Template — review required. This page is a working template intended to unblock launch. Have qualified U.S. legal counsel review and tailor it to your operations before relying on it with customers.
Legal
Privacy Policy
Effective: April 24, 2026 · Last updated: April 24, 2026
1. Overview & scope
Anchor Governance ("Anchor", "we", "us") provides governance software for U.S. healthcare organizations. Anchor is currently being piloted with a limited number of customers in the United States, and the service is offered solely to organizations and users located in the United States. This Privacy Policy explains what information we collect, how we use it, and the choices you have.
2. Information we collect
Account & profile data you provide (name, work email, organization, role). Customer content you input into the platform (governance decisions, vendor records, attachments). Usage & log data generated automatically (IP address, browser, device, timestamps, pages viewed). Communications you send to us (support requests, feedback). The platform is designed to operate without protected health information (PHI); do not upload PHI unless a signed Business Associate Agreement (BAA) is in place.
3. How we use information
To provide, secure, and improve the service; authenticate users; communicate about your account and the pilot; respond to support requests; produce de-identified, aggregated analytics; and meet legal obligations. We do not sell or "share" personal information as those terms are defined under U.S. state privacy laws, and we do not use customer content to train third-party AI models.
4. Subprocessors & sharing
We share data with vetted U.S.-based subprocessors that operate the infrastructure of the service (cloud hosting, database, transactional email, error monitoring, product analytics) under contractual confidentiality, security, and (where applicable) HIPAA Business Associate obligations. We disclose information when required by law or to protect the rights, safety, and property of Anchor, our customers, or the public.
5. HIPAA
Anchor is designed to function without PHI. For pilot customers who require it, we offer a Business Associate Agreement (BAA) that governs any incidental or intentional handling of PHI within the platform. Contact privacy@anchorgovernance.com to request a BAA.
6. Data retention
We retain customer content for the duration of your subscription or pilot, plus a short period required to complete export and deletion requests. Account and log data are retained only as long as needed for the purposes described above or as required by law. On termination, customer content is deleted within 30 days unless a longer period is agreed in writing.
7. Security
We use industry-standard administrative, technical, and physical safeguards including encryption in transit (TLS) and at rest, role-based access controls, least-privilege access for personnel, audit logging, and ongoing vulnerability monitoring. No system is perfectly secure; you are responsible for protecting your account credentials and managing user access within your organization.
8. Your privacy choices
Depending on your state of residence (e.g., California, Colorado, Connecticut, Virginia, Utah, Texas, and other U.S. states with comprehensive privacy laws), you may have the right to access, correct, delete, or port your personal information, and to appeal a denial of those rights. To exercise any of these rights, contact privacy@anchorgovernance.com. We will respond within the timeframes required by applicable U.S. law.
9. Children
The service is not directed to, and we do not knowingly collect information from, children under 13.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised "Last updated" date and, where appropriate, communicated to account administrators by email.
11. Contact
Questions about this policy: privacy@anchorgovernance.com.