Legal
Privacy Policy
Version 2.0 — Last updated April 2026
Introduction
PodDispatch LLC collects and processes protected health information (PHI) on behalf of operator companies as a HIPAA Business Associate. This Privacy Policy describes how we collect, use, retain, and protect information in connection with our platform.
PHI We Collect on Behalf of Operators
The PHI we collect and process includes patient names, dates of birth, addresses, telephone numbers, insurance member IDs and payer information, ICD-10 diagnosis codes, clinical documentation entered through the ePCR (vitals, narratives, assessments, equipment, signatures), transport records (origin, destination, times, mileage, crew assignments), and billing and claim records.
Operator Account Information We Collect Directly
We collect operator account information including company name, NPI number, state of operation, owner contact information, employee names and roles, vehicle and equipment records, payer mix, billing configuration, and payment information for the platform subscription.
How We Use This Information
This information is used solely to provide the platform services described in the Terms of Service and the executed Business Associate Agreement. PodDispatch does not sell PHI, does not use PHI for advertising, and does not use PHI for any purpose other than delivering the contracted service to the operator.
How We Protect Information
We use industry-standard security measures including encryption in transit (TLS 1.2 or higher) and encryption at rest (AES-256), role-based access controls, audit logging of every PHI access event, and regular security reviews. Patient data is stored in HIPAA-aligned infrastructure. Access to PHI is limited to authorized PodDispatch personnel with a documented operational need.
Data Retention
PHI is retained for seven years following account termination in accordance with HIPAA requirements unless the operator requests earlier deletion consistent with applicable law.
Operator Data Deletion Requests
Operators may request deletion of their company data by contacting PodDispatch LLC directly at support@thepoddispatch.com. Deletion is processed within 60 days and is subject to applicable legal-hold requirements.
Subprocessors and Infrastructure
PodDispatch uses Supabase for data storage, authentication, and serverless function infrastructure. PodDispatch uses Stripe for processing platform subscription payments (no PHI is shared with Stripe). Each subprocessor is bound by appropriate written agreements that protect PHI.
Breach Notification
Security incidents involving PHI will be reported to affected operators within 60 days of discovery as required by the HIPAA Breach Notification Rule. Operators are responsible for notifying affected patients and the Department of Health and Human Services as required by law.
Your Rights
Operators have the right to access, correct, export, or delete their account data at any time. PHI-related rights are governed by the Business Associate Agreement and the underlying patient relationship between the operator (covered entity) and the patient.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification. Continued use of the service after notification constitutes acceptance of the updated policy.
Contact
For privacy-related questions contact support@thepoddispatch.com.