Legal
Privacy Policy
This Privacy Policy describes how [ Company / Legal Entity Name ] ("RepSheets," "we," "us," or "our") collects, uses, and shares information in connection with the "Services": our public website at repsheets.us, the RepSheets administrative web application, and the RepSheets mobile (iPad) application. The website is open to the public; the administrative and mobile applications require a login and are made available to authorized users of our distributor and manufacturer customers.
1. Information We Collect
The public website
Our public website (repsheets.us) does not use cookies, analytics, or tracking technologies, and it has no account or contact forms — the only way to contact us from the site is through email links. The site loads fonts and icons from third-party content-delivery networks, which may receive your IP address and browser information as a normal part of delivering those files. Our hosting provider may keep standard server access logs.
Information you provide (administrative and mobile apps)
- Account and contact details (name, email, organization, role), obtained through the sign-in provider you use to authenticate.
- Case and usage data entered by reps: parts and quantities, photos, signatures, and notes, along with limited patient identifiers (patient initials and medical record number) and related procedure, location, and payor information.
- Communications you send to us (support requests, inquiries).
Information collected automatically (administrative and mobile apps)
- Authentication and session information, including the session cookies the administrative web application uses to keep you signed in.
- Device, log, and usage information.
If you enable biometric sign-in (Face ID / Touch ID) in the mobile app, that feature is handled entirely by your device's operating system. We never receive or store your biometric data.
2. How We Use Information
- To provide, maintain, and improve the Services.
- To authenticate users and control access to the applications.
- To generate billing-ready, payor-priced usage sheets and to support billing, commission, and reporting for our distributor and manufacturer customers.
- To communicate with you about your account and support requests.
- To protect the security and integrity of the Services and to comply with legal obligations.
We do not use personal information for advertising, and we do not sell personal information.
3. Protected Health Information (HIPAA)
Some case data may constitute Protected Health Information (PHI). RepSheets is designed to support our customers' compliance with HIPAA and minimizes the identifiers it handles — for example, using patient initials and a medical record number rather than full patient names. Where we process PHI on behalf of a customer, that processing is governed by our agreement with that customer, and we maintain administrative, technical, and physical safeguards intended to protect it.
[ Insert specific HIPAA / Business Associate Agreement terms and safeguards, as confirmed by counsel. ]4. How We Share Information
We share information only as needed to operate the Services:
- With cloud hosting, database, and authentication providers that operate the Services on our behalf under confidentiality and data-protection obligations.
- With the customer organization you work with (such as the distributor or manufacturer) as part of delivering usage and billing data.
- When required by law, or to protect the rights, safety, and security of users, the public, or RepSheets.
- In connection with a business transfer such as a merger, acquisition, or sale of assets.
We do not sell personal information.
5. Data Retention
We retain account information for as long as your account is active. Case and usage records are kept as point-in-time business records to support billing, audit, commission, and compliance obligations, and are not altered after the fact.
[ Insert specific retention periods or criteria, aligned with medical record-keeping and billing obligations and confirmed by counsel. ]6. Data Security
Access to the applications requires authentication through a supported sign-in provider and is limited to authorized users on an approved list. Data is stored with established cloud infrastructure providers. The mobile app enforces an inactivity timeout, and administrative sessions expire. Biometric sign-in data never leaves your device. No method of transmission or storage is completely secure, but we work to protect information using reasonable safeguards.
[ Add any additional administrative, technical, and physical safeguards, as confirmed by counsel. ]7. Your Rights and Choices
You may request access to or correction of your account information by contacting us using the details below. Please note that case and usage records that serve as point-in-time business and compliance records may be subject to retention obligations and may not be deletable on request. Requests concerning a patient's information should be directed to the healthcare provider or customer responsible for that record.
[ Add jurisdiction-specific rights (for example, California or EU/UK residents) and how to exercise them, as applicable and confirmed by counsel. ]8. Children's Privacy
The Services are a professional business tool intended for authorized professional users. They are not directed to children, and we do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice.
10. Contact Us
If you have questions about this Privacy Policy or our data practices, or you would like to exercise a privacy choice, contact us at:
[ Company Name ]
[ Mailing Address ]
dcraig@jlsimplants.com