Privacy

Privacy Policy

Effective Date: November 4, 2025

This Privacy Policy explains how SDRG, LLC (“we,” “us,” or “our”) collects, uses, and protects information when you use the Health FormPilot website, mobile application, and related services (the “Service”).

Company: SDRG, LLC

Contact: info@sdrg-us.com

Privacy Policy URL: https://sdrg-us.com/privacy

Terms of Service: https://sdrg-us.com/terms

1) Scope

– This Policy applies to information we collect through the Service and from direct communications with you.

– By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

2) What We Collect

We collect information that you provide directly and information collected automatically to operate and secure the Service.

a) Information You Provide

– Account information: name, email, password.

– Profile details you choose to provide (e.g., display name).

– Documents and files you upload (e.g., insurance forms, medical records, bills, supporting documents).

– Support requests and communications.

b) Information Collected Automatically

– Device and usage information necessary for security and operations (e.g., IP address, device type, app version, basic diagnostic logs).

– We do NOT use in-app analytics or advertising trackers. We do NOT use Crashlytics.

3) Sources of Information

– Directly from you (account creation, uploads, support requests).

– From your device (security and operational data).

– From service providers you choose to use (e.g., Google Sign-In).

4) How We Use Information

We use information to:

– Provide and operate the Service, including account creation, authentication, storage, and retrieval of your uploads.

– Maintain security, prevent fraud and abuse, and enforce our Terms.

– Respond to support requests and communicate about the Service.

– Comply with legal obligations.

Legal bases for processing (for users in the EEA/UK):

– Contract: to provide the Service you request.

– Consent: where required (e.g., certain optional features).

– Legitimate interests: to secure, maintain, and improve the Service.

– Legal obligations: to comply with applicable laws.

5) Data Storage and Architecture

– We use HIPAA-eligible Firebase services: Authentication, Firestore, and Storage. Cloud Functions may be enabled for future use but none are currently deployed for PHI processing.

– Firestore stores user profiles. Storage stores user uploads.

– Data is encrypted in transit (TLS) and at rest.

– We implement least-privilege, owner-only access via security rules. In addition to SDRG, access to PHI is restricted to the authenticated owner unless you explicitly share it.

6) Third Parties and Sharing

We do not sell your personal information and do not share it for cross-context behavioral advertising.

We share information only as needed to operate the Service:

– Service Providers: Google Firebase (Authentication, Firestore, Storage), Google Sign-In (if you choose to use it).

– Legal: To comply with laws, regulations, legal processes, or enforceable governmental requests; to enforce our Terms; to protect rights, property, or safety.

– Business Transfers: In connection with a merger, acquisition, financing, or sale of assets (we will take steps to require the recipient to honor this Policy).

7) Cookies and Tracking

– We do not use third-party advertising cookies or analytics SDKs in the app.

– Our website may use strictly necessary cookies or similar technologies for site functionality and security.

8) Data Retention

– We retain personal information as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

– You may request deletion of your account and data from within the app (Settings → Delete Account). Some data (e.g., backups or logs) may persist for a limited period for security, continuity, and legal reasons.

9) Your Rights

Depending on your location, you may have rights to:

– Access, correct, or delete your information.

– Port your data, or restrict/oppose certain processing.

– Withdraw consent where processing is based on consent.

– Appeal or lodge a complaint with a supervisory authority.

Requests: Contact us at info@sdrg-us.com. We may need to verify your identity to protect your information.

CCPA/CPRA (California)

– We do not “sell” or “share” personal information as defined by the CPRA.

– You have the right to know, delete, correct, and to not be discriminated against for exercising your rights.

10) Children’s Privacy

– The Service is not directed to users under 18, and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact us and we will take appropriate steps to delete it.

11) Security

– We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest and restricted access controls.

– No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

12) International Transfers

– We may process and store information in the United States and other countries. These locations may have different data protection laws than your jurisdiction. Where required, we implement appropriate safeguards for international transfers.

13) Changes to This Policy

– We may update this Policy from time to time. If we make material changes, we will post the updated Policy and update the Effective Date above. Your continued use of the Service after changes become effective constitutes acceptance.

14) Contact Us

– For questions or requests about this Policy or your information, contact: info@sdrg-us.com

– Privacy Policy URL: https://sdrg-us.com/privacy

– Terms of Service: https://sdrg-us.com/terms

Scroll to Top