Privacy Policy
Effective Date: July 2, 2026 Last Updated: July 2, 2026
This Privacy Policy explains how Quaspar Inc. ("Quaspar," "we," "us") collects, uses, and shares personal information when you visit our website, create an account, or use our prior authorization automation services (the "Services").
A note on patient data (PHI): When healthcare practices use the Services to process patient information, Quaspar acts as a Business Associate under HIPAA and processes Protected Health Information ("PHI") on behalf of the practice under a Business Associate Agreement (BAA). PHI is governed by the BAA and the practice's own privacy notices — not this Privacy Policy. Patients seeking information about their health records should contact their healthcare provider directly. This Policy covers the personal information described below, such as account, website, and business contact data.
1. Information We Collect
Information you provide:
- Account information: name, work email, practice name, role, phone number, password (stored hashed).
- Business and billing information: practice address, NPI or organizational identifiers, payment details (processed by our payment processor; we do not store full card numbers).
- Communications: messages you send us, support requests, demo and sales inquiries, survey responses.
Information collected automatically:
- Usage data: features used, pages viewed, actions taken in the app and browser extension, timestamps.
- Device and log data: IP address, browser type, operating system, device identifiers, error logs.
- Cookies and similar technologies, as described in our Cookie Policy.
Information from third parties:
- Publicly available professional information (e.g., NPI registry data) used to verify practices.
- Information from service providers such as analytics and payment processors.
2. How We Use Information
We use personal information to:
- Provide, operate, secure, and maintain the Services;
- Set up and manage accounts, authenticate users, and provide support;
- Process payments and manage subscriptions;
- Monitor performance, debug issues, and improve the Services;
- Communicate with you about the Services, including security, product, and billing notices;
- Send marketing communications where permitted (you can opt out at any time);
- Detect, investigate, and prevent fraud, abuse, and security incidents;
- Comply with legal obligations and enforce our agreements.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
3. How We Share Information
We share personal information only with:
- Service providers (subprocessors) that host and support the Services under contractual confidentiality and security obligations — for example, cloud infrastructure (Google Cloud), database and authentication services (Supabase), healthcare data clearinghouses used for eligibility and transaction processing, payment processors, and analytics providers. A current subprocessor list is available on request at support@quaspar.com.
- Professional advisors such as lawyers, auditors, and insurers where necessary.
- Authorities when required by law, subpoena, or legal process, or to protect rights, safety, and security.
- A successor entity in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
4. Data Security
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS 1.2+) and at rest, role-based access controls, audit logging, and least-privilege access. See our Security Overview for details. No system is perfectly secure; please use strong, unique passwords and protect your credentials.
5. Data Retention
We retain personal information for as long as your account is active or as needed to provide the Services, comply with legal obligations (including healthcare record-keeping requirements applicable to us), resolve disputes, and enforce agreements. When no longer needed, information is deleted or de-identified. PHI retention and return/destruction are governed by the BAA.
6. Your Rights and Choices
Depending on your state of residence, you may have rights to access, correct, delete, or obtain a copy of your personal information, and to opt out of certain processing. To exercise these rights, contact support@quaspar.com. We will verify your request and respond within the time required by applicable law. We will not discriminate against you for exercising your rights. You may appeal a denial by replying to our decision.
Marketing emails include an unsubscribe link. Transactional and security emails are sent as needed to operate the Services.
7. Cookies
See our Cookie Policy for details on the cookies we use and your choices.
8. Children
The Services are business tools for healthcare professionals and are not directed to children. We do not knowingly collect personal information from anyone under 18 through our website or account systems. Patient information, including any pediatric patient data handled on behalf of practices, is processed only as PHI under a BAA.
9. International Users
The Services are operated from the United States and intended for U.S. customers. If you access the Services from outside the U.S., you understand your information will be processed in the U.S.
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be posted on this page with an updated effective date, and where required we will provide additional notice. Continued use of the Services after changes take effect constitutes acceptance.
11. Contact Us
Quaspar Inc. Chicago, Illinois Email: support@quaspar.com