Privacy Policy

RRM Health LLC is committed to protecting the privacy and security of personal information. This policy describes how we collect, use, disclose, and protect personal information in connection with our platform and services.

RRM Health
Version1.3
Last UpdatedApril 28, 2026
EntityRRM Health LLC

Scope

This Privacy Policy applies to personal information processed by RRM in connection with customers and users located in the United States.

For customers located outside of the United States, RRM may apply region-specific privacy policies and data handling practices in accordance with applicable local laws and contractual requirements.

In many cases, RRM processes data on behalf of customers acting as the data controller, and RRM acts as a service provider or processor.

Information We Collect

We may collect and process the following types of information.

Customer Data

Information submitted through the platform, which may include personal data and, where applicable, protected health information (PHI).

Account Information

Name, email address, and login credentials used to access and manage the Services.

Usage Data

Information about how the Services are accessed and used.

Technical Data

IP addresses, device information, and system logs collected automatically.

How We Use Information

We use personal information for clearly defined purposes that support our Services and our customers.

  • Provide, operate, and maintain the Services
  • Process transactions and manage customer accounts
  • Monitor performance and improve the Services
  • Detect and prevent security incidents or misuse
  • Comply with legal and regulatory obligations

Data Sharing & Disclosure

We may share personal information with the following categories of recipients.

Service Providers

Third-party vendors that support our operations (e.g., cloud infrastructure, monitoring, analytics), all subject to appropriate security and confidentiality obligations.

Customers

When data is processed on behalf of a customer who acts as the data controller for that information.

Legal Authorities

When required by law or to protect the rights, property, or safety of RRM, our customers, or others.

We do not sell personal information.

Data Security

RRM implements administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction.

These measures include access controls, encryption, monitoring, and secure infrastructure practices.

Third-Party Services

The Services may rely on third-party providers. These providers are required to maintain appropriate security and confidentiality obligations consistent with applicable requirements and are expected to support RRM's data handling practices.

Data Retention & Disposal

We retain personal information only as long as necessary to fulfill the purposes described in this policy and our contractual obligations.

  • Retention periods vary based on service requirements, customer agreements, and legal obligations — which may include standard retention periods (e.g., up to 12 months).
  • Following termination, data is returned and/or deleted in accordance with applicable customer agreements (including our Terms of Use).
  • Customer Data is removed from active systems and securely deleted from backups within defined retention periods.

Data Subject Rights

Depending on applicable law, individuals may have rights to:

  • Access their personal information
  • Request correction or deletion
  • Object to or restrict processing
  • Request data portability

Requests should be directed to the relevant customer (data controller) or to RRM where applicable, at security@rrmhealth.com.

Data Location & Processing

Customer Data for U.S.-based customers is stored and processed exclusively within the United States. RRM does not transfer Customer Data outside of the United States unless explicitly agreed to in writing with the customer.

For customers located outside of the United States, data handling and storage practices may be governed by region-specific policies and contractual agreements applicable to those customers.

Children's Privacy

The Services are not intended for use by individuals under the age of 18, and RRM does not knowingly collect personal information from children.

Changes to this Policy

We may update this Privacy Policy from time to time. Updates will be posted with a revised "Last Updated" date.

Contact Information

For questions or requests related to this Privacy Policy, please contact us.

RRM Health LLC

Reach out anytime with privacy-related inquiries or data subject requests.

security@rrmhealth.com