Privacy Policy

1. Information We Collect

Information you provide directly

When you fill out a form on our website (contact form, demo request, lead magnet download, BAA request), we collect: your name, work email address, organization name, job title, and any message content you provide. This information is used solely to respond to your inquiry and, with your permission, to send relevant product communications.

Clinical data uploaded to the platform

When you use the Vizier analytics platform as a subscriber, you may upload clinical and financial datasets exported from your EHR or practice management system. These datasets may contain protected health information (PHI) as defined under HIPAA. This data is treated as PHI and handled in accordance with Section 3 (HIPAA Compliance) of this policy and the terms of your Business Associate Agreement.

Usage analytics

We use Google Tag Manager (GTM) and associated analytics tools to collect anonymous usage data about how visitors interact with our website. This includes pages visited, time on page, referring URL, device type, and browser. This data does not include any personally identifiable information and is used solely to improve our website and understand which content is most useful to our visitors.

2. HIPAA Compliance

Vizier operates as a Business Associate under HIPAA for customers who upload clinical data to the platform. PHI uploaded to Vizier is subject to the full technical, administrative, and physical safeguard requirements of the HIPAA Security Rule. A signed Business Associate Agreement (BAA) is required before any PHI is uploaded to the platform. BAAs are included with all subscription tiers and are executed within 1 business day of request.

We do not use PHI for any purpose other than providing the contracted analytics services. We do not sell, share, or use clinical data for advertising, product development (beyond the contracted service), or any secondary purpose without explicit written authorization from the covered entity.

For detailed information about our HIPAA safeguards, see our HIPAA Compliance page.

3. Data Storage and Security

All data stored in the Vizier platform is hosted on US-based cloud infrastructure. Data centers are SOC 2 Type II certified. All data is encrypted at rest using AES-256 encryption. All data in transit is encrypted using TLS 1.3. Access to production data is restricted to authorized personnel and is subject to audit logging.

Website form data (contact submissions, demo requests) is stored in our CRM system, which is also US-based and encrypted at rest.

4. Data Sharing

We do not sell your data. We do not share personal information or PHI with third parties for advertising, marketing, or any purpose unrelated to delivering the Vizier service.

We may share data with subprocessors who assist in delivering the service (cloud infrastructure provider, email delivery service, CRM system). All subprocessors are contractually bound to handle data in accordance with our privacy and security standards. A list of current subprocessors is available upon request.

We may disclose information if required by law, court order, or government authority, and will notify affected customers to the extent permitted by law.

5. Data Retention

Data retention periods vary by subscription tier:

• Practice tier: 30-day data retention
• Health System tier: 1-year data retention
• Enterprise tier: 3-year data retention (custom terms available)

Upon cancellation or account termination, customer data is retained for 30 days to allow for data export. After 30 days, all customer data is permanently and irreversibly deleted. Website inquiry data (contact form submissions) is retained for up to 3 years for business record purposes and then deleted.

6. Your Rights

GDPR rights (European Union users)

If you are located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR): the right to access your personal data (Article 15), the right to rectification (Article 16), the right to erasure / "right to be forgotten" (Article 17), the right to restrict processing (Article 18), the right to data portability (Article 20), the right to object to processing (Article 21), and rights related to automated decision-making (Article 22). To exercise any of these rights, contact privacy@vizier.health. We will respond within 30 days.

CCPA rights (California users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA): the right to know what personal information we collect and how it is used, the right to delete personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your CCPA rights. To submit a CCPA request, contact privacy@vizier.health.

7. Cookies

We use analytical cookies only. We do not use advertising cookies, tracking pixels for ad retargeting, or any cookies that track you across third-party websites. Our analytics cookies (via Google Tag Manager) collect anonymous session data to help us understand how our website is used. You can disable cookies in your browser settings at any time. Disabling analytics cookies does not affect your ability to use our website or platform.

8. Contact for Privacy Questions

For any questions, concerns, or requests related to this Privacy Policy or our data practices, contact: