Privacy Policy
Last updated: July 2, 2026
Plain-English summary. minusPHI is a de-identifying relay. We help healthcare organizations keep analytics and ad measurement without sending patient data to ad networks. On our customers' behalf we receive website events, strip anything that could identify a person, and forward only de-identified signal to the destinations they connect (such as Google Analytics and Meta). We don't sell personal information or use it to serve ads.
Please note: this document is a starting template, not legal advice. Have it reviewed by qualified counsel and complete the items marked like this before you rely on it. Items to fill in: legal entity name, business address, payment processor, hosting region, retention periods, and governing-law jurisdiction.
- Who we are & what this covers
- The role we play
- Information we collect
- How we use information
- How the relay de-identifies data
- When we share information
- Cookies & our marketing site
- Data retention
- Data security
- HIPAA & business associates
- International transfers
- Your privacy rights
- Children's privacy
- Changes to this policy
- Contact us
1. Who we are & what this covers
minusPHI ("minusPHI," "we," "us," "our") is operated by [Legal entity — e.g., minusPHI, Inc.], located at [business address]. This Privacy Policy explains how we handle information in connection with our website at minusphi.com (the "Site") and our de-identifying analytics relay and related services (the "Service"). By using the Site or the Service, you agree to this Policy.
2. The role we play
For personal information about our own customers and Site visitors, we act as a controller — we decide how that information is used. For website-event data that flows through the relay, we act as a processor and, where applicable, a business associate — we process that data only on our customers' documented instructions, for the purpose of de-identifying it and forwarding de-identified signal to the destinations the customer connects. Our customers are responsible for having a lawful basis and appropriate privacy notices for the data they route through the Service.
3. Information we collect
Account & billing information
When a customer signs up, we collect details such as name, work email, company and the domain(s) you connect. When the beta ends, billing details are collected and processed by our payment provider ([payment processor — e.g., Stripe]); we do not store full card numbers.
Website event data (processed on our customers' behalf)
When a site runs the minusPHI tag, the relay receives events such as page views and conversion actions (for example, a phone-link click or a form submission), together with technical metadata like a transient IP address and user-agent string. A raw event may briefly contain identifiers before de-identification (see section 5). It is processed to strip and suppress that information — not to build profiles of individuals.
Support & communications
Messages you send us (for example, email to hello@minusphi.com) and related contact details.
4. How we use information
We use information to provide and operate the Service; de-identify and route events according to each customer's configuration; authenticate accounts; bill for paid plans; provide support; maintain security and prevent abuse; comply with law; and improve the Service. We do not sell personal information, and we do not use event data to serve advertising or to build cross-site profiles.
5. How the relay de-identifies data
The Service is built to deny by default: for every event, the relay forwards only fields on an allow-list and suppresses everything else.
Forwarded — de-identified
- De-identified page-view and traffic-source signal to the customer's own Google Analytics 4 property (public marketing pages only).
- Domain-only page views to Meta — never the specific URL that was visited.
- Conversion signals such as leads, booking clicks and phone-click actions.
- Ad-click identifiers (e.g., gclid / fbclid) attached to conversions, so campaigns can keep attributing.
- A random, first-party identifier used only to count sessions — never tied to a real person.
Never forwarded — to anyone
- IP addresses, device fingerprints and third-party cookies.
- Names, emails and phone numbers — whether hashed or not.
- Page URLs to Meta, form contents, or anything typed by a visitor.
- Anything from patient portals, intake, scheduling or confirmation pages.
- Health-condition terms — pages mentioning them are suppressed entirely.
If the relay cannot classify a page or field as safe, it suppresses it. An independent self-check runs on every event before it leaves.
6. When we share information
We share information only with service providers who help us run the Service, and with the destinations our customers choose:
- Cloud hosting & infrastructure: Amazon Web Services (compute, storage and key management). For environments carrying real patient traffic, we recommend operating under the AWS Business Associate Addendum.
- Destinations you connect: Google (Google Analytics 4) and Meta (Conversions API) receive only the de-identified signal described in section 5, at your direction.
- Payment processing: [payment processor — e.g., Stripe] for paid subscriptions.
- Legal & safety: we may disclose information where required by law or to protect rights, safety and the integrity of the Service.
A current list of sub-processors is available on request at hello@minusphi.com. We do not sell or rent personal information, and we do not share it for cross-context behavioral advertising.
7. Cookies & our marketing site
Our marketing Site is intentionally low-footprint: it sets no advertising cookies and runs no third-party ad pixels. The Site loads web fonts from Google Fonts, which necessarily discloses your IP address to Google in order to deliver the fonts. The application at app.minusphi.com uses strictly-necessary cookies to keep you signed in.
8. Data retention
We keep account and billing records for as long as your account is active and as needed to meet legal, tax and accounting obligations. Because the relay's purpose is de-identification, raw event data is processed transiently and is not retained by us as an identifiable record; de-identified signal is delivered to your chosen destinations, where your own retention settings apply. Confirm specific periods for operational logs: [retention period — e.g., 30 days].
9. Data security
We use administrative, technical and physical safeguards designed to protect information, including encryption in transit, encryption of secrets with managed keys, least-privilege access, and network isolation. No method of transmission or storage is completely secure, but we work to protect information consistent with the sensitivity of healthcare contexts.
10. HIPAA & business associates
Many of our customers are HIPAA-covered entities or their business associates. Because the relay may receive website events before de-identification, we can act as a business associate and will enter into a Business Associate Agreement (BAA) with customers who require one — contact hello@minusphi.com to request one. minusPHI is a technology provider, not a law firm; signing a BAA does not by itself make your overall program compliant.
11. International transfers
The Service is operated from the United States. If you access it from outside the U.S., you understand your information will be processed in the U.S. Where required, we rely on appropriate transfer mechanisms. [Confirm hosting region and transfer mechanism.]
12. Your privacy rights
Depending on where you live (for example under the GDPR or the CCPA/CPRA), you may have rights to access, correct, delete or port your personal information, to opt out of certain processing, and not to be discriminated against for exercising these rights. To exercise rights over information we hold as a controller, contact us at hello@minusphi.com. If your request concerns data processed through the relay on a customer's behalf, we will refer you to — or act on the instructions of — that customer, who is the controller of that data. We do not sell personal information or share it for cross-context behavioral advertising.
13. Children's privacy
The Service is intended for businesses and is not directed to children under 16, and we do not knowingly collect their personal information. [Adjust if your customers' contexts involve minors, e.g., pediatric practices.]
14. Changes to this policy
We may update this Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide additional notice. Your continued use of the Site or Service after an update means you accept the revised Policy.
15. Contact us
Questions or requests: hello@minusphi.com. Postal: [Legal entity name], [business address].
See also our Terms of Service.