Your Data, Protected with Integrity

Our Commitment to Privacy

At Pace+, protecting healthcare data isn’t just a requirement — it’s a core part of who we are.

We understand that healthcare organizations handle highly sensitive patient information, and we’ve built our platform to protect it at every level. Our privacy-first architecture ensures that every system, process, and partner adheres to the highest standards of confidentiality, security, and transparency.

We comply fully with international and industry-specific regulations, including:

• HIPAA (Health Insurance Portability and Accountability Act)
  
  
• GDPR (General Data Protection Regulation)
  
  
• PIPEDA (Personal Information Protection and Electronic Documents Act)
  
  

Pace+ does not sell, share, or misuse your data — ever. Our focus is on data minimization, encryption, and controlled access to protect both your organization and your patients.

What Information We Collect

To deliver a secure and effective platform, Pace+ collects limited types of data — always with purpose, transparency, and consent.

1. Account Information

Basic details like name, email, organization, and login credentials used to provide access to the Pace+ platform.

2. Usage Data

System and device logs that help us improve performance, monitor uptime, and optimize user experience.

3. Clinical Data

Healthcare and patient data managed through Pace+ modules. This information is classified as Protected Health Information (PHI) and handled according to HIPAA and applicable healthcare data protection laws.

4. Support Data

Information you provide when contacting our support or success teams (e.g., requests, feedback, tickets).

All patient-related data within Pace+ is classified as Protected Health Information (PHI) and treated with the highest level of security and compliance.

How We Use Your Information

Pace+ uses data responsibly and transparently to provide reliable, secure, and compliant services.

We use the information we collect to:

• Operate and enhance the Pace+ platform.
  
  
• Ensure data integrity and system security.
  
  
• Provide customer support and user training.
  
  
• Meet regulatory and contractual obligations.
  
  

We do not use clinical or patient data for advertising, marketing, or third-party profiling purposes.

Data Storage and Security

Your data is protected by industry-leading infrastructure and encryption protocols.

• Hosted on HIPAA-compliant cloud environments (e.g., AWS, Azure, or equivalent).
  
  
• Encryption in transit (TLS 1.2+) and at rest (AES-256).
  
  
• Role-based access controls to limit sensitive data exposure.
  
  
• Continuous intrusion detection, threat monitoring, and penetration testing.
  
  
• Regular third-party audits and SOC 2 Type II assessments.
  
  

Our dedicated security and compliance teams monitor all systems continuously to ensure your data remains secure 24/7.

Data Sharing and Disclosure

Pace+ respects your confidentiality — we never sell or rent user or patient data.

Data may only be shared under specific, controlled conditions:

• Legal Compliance: When required by applicable laws or regulatory authorities.
  
  
• Trusted Subprocessors: Only with certified third-party vendors (e.g., hosting, analytics) under strict Data Protection Agreements (DPAs).
  
  
• Customer Authorization: When explicitly requested for integrations or interoperability.
  
  

Each subprocessor undergoes a rigorous security and compliance review before onboarding.

Your Rights and Choices

We believe healthcare organizations and patients should have control over their data. Pace+ enables full transparency and control in accordance with global data protection standards.

Your rights include:

• Access: Request a copy of your stored data.
  
  
• Correction: Update or fix inaccurate information.
  
  
• Deletion: Request data removal (subject to legal and regulatory obligations).
  
  
• Portability: Export your data in a structured, machine-readable format.
  
  
• Restriction: Limit certain processing or sharing activities.
  
  

Pace+ complies with HIPAA Privacy Rule, GDPR, and CCPA frameworks to protect user and patient rights.

Compliance and Certifications

To guarantee ongoing compliance, Pace+ maintains alignment with recognized data protection frameworks and certifications:

• HIPAA (Health Insurance Portability and Accountability Act)
  
  
• GDPR (General Data Protection Regulation)
  
  
• SOC 2 Type II (Security, Availability, Confidentiality)
  
  
• ISO 27001 (Information Security Management Systems)
  
  

We perform continuous risk assessments and third-party audits to ensure our platform meets or exceeds healthcare compliance standards.

Data Retention Policy

We retain data only as long as necessary to fulfill service delivery or legal obligations.

• PHI and medical data are securely purged upon contract termination or at customer request.
  
  
• Backups are encrypted and destroyed following retention expiration.
  
  
• Logs and system data are anonymized for performance and security purposes.
  
  

Our data lifecycle management ensures that no information is kept longer than needed — protecting both compliance and patient privacy.

International Data Transfers

Pace+ supports customers globally and stores data according to jurisdictional preferences.

• Data centers located in the U.S., EU, and Canada.
  
  
• Cross-border transfers governed by Standard Contractual Clauses (SCCs) and other legally recognized frameworks.
  
  
• Transparent notification in case of hosting location changes.
  
  

We ensure every transfer meets international healthcare data protection laws.

Cookies and Tracking Technologies

Pace+ uses minimal, privacy-friendly cookies designed only for platform performance and authentication.

• No advertising or third-party tracking cookies.
  
  
• Cookies are used strictly for session management, user authentication, and analytics.
  
  
• You may adjust cookie preferences at any time via your browser settings.
  
  

Updates to This Privacy Policy

We may occasionally update this Privacy Policy to reflect legal, regulatory, or operational changes.

• Updates will be communicated via email or in-app notifications.
  
  
• The latest version is always available at paceplus.com/privacy.
  
  
• Continued use of Pace+ after updates constitutes acceptance of the revised policy.
  
  

Contact Our Privacy Team

If you have questions or concerns about how we collect, use, or protect your data, please contact our Data Protection Officer (DPO) directly.

Email: support@paceplus.com
Address: 111 W. Jackson Blvd. Ste. 1146, Chicago, IL 60604
Response Time: Within 30 days as required by applicable law.