Privacy Policy - Juno Health

Company Name: Alpyne Labs, Inc.

At Alpyne Labs, Inc. (“Alpyne Labs,” “Company,” “we,” “us,” or “our”), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our administrative assistance services, including our website, web application, and Chrome extension (collectively, the “Service”).

Relationship to Other Agreements: This Privacy Policy should be read in conjunction with our Master Services Agreement and Business Associate Agreement. Our Master Services Agreement contains additional provisions regarding data ownership, data usage rights, and our respective obligations. In the event of any conflict between this Privacy Policy and the Master Services Agreement regarding data handling, the Master Services Agreement controls.

By using the Service, you agree to the terms of this Privacy Policy.

1. Information We Collect

a. Information You Provide

We collect personal information you provide when signing up, using the Service, or contacting support. This may include:

Name and contact information
Practice information
Professional credentials and licenses
Insurance and billing information
Tasks, messages, or content you submit through the Service
Customer Data, including Protected Health Information submitted in connection with the services you request

b. Automatically Collected Information

We use tools such as cookies and local storage, and we may use analytics tools, to collect:

Log and device data (browser type, device identifiers, IP address, timestamps)
Usage and interaction data (pages viewed, features used, clicks, referrals)
Identifiers stored in cookies or local storage (analytics identifiers, attribution identifiers)
Marketing attribution data (UTM parameters)

We may use Google Analytics, Mixpanel, and HubSpot (including HubSpot cookies and tracking scripts) to understand how people use our marketing website and to measure marketing attribution. We also use cloud infrastructure services (such as authentication and database services) to provide and operate the Service.

c. Cookies and Similar Technologies

We and our service providers may use cookies, local storage, and similar technologies to operate the Service, remember your preferences, measure performance, and understand marketing attribution. For example:

Analytics identifiers: We may store identifiers in local storage to help recognize a browser across visits for analytics purposes
Attribution cookies: HubSpot may set cookies such as hubspotutk to attribute form submissions to marketing visits
UTM storage: We may persist UTM parameters in local storage so that attribution is retained across pages

You can control cookies and local storage through your browser settings. If you disable cookies or local storage, some features may not function properly.

2. How We Use Your Information

We use your information to:

Operate, maintain, and improve the Service
Fulfill tasks you initiate via the Service
Respond to inquiries and provide support
Monitor and analyze usage of the Service and our website
Measure marketing performance and attribution
Communicate updates, administrative messages, and billing information
Protect the security and integrity of the Service
Comply with legal obligations

Processing by Personnel

We employ certified medical billing professionals and other trained personnel who access and review Customer Data, including Protected Health Information, to perform the services you request. These personnel:

Process insurance claims and billing submissions
Verify insurance eligibility and benefits
Manage claim denials and appeals
Complete credentialing applications and attestations
Provide scheduling and administrative support
Generate clinical documentation based on your dictation
Provide customer support and technical assistance

All such personnel are subject to:

Strict confidentiality obligations under our Business Associate Agreement
HIPAA training and compliance requirements
Role-based access controls limiting access to only the data necessary to perform their duties

This human review is an integral part of our Service and occurs across all service modules.

2A. Aggregated and Anonymized Data

We create Aggregated Data by combining information from multiple customers in a way that does not identify any specific customer, user, or individual. We create Anonymized Data by removing or altering information such that it cannot reasonably be used to identify a specific customer, user, or individual, taking into account reasonably available means of re-identification.

We use Aggregated Data and Anonymized Data for various business purposes, including:

Operating, analyzing, and improving the Service
Training and refining artificial intelligence models and algorithms to enhance Service accuracy and effectiveness, including improving claim denial predictions, optimizing billing workflows, and developing new features
Developing new products, features, and services
Conducting research and analytics regarding healthcare administration and billing practices
Marketing our services and communicating industry insights

Important Clarifications:

These uses may continue during and after termination of your subscription
Aggregated Data and Anonymized Data do not constitute Protected Health Information under HIPAA once properly de-identified in accordance with applicable standards
Data used for artificial intelligence training is de-identified such that it cannot reasonably identify you, your practice, your Authorized Users, or any individual patients
You have the right to opt out of our use of your data for AI model training, as described in Section 6 below

3. Protected Health Information and Business Associate Agreement

The Service is designed to support administrative tasks in therapy practices, including those involving Protected Health Information (PHI).

Business Associate Agreement Requirement

All customers execute our Business Associate Agreement (BAA) simultaneously with accepting our Master Services Agreement. The BAA governs our handling of all Protected Health Information submitted through the Service. The BAA is incorporated into our Master Services Agreement.

Our Commitment

We will only access, store, or process PHI in accordance with the terms of the Business Associate Agreement and HIPAA requirements. We maintain administrative, technical, and physical safeguards designed to protect PHI in accordance with the HIPAA Security Rule.

Marketing Forms

Do not submit PHI through marketing forms (such as demo requests or waitlist forms). These forms may be processed by third parties (e.g., HubSpot) and are not intended for PHI.

