Privacy Policy

1. Introduction

Agilis Inc. ("we," "our," or "us") operates the Agilis Inspections Application (the "Service"), a comprehensive inspection management platform designed for healthcare facilities. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Account and Authentication Information

When you create an account or authenticate through our Service, we collect:

• Email address
• Full name or display name
• Authentication credentials (managed securely through Supabase authentication)
• User role and permissions associated with healthcare facilities

2.2 Inspection and Equipment Data

In the course of using our Service for inspections, we collect and store:

• Inspection records and associated form data relevant to your organization
• Asset and equipment inventory details (e.g., identifiers, locations, specifications) as configured by you
• Inspection results, dates, frequencies, and status information
• Location metadata (e.g., building, floor, department, room, zone)
• Device or component attributes as applicable to your configured inspection types
• Inspector identifiers and inspection comments
• Images and other attachments related to inspections
• Project or approval workflow details when enabled (e.g., submitter, approver, timestamps)

2.3 Usage and Technical Data

We automatically collect certain information when you use our Service:

• Browser type and version
• Device information and operating system
• IP address and general location information
• Access times and dates
• Pages visited and features used
• Session information and authentication tokens

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our inspection management services
• Authentication and Access Control: To verify your identity and manage access to hospital-specific data based on your assigned roles
• Inspection Management: To store, organize, and retrieve inspection records, inventory data, and related documentation
• Reporting and Analytics: To generate inspection reports, progress dashboards, and analytics for healthcare facilities
• Communication: To send notifications about inspection submissions, approvals, and system updates (including ICRA approval notifications)
• Compliance: To maintain audit trails, track inspection histories, and support regulatory compliance requirements
• Data Export: To enable data export functionality including PDF report generation and Excel exports
• Security: To detect, prevent, and address technical issues, unauthorized access, and security threats

4. Data Storage and Security

4.1 Storage Infrastructure

Your data is stored using Supabase, a secure cloud-based platform that provides:

• PostgreSQL database hosted on secure, encrypted servers
• Row-Level Security (RLS) policies to restrict access to data based on user roles and hospital assignments
• Encrypted data transmission using TLS/SSL protocols
• Secure file storage for inspection images and PDF documents

4.2 Access Controls

We implement strict access controls:

• Role-based access control ensuring users only access data for hospitals where they are assigned
• User authentication through secure authentication providers
• Session management and automatic token refresh
• Audit logging of data access and modifications

4.3 Data Protection Measures

We employ industry-standard security measures to protect your data:

• Encryption of data at rest and in transit
• Regular security assessments and updates
• Secure password policies and password reset procedures
• Backup and disaster recovery procedures

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Authorized Users: Your inspection data is accessible to other authorized users within the same healthcare facility based on their role assignments
• Service Providers: We may share data with trusted service providers (such as Supabase) who assist in operating our Service, subject to confidentiality agreements
• Legal Requirements: We may disclose information if required by law, court order, or government regulation, or to protect our rights and the safety of users
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction

6. Your Rights and Choices

You have certain rights regarding your personal information:

• Access: You can access your account information and inspection data through the Service
• Correction: You can update your account information and edit inspection records where you have appropriate permissions
• Deletion: You may request deletion of your account and associated data, subject to legal and operational requirements
• Export: You can export your inspection data in various formats (Excel, PDF) for your records
• Opt-Out: You can disable account access by contacting your system administrator

To exercise these rights, please contact us at matt.anderson@agilisinc.com or through your system administrator.

7. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations. Specifically:

• Inspection records and inventory data are retained to support ongoing inspection management and regulatory compliance
• Account information is retained while your account is active and for a reasonable period after account closure
• Audit logs and transaction records may be retained for extended periods for compliance and security purposes
• You may request deletion of specific records subject to operational and legal requirements

8. Children's Privacy

Our Service is designed for use by healthcare professionals and authorized personnel of healthcare facilities. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected such information, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this Privacy Policy
• Notifying you via email or through the Service for significant changes

Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

11. Healthcare Data Compliance

While this Service may be used to manage inspection data related to healthcare facilities, we operate as a software service provider. Healthcare facilities using this Service are responsible for ensuring compliance with applicable healthcare data regulations, including but not limited to:

• HIPAA (Health Insurance Portability and Accountability Act) in the United States
• Other applicable federal, state, and local healthcare privacy and security regulations

We provide technical and organizational measures to support your compliance efforts, but you are responsible for ensuring that your use of the Service complies with all applicable laws and regulations.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: