Privacy Policy Terms of Service Business Associate Agreement

Privacy Policy

Last Updated: January 2026

1. Introduction

NoBackOffice, Inc. ("NoBackOffice," "we," "us," or "our") respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

This Privacy Policy describes how we collect, use, disclose, and safeguard information when you access or use our software platform, websites, applications, and related services (collectively, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website
  • Customers (medical practices, providers, staff)
  • End users authorized by our customers
  • Individuals whose data is processed through our Services

Important HIPAA Notice: When NoBackOffice processes Protected Health Information (PHI) on behalf of a covered entity, we act as a Business Associate under HIPAA. In those cases, the handling of PHI is governed primarily by the applicable Business Associate Agreement (BAA) and HIPAA regulations.

3. Information We Collect

3.1 Information You Provide Directly

We may collect information you provide, including:

  • Account Information: name, email address, phone number, job title
  • Practice Information: practice name, address, NPI, tax identifiers
  • Billing Information: payment method details (processed via third-party payment processors)
  • Communications: emails, support requests, chat messages
  • User-Generated Content: configuration data, uploaded documents, forms

3.2 Protected Health Information (PHI)

When enabled by our customers, we may process PHI such as:

  • Patient demographics
  • Appointment information
  • Clinical documentation
  • Billing and insurance data

PHI is processed solely on behalf of our customers and in accordance with HIPAA, our BAAs, and applicable law.

3.3 Automatically Collected Information

We may automatically collect:

  • IP address
  • Device type and browser
  • Operating system
  • Usage logs and timestamps
  • Performance and diagnostic data

This information is used for security, analytics, and service improvement.

4. How We Use Information

We use collected information to:

  • Provide, operate, and maintain the Services
  • Authenticate users and manage access
  • Process transactions and billing
  • Provide customer support
  • Improve functionality and performance
  • Ensure security and fraud prevention
  • Comply with legal and regulatory obligations

We do not sell personal data.

5. Legal Bases for Processing (Where Applicable)

Depending on jurisdiction, our legal bases may include:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate business interests
  • User consent (where required)

6. Data Sharing and Disclosure

We may share information only as necessary with:

6.1 Service Providers

Third parties that help us operate the Services, such as:

  • Cloud infrastructure providers
  • Payment processors
  • Email and communications providers
  • Analytics and monitoring tools

All vendors are contractually obligated to maintain appropriate security and confidentiality.

6.2 Legal and Regulatory Requirements

We may disclose information if required to:

  • Comply with laws, regulations, or court orders
  • Respond to lawful requests by public authorities
  • Protect rights, safety, and property

6.3 Business Transfers

In connection with a merger, acquisition, or asset sale, information may be transferred subject to confidentiality obligations.

7. Data Security

We implement administrative, technical, and physical safeguards, including:

  • Encryption in transit and at rest
  • Access controls and role-based permissions
  • Audit logging
  • Network segmentation
  • Regular security reviews

Despite these measures, no system can be 100% secure.

8. Data Retention

We retain information only for as long as necessary to:

  • Provide the Services
  • Fulfill contractual obligations
  • Comply with legal and regulatory requirements

PHI retention is governed by customer agreements and applicable healthcare laws.

9. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access your personal information
  • Request correction or deletion
  • Object to or restrict processing
  • Request data portability

Requests should be directed to your healthcare provider or practice when applicable.

10. California Privacy Rights (CCPA/CPRA)

California residents may have additional rights, including:

  • Right to know what personal data is collected
  • Right to request deletion
  • Right to opt out of certain data uses

NoBackOffice does not sell personal information.

11. Children's Privacy

The Services are not intended for individuals under 18. We do not knowingly collect personal information from children.

12. Third-Party Links

Our Services may contain links to third-party sites. We are not responsible for their privacy practices.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted with an updated "Last Updated" date.

14. Contact Information

For privacy-related inquiries, contact:

NoBackOffice, Inc.

Email: support@nobackoffice.com

Website: https://www.nobackoffice.com