Privacy Policy

1.1 This Privacy Policy (the “Policy”) describes how CodeSync Health, Inc., its subsidiaries, and affiliated companies (“CodeSync,” “we,” “us,” or “our”) may collect, use, and share information obtained through www.codesync.ai and other websites, mobile applications, and software platforms that link to this Policy (collectively, the “Sites”).

1.2 This Policy applies only to information collected through the Sites and does not govern CodeSync’s offline services or any other products or solutions that are subject to separate agreements or notices.

2.1 CodeSync is an AI-native healthcare technology company engaged in providing software-as-a-service (“SaaS”) platforms and Revenue Cycle Management (“RCM”) services to healthcare providers and organizations across the United States.

2.2 Our online platform offerings available through the Sites include a SaaS Charge Capture Platform, AI-native billing intelligence, and clearinghouse and payer connectivity that support the clinical billing workflows, financial operations, and business processes of our clients and their authorized users when they access and use the Sites. Any offline or separately contracted services are governed by separate agreements and are not covered by this Policy.

2.3 For more information about our services and offerings, please visit our website at www.codesync.ai.

3.1.1 Our website collects information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). Personal Information does not include publicly available information lawfully made available from government records, de-identified or aggregated consumer information that cannot reasonably be linked to a particular consumer or household, or information otherwise excluded from the scope of applicable state or federal privacy laws.

3.1.2 Depending on how you interact with the Sites, the Personal Information we collect may include the following categories:

Where CodeSync’s Services involve access to or processing of Protected Health Information (the “PHI”) on behalf of a healthcare provider or contracted partner organization, such information is governed by one or more applicable agreements and not by this Policy. Please refer to Section 8.5 for more details.

4.1 Information Provided by You.

We obtain personal information in a number of ways, including through your use of the Sites when you:

4.2 Information We Automatically Collect.

We automatically collect certain information through cookies and similar tracking technologies when you visit or interact with the Sites. For more details, please refer to our Cookie Policy.

4.3 Information from Partner Organizations.

CodeSync may receive limited personal information about you from contracted partner organizations, including billing intermediaries and healthcare service providers, for purposes such as creating or managing user accounts, granting access to the Sites, or supporting your use of our online tools. This may include identifiers (such as name, email address, phone number, and account username), professional details (such as job title, National Provider Identifier (NPI), medical license, specialty, and organization name), and usage or technical data related to your interaction with our Sites and support channels; any Protected Health Information (PHI) received from such organizations is governed solely by applicable agreements (such as Business Associate Agreements) and not by this Policy.

5.1 Storage.

CodeSync retains personal information only for as long as necessary to fulfill the purposes for which it was collected, as required by applicable law. Retention periods may vary depending on the nature of the information, the applicable legal or regulatory requirement, and the terms of the relevant client agreement. Upon expiration of the applicable retention period, personal information is securely deleted or anonymized in accordance with our internal data retention procedures.

5.2 Security.

5.3 Retention Periods.

Without limiting the generality of the foregoing, CodeSync applies the following general retention guidelines, subject to applicable law and contractual obligations:

6.1 Service Delivery and Platform Operations.

To provide, operate, maintain, and improve our SaaS Charge Capture platform, RCM Services, and AI-native billing intelligence tools, including processing claims, verifying eligibility, managing denials, and posting payments on behalf of our contracted partner organizations. To create, maintain, and secure your account, process transactions, and authenticate authorized users accessing our platform.

6.2 AI and Analytics.

6.3 Fraud Detection and Security.

To detect, investigate, and prevent fraudulent transactions, unauthorized access, security incidents, and other potentially prohibited or unlawful activity on our platform. To monitor platform activity, maintain audit logs, and enforce our agreements, terms of service, and internal security policies.

6.4 Communications.

To respond to your inquiries, support requests, and feedback, and to communicate with you regarding your account, platform updates, service changes, and billing matters. To send you operational notices, legal disclosures, policy updates, and other communications required or permitted under applicable law or our agreements with your organization.

6.5 Legal and Regulatory Compliance.

To comply with applicable federal and state laws and regulations, including HIPAA/HITECH, U.S. Privacy Laws, and other healthcare regulatory requirements. To respond to lawful requests from government authorities, regulatory bodies, or law enforcement, and to establish, exercise, or defend legal claims in any forum. To fulfill our obligations under executed Business Associate Agreements and other contractual commitments with our client organizations and partner entities.

7.1 With Partner Organizations.

We may share your information with contracted partner organizations, billing intermediaries, healthcare service providers, clearinghouses, payers, and third-party service providers solely to the extent necessary to deliver our Services. This includes providers of payment processing, claim submission, data analytics, platform hosting, customer support, security monitoring, and audit services. All third parties receiving personal information are bound by confidentiality obligations and, where applicable, by other agreements consistent with HIPAA requirements.

7.2 With Healthcare Providers and Payers.

In connection with the submission and processing of claims, we may share billing and clinical information with government and commercial insurance payers, clearinghouses, and credentialing organizations solely as necessary to perform RCM Services on behalf of our contracted partner organizations.