4. How We Share Information

We do not sell your personal data or Protected Health Information. We may share your information:

With service personnel: With certified medical billing professionals, support staff, and other personnel who perform services on your behalf, all of whom are subject to confidentiality obligations, access controls, and HIPAA requirements as described in Section 2 above
With service providers: With third-party vendors that help us operate the Service, including cloud hosting, infrastructure, analytics, customer relationship management, and communications providers
As you direct: When you ask us to share information or integrate with a third-party service
For legal reasons: As required by law, legal process, or governmental request
Business transfers: In connection with a merger, acquisition, financing, or sale of all or a portion of our business or assets

Examples of service providers we may use include cloud infrastructure providers, Google Analytics, Mixpanel, and HubSpot. These providers process data according to their own privacy policies.

Protection of PHI

We do not disclose PHI to vendors that do not have a Business Associate Agreement with us. We have Business Associate Agreements in place with all service providers who may access, store, process, or transmit PHI on our behalf.

5. Data Security

We implement reasonable administrative, technical, and organizational measures designed to safeguard your data, including:

Encryption in transit and, where appropriate, encryption at rest
Secure authentication and access controls
Restricted access to systems and data based on role and need
Monitoring and periodic security reviews
Workforce training on privacy and security obligations

The Service is designed to support HIPAA compliance when used appropriately and in accordance with our Business Associate Agreement. No system is one hundred percent (100%) secure, and we cannot guarantee absolute security.

6. Your Choices and Rights

You may:

Access, update, or delete your account information
Request a copy of your stored data
Opt out of certain marketing communications

To exercise these rights, contact us at info@alpynelabs.com

Opt-Out of AI Model Training

You may opt out of our use of Anonymized Data derived from your Customer Data for purposes of training and improving artificial intelligence models and algorithms by sending a written request to info@alpynelabs.com.

If you opt out:

We will not use data derived from your account to train or improve AI models
This will not affect our ability to provide the Service to you
We may still use Aggregated Data and Anonymized Data from your account for other business purposes, including operating the Service, developing features, and conducting research
Some features or improvements may not be available to you if they rely on AI models trained using customer data

Your opt-out request will take effect within thirty (30) days of our receipt of your request.

Analytics and Cookie Controls

You can manage cookies and local storage through your browser settings. You may also be able to opt out of certain analytics:

Google Analytics: You can use the Google Analytics opt-out browser add-on available from Google
Mixpanel: Mixpanel offers opt-out mechanisms; you can also block third-party scripts via browser settings or extensions
HubSpot: HubSpot cookies may be managed through your browser settings and any HubSpot cookie banner controls when shown

Some browsers offer a “Do Not Track” signal. We respect browser privacy controls and settings where technically feasible.

State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or another state with comprehensive privacy legislation, you may have additional rights, including:

Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information, subject to certain exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: Opt out of the “sale” or “sharing” of personal information for targeted advertising

To exercise these rights, contact us at info@alpynelabs.com. We do not sell or share Customer Data or Protected Health Information for monetary consideration or for cross-context behavioral advertising purposes.

7. Data Retention

We retain Customer Data for the duration of your subscription and thereafter as necessary to:

Fulfill our obligations under our Master Services Agreement and Business Associate Agreement
Comply with legal and regulatory requirements, including medical billing and healthcare record retention requirements (which may extend up to seven years or longer under federal and state law)
Resolve disputes and enforce our agreements
Maintain reasonable backup and archival copies for operational and security purposes

Upon your request or termination of your subscription, we will delete Customer Data from active production systems within a reasonable period (typically sixty days), subject to our legal retention obligations and the requirements of the Business Associate Agreement.

Data retained in backup systems or for legal compliance purposes will remain subject to our confidentiality and security obligations for the duration of such retention.

8. Third-Party Services

We rely on third-party services to operate the Service and our website. Depending on how you use the Service, these may include:

Cloud infrastructure and hosting providers
Google Analytics: Google Privacy Policy
Mixpanel: Mixpanel Privacy Policy
HubSpot (forms and marketing attribution): HubSpot Privacy Policy
Payment processors
Email and communication service providers

These third parties may collect and process data according to their own privacy policies. If you use third-party integrations, their terms and privacy policies will also apply.

9. International Data Transfers

We provide services exclusively to customers in the United States and process all data within the United States. We may use service providers that operate in other jurisdictions, but all data processing occurs in accordance with our contractual requirements and applicable law.

10. Children's Privacy

The Service is intended for use by licensed mental health professionals, practice managers, and other healthcare providers, not by individual consumers or minors. We do not knowingly collect personal information directly from individuals under eighteen (18) years of age.

The Service may process Protected Health Information relating to minor patients as part of providing services to healthcare providers, but such processing occurs under the Business Associate Agreement and HIPAA requirements, not through direct collection from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice, such as by email, in-product notification, or by posting an updated policy with a new effective date.

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

For any questions or concerns about this Privacy Policy or our privacy practices, contact:

Alpyne Labs, Inc.
Email: info@alpynelabs.com
Address: King County, Washington, United States