Privacy Policy

1. Introduction

eKlotho Inc. ("eKlotho," "we," "us," or "our") operates the eKlotho Nexus healthcare administration platform (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you access or use the Platform.

The Platform is a business-to-business solution designed for Independent Practice Associations (IPAs), Accountable Care Organizations (ACOs), and their affiliated providers. Access is restricted to authorized personnel of contracted organizations.

2. Information We Collect

Account and Authentication Data

We collect information you provide when creating or managing accounts, including name, email address, job title, organizational affiliation, and credentials necessary to authenticate your identity.

Usage and Activity Data

We log access events, page views, API calls, and actions performed within the Platform for security monitoring, audit trail requirements, and operational analytics. Logs include timestamps, IP addresses, session identifiers, and the nature of actions taken.

Protected Health Information (PHI)

As a HIPAA Business Associate, eKlotho processes PHI on behalf of Covered Entities pursuant to executed Business Associate Agreements (BAAs). PHI processed through the Platform is governed by the terms of applicable BAAs and our HIPAA Notice, not this Privacy Policy.

3. How We Use Information

We use collected information to:

• Authenticate users and maintain secure session management
• Provide and operate the Platform features and services
• Maintain audit logs required by HIPAA and applicable regulations
• Monitor for security threats and unauthorized access
• Provide customer support and respond to inquiries
• Improve Platform functionality and user experience
• Comply with legal obligations and regulatory requirements

4. Disclosure of Information

We do not sell, rent, or trade your personal information. We may disclose information in the following circumstances:

• To your employing or contracting organization as required for administrative operations
• To service providers acting on our behalf under data processing agreements
• To comply with applicable law, regulation, legal process, or enforceable governmental request
• To protect the rights, property, or safety of eKlotho, our clients, or others
• In connection with a merger, acquisition, or sale of assets, with appropriate notice

5. Data Security

We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. These include TLS encryption in transit, AES-256 encryption at rest, role-based access controls, multi-factor authentication capabilities, and continuous security monitoring.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain account and usage data for the duration of the contractual relationship and for a period thereafter as required by applicable law, HIPAA retention requirements, and our contractual obligations. Audit logs are retained for a minimum of six (6) years in accordance with HIPAA requirements.

7. Your Rights

Subject to applicable law, you may have the right to access, correct, or request deletion of personal information we hold about you. To exercise these rights, contact your organization's administrator or reach us at the address below. Note that certain information may be retained as required by law or legitimate business purposes.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy with a revised "Last updated" date. Continued use of the Platform after changes constitutes acceptance of the revised policy.

9. Contact Us

For questions about this Privacy Policy or our data practices, contact: