Privacy Policy

TrueSignal Health is designed to surface verified operating data for healthcare organizations without exposing protected health information. This Privacy Policy explains what data we access, how we use it, and the steps we take to protect it.

How We Access Your Data

TrueSignal Health connects to your organization's systems (such as EHR platforms, practice management software, credentialing databases, and financial systems) through authenticated, read-only API connections. We use industry-standard OAuth protocols. TrueSignal never receives, stores, or handles your system login credentials.

Once connected, we access organizational operating data including:

• Aggregate patient encounter volumes and case mix distribution
• Provider credentialing and board certification status
• Facility accreditation and licensing records
• Payer mix and reimbursement composition
• Operational capacity metrics (beds, locations, specialties)

What We Do Not Collect

TrueSignal Health does not collect, process, or store Protected Health Information (PHI) as defined by HIPAA. This includes:

• Patient names, addresses, or contact information
• Individual medical records, diagnoses, or treatment details
• Insurance policy or claims-level data
• Social Security numbers or other personal identifiers
• Individual billing or payment records

All data accessed is aggregate, organizational-level operating data. If PHI is inadvertently encountered through a data connection, it is not used in metric calculations or publication and is handled in accordance with applicable law.

How We Use Your Data

The organizational operating data we access is used to:

• Compute verified operating metrics (such as patient encounter volumes, provider counts, accreditation status, and case mix distribution)
• Publish those metrics on your TrustRecord at trustrecord.com
• Structure your verified data in machine-readable formats for AI and search systems
• Refresh your metrics on a regular cadence to maintain accuracy
• Develop and improve TrueSignal's proprietary models for metric accuracy and normalization

We do not sell, rent, or share your organizational data with third parties.

Aggregated data. TrueSignal may retain and use aggregated or anonymized data derived from organizational operating data for analytics, benchmarking, and product improvement, provided such data does not identify your organization.

What You Control

You choose which categories of verified metrics appear on your TrustRecord. You may hide specific categories at any time through your dashboard. Hidden metrics are not published, not included in your TrustRecord, and not available to AI systems.

You may disconnect your data sources at any time. You may also request that your TrustRecord be unpublished and your data deleted by contacting us.

TrustRecords and Public Publication

When you activate your TrustRecord, the metrics you choose to publish become publicly accessible at your TrustRecord URL on trustrecord.com. This data is intentionally structured to be readable by AI systems, search engines, and other automated platforms.

Published TrustRecord data includes only the verified metrics you have chosen to display. It never includes raw organizational data, patient information, or financial details.

Data Ownership

• You retain full ownership of all data you provide to or make accessible to TrueSignal
• TrueSignal processes your data only for the purposes stated in this policy
• You may request deletion of your data at any time

We may retain certain information for a reasonable period where required for legal, accounting, fraud prevention, security, or compliance purposes.

Security

We follow industry-standard practices to protect your data:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Read-only API connections. TrueSignal cannot modify your systems.
• Access controls based on least-privilege principles
• Continuous monitoring for vulnerabilities
• Regular reviews of our security protocols

Third-Party Services

TrueSignal uses third-party services for payment processing (Stripe), hosting, and analytics. These providers have their own privacy policies. TrueSignal does not share your organizational operating data with these providers beyond what is necessary for their function.

Your Rights

You may:

• View, update, or remove your organizational data at any time
• Control which metrics are publicly visible on your TrustRecord
• Disconnect your data sources
• Request deletion of your data and unpublication of your TrustRecord
• Contact us at health@usetruesignal.com for any privacy-related requests

Depending on your jurisdiction, you may have additional rights under applicable data protection laws. We will respond to verified requests in accordance with applicable law.

Policy Updates

We may update this Privacy Policy as our services evolve. If material changes are made, we will notify you directly via the email address associated with your account.

Contact

For questions about this Privacy Policy, contact: health@usetruesignal.com