Privacy Policy
1. No patient information (No PHI)
Chordae is a staff/workforce tool and is not intended to collect patient health information (PHI). We do not knowingly collect PHI, and users are prohibited from entering it. Chordae is not a HIPAA business associate for patient data.
2. Information we collect
About clinical staff and program operations — not patients:
- Account & profile: name, work email, phone, role, and login credentials (passwords are hashed; passkeys/2FA supported).
- Professional credentials: degree, state license number and expiration, board certification and expiration, and NPI, used for reminders and program administration. We track your DEA expiration date for renewal reminders but do not store your DEA number. (NPI and license numbers are generally publicly available.)
- Scheduling & operational data: shifts, time-off and swap requests, sites, competencies/training records, and content you enter in notes or forms (which must not contain PHI).
- Technical data: device/browser info, log data, and push-notification tokens (if enabled).
3. How we use it
To operate the Service (scheduling, reminders, swaps, credential tracking, training administration), secure accounts, send service and account notices, and comply with law. We do not sell your personal information and do not use it for third-party advertising.
4. How we share it
Within your organization per admin-configured access; with service providers (cloud hosting, email/SMS delivery) under contracts limiting their use; and for legal compliance or to protect rights and safety.
5. Communications
We send account and operational messages. SMS, if used, is opt-in and urgent-only, and message bodies never contain sensitive personal or health information — only a notice and a portal link.
6. Security
We use industry-standard safeguards: encryption in transit (HTTPS), hashed passwords, passkey/2FA support, session controls, access restrictions, encryption of sensitive secrets, and regular backups. No system is perfectly secure.
7. Data retention
We retain data while your account/organization is active and as needed for the above purposes or as required by law (including training-record retention). On termination, data may be exported for a limited period and then deleted.
8. Your choices
You may review and update your profile, manage notifications, and request access to or deletion of your personal data, subject to legal and contractual retention obligations.
9. Data breach
If a security incident affecting personal information occurs, we will notify affected parties and authorities as required by law (including the Texas Identity Theft Enforcement and Protection Act).
10. Children & changes
Chordae is for professional use by adults (18+). We will post updates here and notify you of material changes.
11. Contact
Apex Medical Enterprises — admin@apexmedicalenterprises.com