Privacy Policy
Last updated: March 2, 2026
GuardWell Compliance LLC (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare compliance management platform at app.gwcomp.com (“Service”).
1. Information We Collect
1a. Information You Provide
- Account information: Name, email address, job title, and password when you register.
- Practice information: Practice name, NPI number, specialty, state, address, team size, EHR system, and other onboarding details.
- Team member information: Names, email addresses, departments, and roles of staff members you invite to the platform.
- Compliance data: Checklists, policy acknowledgments, training completion records, incident reports, risk assessment responses, and other compliance documentation you create within the Service.
- Payment information: Billing details processed securely through our payment processor (Stripe). We do not store full credit card numbers.
- Communications: Messages you send to our support team.
1b. Information Collected Automatically
- Usage data: Pages visited, features used, actions taken, and time spent in the Service.
- Device and browser information: IP address, browser type, operating system, and device identifiers.
- Log data: Server logs recording your interactions with the Service.
- Cookies and similar technologies: Session cookies required for authentication and functionality. We do not use tracking cookies for advertising.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service.
- Process your subscription and manage your account.
- Send transactional emails (account setup, billing receipts, compliance reminders).
- Generate AI-powered compliance content tailored to your practice profile (specialty, state, practice type).
- Respond to support requests and customer service inquiries.
- Analyze usage patterns to improve features and user experience.
- Detect and prevent fraud, abuse, or security incidents.
- Comply with legal obligations.
We do not sell your personal information to third parties. We do not use your compliance data to train AI models without your explicit consent.
3. Third-Party Service Providers
We share information with trusted third-party providers who help us operate the Service. These providers are contractually obligated to protect your information and may only use it to perform services on our behalf:
| Provider | Purpose |
|---|---|
| Firebase Authentication (Google Cloud) | User authentication and identity management |
| Stripe | Payment processing and subscription billing |
| Google Cloud SQL (PostgreSQL) | Secure database hosting for your compliance data |
| Anthropic (Claude AI) | AI-powered content generation (training courses, policy assistance) |
| Google Cloud Run | Application hosting and serverless compute |
| Google Cloud Storage | Secure file storage for uploaded documents and evidence |
| Amazon Web Services (SES) | Transactional email delivery (reminders, receipts, notifications) |
4. Protected Health Information (PHI)
GuardWell Compliance is a compliance management tool, not a clinical system. We strongly discourage entering actual patient protected health information (PHI) — such as patient names, dates of birth, medical record numbers, or diagnosis codes — into the Service unless you have an executed Business Associate Agreement (BAA) with us.
Our compliance checklists, incident reports, and risk assessments are designed to be completed using de-identified or hypothetical examples. If your workflows require PHI storage, please review and accept our BAA at app.gwcomp.com/settings/baa before uploading any PHI. You may also contact us at support@gwcomp.com with any questions about our BAA.
5. Data Security
We implement industry-standard security measures to protect your information, including:
- Encryption of data in transit (TLS/HTTPS) and at rest.
- Role-based access controls limiting data access within your practice.
- Secure authentication via Firebase Authentication, supporting multi-factor authentication.
- Regular security reviews and monitoring for unauthorized access.
No method of electronic transmission or storage is 100% secure. In the event of a data breach affecting your information, we will notify you as required by applicable law.
6. Data Retention
We retain your account and compliance data for as long as your account is active or as needed to provide the Service. If you cancel your subscription, we retain your data for 90 days to allow for reactivation or export, after which it is deleted from our systems. You may request deletion at any time by contacting support.
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate information.
- Deletion: Request deletion of your personal information.
- Portability: Request an export of your compliance data in a machine-readable format.
- Opt-out: Opt out of non-essential communications at any time via your account settings or the unsubscribe link in emails.
To exercise any of these rights, contact us at support@gwcomp.com. We will respond within 30 days.
8. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of your personal information. We do not sell personal information.
To submit a CCPA request, contact us at support@gwcomp.com.
9. Children's Privacy
The Service is intended for use by healthcare professionals and businesses. We do not knowingly collect personal information from individuals under 18 years of age. If you believe a minor has provided us with personal information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice in the Service at least 14 days before changes take effect. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
GuardWell Compliance LLC
Email: support@gwcomp.com