Privacy Policy

Splintech LLC — Effective Date: April 2026

Splintech LLC (“Splintech,” “we,” “our,” or “us”) respects your privacy and is committed to protecting the information you provide through our website.

This Privacy Policy explains how we collect, use, disclose, and protect information submitted through our website, including provider referrals and 3D scan uploads. Because Splintech receives patient-related data from healthcare providers, this Policy also addresses our obligations under the Health Insurance Portability and Accountability Act (“HIPAA”) and applicable state privacy laws.

1. Information We Collect

We may collect the following types of information:

a. Personal and Contact Information

  • Name of referring provider
  • Email address and/or phone number
  • Any information voluntarily submitted through contact forms

b. Patient-Related Information (Submitted by Providers)

  • Limited patient identifiers (e.g., initials or internal ID)
  • Age or general demographic information
  • Diagnosis or procedure information
  • Uploaded files (e.g., STL, OBJ, or related scan data)

Providers should submit only the minimum information needed for Splintech to perform the requested services and should not include unnecessary patient identifiers.

c. Usage Data and Cookies

We may collect non-identifiable information about how users interact with our website, such as browser type, operating system, pages visited, and time spent on pages. Some of this data is collected through cookies or similar tracking technologies, including those used by third-party analytics services such as Google Analytics.

You can control or disable cookies through your browser settings. Disabling cookies may affect certain website features.

2. How We Use Information

We use the information we collect to:

  • Respond to inquiries and communicate with referring providers
  • Design, fabricate, and deliver custom splints
  • Coordinate care and services with referring providers
  • Improve website functionality and user experience

We do not use submitted information for marketing purposes without prior consent.

3. HIPAA Compliance and Protected Health Information

Splintech receives patient-related information from healthcare providers in order to design and fabricate custom splints. Where that information qualifies as Protected Health Information (“PHI”) under HIPAA, Splintech functions as a Business Associate of the referring provider.

We maintain Business Associate Agreements (“BAAs”) with referring providers as required by HIPAA. Those agreements govern how Splintech handles, stores, and safeguards PHI.

PHI submitted through our upload forms is stored using encrypted services provided by Google Workspace, which operates under a BAA with Splintech. Access to PHI is limited to authorized personnel and is used only for the purposes described in this Policy and in the applicable BAA.

Referring providers are responsible for obtaining any necessary patient consents or authorizations before submitting PHI through our website.

4. Consent

By submitting information through our website, you consent to the collection, use, and disclosure of that information as described in this Policy. If we need to use your information for a purpose not covered here, we will obtain your consent first where required by law.

You may withdraw your consent at any time by contacting us at the address listed in Section 14. Withdrawal does not affect any processing that occurred before the request was received.

5. Data Sharing

We do not sell or rent personal or patient information.

We may share information in the following limited circumstances:

  • With service providers that support our operations (e.g., cloud storage), under appropriate agreements including BAAs where PHI is involved
  • When required by law, regulation, or legal process
  • To protect the rights, safety, or property of Splintech or others

6. Data Security

We maintain administrative, technical, and physical safeguards designed to protect the confidentiality and integrity of information submitted through our website. These include encryption of data in transit and at rest, role-based access controls, and periodic review of our security practices. Where PHI is involved, our safeguards are designed to meet the requirements of the HIPAA Security Rule.

That said, no method of electronic transmission or storage is entirely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain information as follows:

  • Patient-related data and uploaded scan files are retained for the duration of the provider relationship and for a defined period after services are completed, unless a longer period is required by law
  • Provider contact information is retained for the duration of the relationship and for a reasonable period afterward for recordkeeping purposes
  • Usage and analytics data is retained in aggregate or de-identified form and deleted when no longer useful for website improvement

When information is no longer needed, it is securely deleted or de-identified.

8. Data Breach Notification

If a breach of unsecured PHI occurs, Splintech will notify the affected referring provider without unreasonable delay and no later than sixty (60) days after discovery, in accordance with the HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414). We will also comply with applicable state breach notification laws, which may impose additional or shorter notification timelines.

Notifications will describe the nature of the breach, the types of information involved, and the steps being taken to investigate and mitigate it.

9. Your Rights

Depending on applicable law, you may have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information, subject to retention requirements
  • Receive an accounting of certain disclosures of PHI under HIPAA

Additional rights may apply under state privacy laws such as the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.) or similar statutes in other jurisdictions, if and when Splintech meets the applicability thresholds of those laws.

To exercise any of these rights, submit a written request using the contact information in Section 14. We will verify your identity and respond within the timeframe required by the applicable law, typically thirty to forty-five days. If we cannot fulfill a request, we will explain why in writing.

10. Children’s Privacy

Our website is not directed to children under thirteen. We do not knowingly collect personal information directly from children. Where a provider submits patient data pertaining to a minor, that submission is made in the provider’s capacity as a HIPAA-covered entity and is governed by the applicable BAA.

If we learn that we have collected personal information directly from a child under thirteen without proper consent, we will delete that information promptly.

11. Third-Party Services

Our website uses third-party platforms for hosting, analytics, and cloud storage. These services may collect limited technical data such as IP addresses and browser information as part of normal operations. Where a third-party provider handles PHI on our behalf, we maintain a BAA with that provider.

We are not responsible for the privacy practices of third-party websites or services and encourage you to review their policies independently.

12. Disclaimer

Splintech is not responsible for the accuracy or completeness of information submitted by referring providers. Providers are solely responsible for ensuring that patient information they submit is accurate and limited to what is necessary for the requested services.

This Policy does not create any contractual or legal rights independent of the BAA between Splintech and the referring provider.

13. Changes to This Policy

We may update this Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will make reasonable efforts to notify registered providers by email. Continued use of the website after changes are posted constitutes acceptance of the updated Policy.

14. Contact Information

If you have questions about this Policy or wish to exercise any of your rights, please contact:

Splintech LLC
Email: zach@splintech.com
Website: https://splintech.com

Precision-crafted splints designed by a Certified Hand Therapist.

201- 903-3507Text LinkZach@splintech.com
Join our newsletter for expert advice and the latest updates.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Navigation
Copyright © Splintech | 2025
Terms & ConditionsPrivacy Policy
Powered by Elite Web Design Co.
Disclaimer:
Splintech services are provided by a licensed occupational therapist and are not medical advice. Services are not provided by a physician and are not intended to replace evaluation, diagnosis, or treatment by a medical doctor or other qualified healthcare provider. Please consult your physician for medical concerns.