Privacy Policy

Last updated: July 17, 2026

Illustration of a female clinician wearing a stethoscope

1. Overview

This Privacy Policy explains how TheraManager (“TheraManager”, “we”, “us”) handles personal information in connection with the TheraManager platform and websites. TheraManager is used by healthcare organizations. Two kinds of data are involved, and they are treated differently: information about our customers and their staff (account data), and patient information that customer organizations process through the platform (customer health data).

2. Patient data is processed on behalf of your healthcare provider

Patient records, clinical notes, prescriptions, lab results, and similar protected health information (“PHI”) entered into TheraManager belong to and are controlled by the healthcare organization that uses the platform. We process that information only on that organization’s behalf and instructions, to provide the Service — we do not sell it, use it for advertising, or use it for purposes unrelated to operating the Service. If you are a patient, your healthcare provider’s own privacy notice governs how your health information is used; requests about your records should be directed to your provider.

3. Information we collect directly

  • Account data — names, work email addresses, roles, and login credentials of the staff members a customer organization registers.
  • Contact and signup data — information submitted through our contact and signup forms (organization name, contact name, email, phone, message).
  • Usage and security data — log records of access and actions in the platform (including audit trails required for healthcare accountability), device and browser information, and IP addresses.
  • Billing data — subscription plan, seat counts, and billing status. Payment card details are collected and processed by Paddle, our merchant of record, not by us.

4. How we use information

  • to provide, operate, secure, and support the Service;
  • to authenticate users and enforce role-based access controls;
  • to maintain audit trails of access to protected records, as expected of healthcare software;
  • to manage subscriptions, trials, and billing;
  • to communicate service, security, and account notices; and
  • to comply with legal obligations.

5. Security

We apply technical and organizational safeguards appropriate to health data, including encryption of data in transit, role-based access control with tenant isolation between customer organizations, audit logging of access to protected records, and least-privilege administrative access. No system is perfectly secure; we encourage customers to use strong credentials and to assign each user only the roles their work requires.

6. Sharing

We do not sell personal information. We share information only with service providers who help us operate the platform (such as hosting infrastructure and Paddle for payment processing), under contracts that restrict their use of it; with a customer organization’s own authorized users as directed by the organization; or where required by law.

7. Retention

Account and customer health data are retained for as long as the customer’s relationship with us continues and thereafter as needed to meet legal, regulatory, and medical record-retention obligations, after which data is deleted. Customers can export their data before or after ending a subscription, as described in the Terms of Service.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal information we hold about you, or to object to certain processing. Staff users should route requests through their organization’s administrator where the organization controls the data; you can also contact us directly and we will respond as required by applicable law.

9. Changes and contact

We may update this policy from time to time and will post the revised version here with an updated date. Questions or requests: support@theramanager.org.