Privacy Policy

Last Updated: December 20, 2024

Introduction

Tenyla Schedule ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our scheduling and practice management platform designed for home health therapists.

As a healthcare technology provider, we take our responsibilities under HIPAA (Health Insurance Portability and Accountability Act) seriously and implement appropriate safeguards to protect Protected Health Information (PHI).

Information We Collect

Account Information

  • Email address and password (for authentication)
  • Name and professional credentials
  • Phone number (optional)
  • Professional practice information

Patient Information

  • Patient pseudonyms (we encourage minimal identifying information)
  • Appointment details and scheduling information
  • Service addresses for scheduling and routing purposes
  • Phone numbers (for SMS confirmations, if enabled)

Usage Data

  • Log data (IP addresses, browser type, access times)
  • Device information
  • Feature usage and interaction data

How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Tenyla Schedule platform
  • Send appointment confirmations and en-route notifications via SMS
  • Calculate travel times and mileage for your appointments
  • Generate mileage reports for reimbursement purposes
  • Improve and optimize our services
  • Communicate with you about your account and our services
  • Ensure security and prevent fraud
  • Comply with legal obligations

HIPAA Compliance

Tenyla Schedule functions as a Business Associate under HIPAA. We implement administrative, physical, and technical safeguards to protect Protected Health Information (PHI):

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Access controls and authentication mechanisms to prevent unauthorized access
  • Regular security audits and monitoring
  • Secure backup and disaster recovery procedures
  • Staff training on HIPAA compliance requirements
  • Business Associate Agreements (BAAs) with applicable service providers

We will execute a Business Associate Agreement with covered entities and healthcare providers using our platform as required under HIPAA.

Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

Service Providers

We work with third-party service providers who perform services on our behalf, including:

  • Cloud hosting and infrastructure (Vercel, Supabase) - under BAA
  • SMS delivery services (Telnyx) - under BAA
  • Mapping and routing services (Mapbox) - aggregated, de-identified data only

Legal Requirements

We may disclose information when required by law, such as in response to subpoenas, court orders, or regulatory requests.

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. You may request deletion of your account and associated data at any time by contacting us. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Your Rights

Under HIPAA and applicable privacy laws, you have the right to:

  • Access your personal information
  • Request corrections to your personal information
  • Request deletion of your account and data
  • Receive an accounting of disclosures
  • Opt out of SMS communications
  • Receive a copy of your data in a portable format

To exercise these rights, please contact us at the information provided below.

Security Measures

We implement industry-standard security measures to protect your information, including:

  • End-to-end encryption for data transmission
  • Encrypted database storage
  • Multi-factor authentication options
  • Regular security assessments and penetration testing
  • Secure coding practices and code reviews
  • Incident response procedures

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Children's Privacy

Tenyla Schedule is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Tenyla Schedule
c/o Spruce Ridge Partners
Email: nick@spruceridgepartners.com