Privacy Policy

1. Introduction

Surgeon Stream ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform for surgical practice growth and lead management.

By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name and contact information (email address, phone number)
• Professional information (medical specialties, practice location)
• Business address and geographic service areas
• Authentication data (OAuth tokens, session information)

2.2 Campaign and Lead Data

• Marketing campaign information and performance metrics
• Lead information submitted through forms
• Campaign targeting preferences and settings
• Advertising account information from Meta/Facebook

2.3 Technical Information

• IP address and browser information
• Device information and operating system
• Usage data and analytics
• Log files and error reports

3. How We Use Your Information

We use your information for the following purposes:

• Service Provision: To provide and maintain our lead management platform
• Campaign Management: To create and manage advertising campaigns on Meta/Facebook
• Lead Processing: To capture, route, and track leads from campaigns
• Analytics: To analyze campaign performance and provide insights
• Communication: To send service-related notifications and updates
• Support: To provide customer support and troubleshooting
• Legal Compliance: To comply with applicable laws and regulations

4. Information Sharing and Disclosure

4.1 Third-Party Services

We may share your information with:

• Meta/Facebook: For advertising campaign creation and management
• Supabase: For database hosting and authentication services
• Analytics Providers: For usage analytics and performance monitoring

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

5. Data Security

We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Row-level security policies in our database
• Regular security audits and monitoring
• Access controls and authentication requirements
• Compliance with healthcare data protection standards

6. Data Retention

We retain your personal information according to the following schedule:

• Account Information: Retained while your account is active and for 2 years after account closure
• Campaign Data: Retained for 7 years for business analytics and tax purposes
• Lead Information: Retained for 5 years or as required by applicable healthcare regulations
• Technical Logs: Retained for 1 year for security and debugging purposes

You may request deletion of your data before these periods expire by contacting us. Some data may be retained longer if required by law or for legitimate business purposes.

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request copies of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your data to another service
• Opt-out: Opt out of certain data processing activities
• Withdraw Consent: Withdraw consent where processing is based on consent

8. HIPAA Compliance

While our platform facilitates lead generation for healthcare practices, we do not directly handle protected health information (PHI) as defined under HIPAA. However, we implement security measures consistent with healthcare industry standards to protect all data on our platform.

9. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience and analyze usage. Types of cookies we use include:

• Essential Cookies: Required for basic platform functionality and authentication
• Analytics Cookies: Help us understand user behavior and improve our service
• Performance Cookies: Monitor platform performance and identify issues
• Functional Cookies: Remember your preferences and settings

You can control cookie settings through your browser preferences. Disabling certain cookies may limit platform functionality. We may also use third-party analytics services that use cookies to help us understand how users interact with our platform.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this privacy policy.

11. Children's Privacy

Our service is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13, in compliance with COPPA (Children's Online Privacy Protection Act).

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

• Investigate and contain the breach immediately
• Notify affected users within 72 hours when feasible
• Report the breach to relevant authorities as required by law
• Provide clear information about what data was involved
• Offer guidance on protective measures you can take

We maintain an incident response plan to ensure prompt and effective handling of any security incidents.

14. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us: