We may collect or have access to PHI in the course of providing our services. PHI includes individually identifiable health information related to:

• An individual's past, present, or future physical or mental health condition
• The provision of healthcare to an individual
• Payment for healthcare provided to an individual

Other Information

We may also collect:

• Personal identification information (name, email address, etc.)
• Device information (browser type, IP address, etc.)
• Usage data (features accessed, time spent on the extension, etc.)

How We Use Collected Information

We use collected information for the following purposes:

• To provide and improve our services
• To personalize user experience
• To process transactions
• To send periodic emails (with your consent)
• To comply with legal obligations

Use of PHI

Any PHI we collect or process is used solely for the purposes disclosed in this Privacy Policy and as permitted by HIPAA. We will not use or disclose PHI for marketing purposes without your explicit authorization.

Data Security

We implement a variety of security measures to maintain the safety of your personal information and PHI, including:

• Encryption of transmitted data
• Secure servers and networks
• Access controls and authentication
• Regular security assessments
• Employee training on privacy and security

Business Associate Agreements

When applicable, we enter into Business Associate Agreements (BAAs) with covered entities as required by HIPAA. These agreements establish our obligations regarding the use and safeguarding of PHI.

Data Retention

We retain PHI only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. We implement a data retention policy that includes secure deletion of PHI when it is no longer needed.

Your Rights

Under HIPAA, you have certain rights regarding your PHI, including:

• The right to access your PHI
• The right to request corrections to your PHI
• The right to receive an accounting of disclosures of your PHI
• The right to request restrictions on certain uses and disclosures
• The right to receive communications by alternative means or at alternative locations
• The right to file a complaint if you believe your privacy rights have been violated

To exercise these rights, please contact our Privacy Officer using the contact information provided below.

Breach Notification

In the event of a breach of unsecured PHI, we will:

• Notify affected individuals without unreasonable delay (and in no case later than 60 days following discovery)
• Provide information about the breach, steps individuals should take to protect themselves, and steps we are taking to investigate and mitigate the breach
• Notify the Secretary of Health and Human Services and, in certain cases, the media

Third-Party Disclosure

We do not sell, trade, or rent users' PHI to others. We may share generic aggregated demographic information not linked to any PHI with our business partners and trusted affiliates.
We may use third-party service providers to help us operate our business and the extension, or administer activities on our behalf. We have BAAs with these third parties that require them to protect any PHI they may access.

Changes to This Privacy Policy

We have the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the top of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.

Privacy Responsibilities

As a small business, the owner of Worklift, LLC is personally responsible for developing and implementing our HIPAA compliance policies and procedures, including this Privacy Policy. The owner handles all privacy-related inquiries and complaints and serves as the designated contact for privacy matters.

Contact Us

If you have any questions about this Privacy Policy, the practices of our Services, or your dealings with Worklift, please contact us at:
Worklift, LLC
Website: worklift.ai
Email: privacy@worklift.ai

Your Acceptance of These Terms

By using our Services, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Services. Your continued use of the Services following the posting of changes to this policy will be deemed your acceptance of those changes.