Privacy & Security

HiBoop is built with a privacy-first architecture. All patient health information is encrypted in transit and at rest, and access is strictly controlled through role-based permissions.

HIPAA compliance

HiBoop is designed to support HIPAA-compliant workflows for U.S.-based healthcare organizations. This includes:

• Business Associate Agreement (BAA), available to all clinics on request
• Role-based access controls, staff only see what their role permits
• Audit logging, every patient data access event is recorded with timestamp and user
• Encrypted storage and transmission, TLS in transit, AES-256 at rest

Contact [email protected] to request your BAA.

How HiBoop protects patient data

HiBoop uses layered security controls: TLS 1.2+ for all data in transit, AES-256 encryption at rest, automatic session timeouts after inactivity, and infrastructure that follows SOC 2-aligned practices. Multi-factor authentication is available for all staff accounts.

See How does HiBoop protect patient data?

Data sharing policy

HiBoop does not sell or share patient data with third parties for advertising, analytics, or any commercial purpose. Data is processed solely to deliver the HiBoop service to your clinic. De-identified aggregate data is never sold.

See Privacy & Security FAQ for details on data sharing, subprocessors, and legal documents.

Your privacy rights

Patients and clinic administrators have rights over the data HiBoop holds, including the right to access, correct, export, or delete records. To submit a data rights request, contact [email protected] or reach out through hiboop.com/contact/.

See Privacy & Security FAQ for details on access, portability, and erasure requests.

Terms of service & privacy policy

HiBoop's full legal documents, including the Privacy Policy, Terms of Service, and BAA template, are available at hiboop.com/legal/.

See Privacy & Security FAQ for a guided walkthrough of the key provisions.