7.3 By Law or To Protect Rights.

We may disclose your information where required or permitted by applicable law, regulation, legal process, or governmental request, or where we have a good-faith belief that disclosure is reasonably necessary to:

7.4 Business Transfers.

In the event of a merger, acquisition, reorganization, sale of assets, or change of control, your information may be transferred to the successor entity, subject to the same protections described in this Policy.

7.5 With Your Consent.

We may share your information for any other purpose with your prior written consent or at your direction.

7.6 Third-Party API Consumers.

Where client organizations or authorized third-party developers access CodeSync’s platform through our public API to build custom workflows or integrations, such access is governed by the applicable API terms of use, integration agreements, and, where PHI is involved, any applicable agreements with the relevant covered entity or client organization. CodeSync does not grant API access to third parties for purposes inconsistent with this Policy or the applicable client agreement.

7.7 Cross-Border Data Transfers.

CodeSync may process and store personal information in the United States and in other jurisdictions where its service providers operate. Where personal information is transferred outside of your jurisdiction of residence, CodeSync implements appropriate safeguards consistent with applicable law, which may include contractual protections, data processing agreements, and other legally recognized transfer mechanisms designed to ensure an adequate level of data protection.

8.1 Scope of PHI Processing.

CodeSync may process protected health information (“PHI”) solely in its capacity as a service provider to healthcare providers, billing organizations, and other contracted partner organizations, and only in accordance with applicable healthcare laws and regulations, including the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (“HIPAA/HITECH”), and any applicable agreements.

8.2 Source of PHI.

CodeSync does not collect PHI directly from individuals through its publicly accessible websites or applications. Any PHI processed by CodeSync is received from or on behalf of covered entities or their authorized representatives, including in connection with billing, claims processing, and related Revenue Cycle Management workflows.

8.3 Permitted Use and Disclosure.

CodeSync processes PHI exclusively on behalf of its contracted clients and partner organizations, and solely for purposes permitted under applicable agreements and law. In accordance with the Minimum Necessary Standard under 45 C.F.R. Section 164.502(b), CodeSync limits access to PHI to what is necessary to perform its services.

8.4 Operational Use of PHI.

Certain CodeSync Services, including charge capture, clinical documentation support, data extraction from patient intake materials, and automated interactions with payer systems or portals, may involve the processing of PHI. Such activities are performed solely on behalf of the relevant covered entity or partner organization and in accordance with applicable agreements and regulatory requirements.

8.5 Relationship to This Privacy Policy.

This Privacy Policy governs only personal information collected through CodeSync’s general website and business operations. It does not govern CodeSync’s use or disclosure of PHI processed on behalf of healthcare provider clients or partner organizations. Such PHI is governed exclusively by:

9.1 California.

If you reside in California, you are afforded certain rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (Cal. Civ. Code Section 1798.100 et seq.), including the right to access, correct, and delete personal information, and the right to opt out of certain data sharing practices.

9.2 Texas.

If you reside in Texas, you are afforded certain rights under the Texas Data Privacy and Security Act (TDPSA), Tex. Bus. & Com. Code Section 541.051 et seq., including the right to access, correct, delete, and obtain a portable copy of your personal information, as well as the right to opt out of the sale of personal data, targeted advertising, and certain profiling activities, and the right to non-discrimination for exercising such rights.

9.3 Delaware.

If you reside in Delaware, you are afforded certain rights under the Delaware Personal Data Privacy Act (DPDPA), Del. Code tit. 6, Section 12D-101 et seq., effective January 1, 2025, including the right to access, correct, delete, and obtain a portable copy of your personal information, the right to obtain information regarding third parties to whom your personal information has been disclosed, the right to opt out of the sale of personal data, targeted advertising, and certain profiling activities, and the right to non-discrimination for exercising such rights.

9.4 Virginia, Colorado, Connecticut, or Florida.

If you reside in Virginia, Colorado, Connecticut, or Florida, you are afforded certain rights under the applicable state privacy laws of your jurisdiction, including the right to access, correct, delete, and obtain a portable copy of your personal information, the right to opt out of the sale of personal data, targeted advertising, and certain profiling activities, and the right to non-discrimination for exercising such rights.

9.5 Other Jurisdictions.

Depending on your state or country of residence, you may have specific rights regarding your personal information under applicable data privacy laws, including but not limited to other U.S. state or international privacy regulations.

9.6 Exercising Your Rights.

We are committed to honouring these rights in accordance with the laws applicable to you in your jurisdiction. We will respond to all verified requests within the timeframe required by applicable law. To exercise any privacy rights applicable to you, you may:

CodeSync reserves the right to amend this Policy at any time at its sole discretion, with material changes communicated by email or through a prominent notice on www.codesync.ai prior to taking effect and non-material changes effective immediately upon posting. The date of the most recent revision is indicated at the top section of this Policy under “Effective Date” and it is your responsibility to review this Policy periodically. Your continued access to or use of our platform or website following the effective date of any amendment shall constitute your acknowledgment and acceptance of the revised Policy.

We will not intentionally collect any personal information (as that term is defined in the Children’s Online Privacy Protection Act) from children under the age of 13 through our Sites without receiving parental consent.

If you think that we have collected such personal information from a child under the age of 13 through the Sites, please contact us immediately.

If you have any questions or comments about this Policy or if you have a disability and would like to access this Policy in an alternative format, please contact us by writing to: