Effective Date: 9/1/2025
This agreement describes how Genuine Intelligence, LLC ("TouchpointPT," "we," "us," or "our") collects, uses, stores, and protects information in connection with clinics, group practices, healthcare organizations, and individual licensed practitioners (each a "Partner") that use the TouchpointPT platform to deliver care to their patients. By registering as a Partner or using the platform, you acknowledge and agree to the practices described in this agreement.
TouchpointPT acts as a technology platform provider and, with respect to any Protected Health Information (PHI) that flows through the platform, as a Business Associate and data custodian on behalf of the Partner. TouchpointPT does not own any patient data or PHI. All patient information and clinical records created, transmitted, or stored through the platform are owned by the Partner and/or the applicable patient. TouchpointPT holds such data solely in its capacity as a data custodian, at the direction of and on behalf of the Partner.
TouchpointPT's obligations regarding PHI are governed by the Business Associate Agreement (BAA) executed between TouchpointPT and the Partner.
This agreement addresses information TouchpointPT collects about Partners themselves - including organizational, account, and platform usage information - and the safeguards TouchpointPT maintains for patient data processed through the platform on the Partner's behalf.
When a Partner registers for and uses the TouchpointPT platform, we may collect the following types of information:
We use the information collected from Partners to:
We do not use Partner information for marketing purposes beyond communicating about TouchpointPT's own services, and we do not sell Partner information to third parties.
When Partners use the platform to deliver care, patient health information and PHI may be created, transmitted, or stored through the platform. TouchpointPT processes this data solely as a Business Associate and data custodian acting on behalf of the Partner. TouchpointPT does not claim any proprietary interest in patient data or PHI. The Partner retains full ownership of all patient information at all times, including during and after the term of the subscription.
We do not sell Partner information. We may share Partner information with the following categories of recipients as necessary to provide the platform and comply with applicable law:
All third-party vendors with access to PHI are required to execute a BAA with TouchpointPT and implement HIPAA-compliant safeguards.
TouchpointPT implements administrative, technical, and physical safeguards designed to protect Partner information and patient PHI against unauthorized access, disclosure, alteration, or destruction. These safeguards include:
To report any suspected security incidents, contact us at support@touchpointpt.com.
We retain Partner account and organizational information for the duration of the partnership and for a reasonable period thereafter as necessary to fulfill legal, regulatory, and contractual obligations.
Patient PHI processed through the platform on behalf of Partners is retained in accordance with the applicable BAA and applicable law, including the HIPAA minimum retention requirements. TouchpointPT retains data for a minimum of seven (7) years to satisfy both HIPAA and any applicable state laws that may require longer retention periods.
Upon termination or non-renewal of a Partner's subscription, TouchpointPT will communicate data disposition options in accordance with the applicable Partner Agreement and BAA, including long-term archival storage, transfer to a HIPAA-compliant third-party provider, account continuation under separate billing, or export for self-managed retention.
Partners who use the TouchpointPT platform to collect payments from patients are required to connect a Stripe Standard account. In connection with the payment integration, TouchpointPT may share certain Partner account and transaction-related information with Stripe, Inc. as necessary to facilitate the processing of patient payments.
For questions about how Stripe handles data collected through the payment integration, Partners and patients should refer to Stripe's Privacy Policy at stripe.com/privacy.
In the event of a security incident involving Partner information or patient PHI processed through the platform, TouchpointPT will notify the affected Partner as required under the BAA and applicable HIPAA Breach Notification Rules.
TouchpointPT will cooperate with Partners in any breach investigation and will implement remediation measures to prevent future incidents.
We use cookies and similar tracking technologies within the platform portal to support authentication, maintain session state, and gather aggregate analytics about platform usage. Partners and their staff may adjust browser settings to limit cookies, though some platform features may not function properly without them.
We do not use cookies to track individuals across unaffiliated websites or to serve third-party advertising.
We may update this agreement from time to time. If we make material changes, we will notify Partners via email or in-platform notification at least thirty (30) days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy. Partners who do not agree to material changes should discontinue use and notify TouchpointPT in writing.
For questions about this agreement or about how TouchpointPT handles your data as a Partner, contact us at: support@touchpointpt.com.
TouchpointPT has designated a Privacy and Security Officer responsible for overseeing compliance with HIPAA and this Privacy Policy. For privacy-related questions, concerns, or to report a suspected privacy or security incident, contact the Privacy Officer at: support@touchpointpt.com.