minusPHI
Legal

Privacy Policy

Last updated: July 2, 2026

Plain-English summary. minusPHI is a de-identifying relay. We help healthcare organizations keep analytics and ad measurement without sending patient data to ad networks. On our customers' behalf we receive website events, strip anything that could identify a person, and forward only de-identified signal to the destinations they connect (such as Google Analytics and Meta). We don't sell personal information or use it to serve ads.

Please note: this document is a starting template, not legal advice. Have it reviewed by qualified counsel and complete the items marked like this before you rely on it. Items to fill in: legal entity name, business address, payment processor, hosting region, retention periods, and governing-law jurisdiction.

Contents
  1. Who we are & what this covers
  2. The role we play
  3. Information we collect
  4. How we use information
  5. How the relay de-identifies data
  6. When we share information
  7. Cookies & our marketing site
  8. Data retention
  9. Data security
  10. HIPAA & business associates
  11. International transfers
  12. Your privacy rights
  13. Children's privacy
  14. Changes to this policy
  15. Contact us

1. Who we are & what this covers

minusPHI ("minusPHI," "we," "us," "our") is operated by [Legal entity — e.g., minusPHI, Inc.], located at [business address]. This Privacy Policy explains how we handle information in connection with our website at minusphi.com (the "Site") and our de-identifying analytics relay and related services (the "Service"). By using the Site or the Service, you agree to this Policy.

2. The role we play

For personal information about our own customers and Site visitors, we act as a controller — we decide how that information is used. For website-event data that flows through the relay, we act as a processor and, where applicable, a business associate — we process that data only on our customers' documented instructions, for the purpose of de-identifying it and forwarding de-identified signal to the destinations the customer connects. Our customers are responsible for having a lawful basis and appropriate privacy notices for the data they route through the Service.

3. Information we collect

Account & billing information

When a customer signs up, we collect details such as name, work email, company and the domain(s) you connect. When the beta ends, billing details are collected and processed by our payment provider ([payment processor — e.g., Stripe]); we do not store full card numbers.

Website event data (processed on our customers' behalf)

When a site runs the minusPHI tag, the relay receives events such as page views and conversion actions (for example, a phone-link click or a form submission), together with technical metadata like a transient IP address and user-agent string. A raw event may briefly contain identifiers before de-identification (see section 5). It is processed to strip and suppress that information — not to build profiles of individuals.

Support & communications

Messages you send us (for example, email to hello@minusphi.com) and related contact details.

4. How we use information

We use information to provide and operate the Service; de-identify and route events according to each customer's configuration; authenticate accounts; bill for paid plans; provide support; maintain security and prevent abuse; comply with law; and improve the Service. We do not sell personal information, and we do not use event data to serve advertising or to build cross-site profiles.

5. How the relay de-identifies data

The Service is built to deny by default: for every event, the relay forwards only fields on an allow-list and suppresses everything else.

Forwarded — de-identified

Never forwarded — to anyone

If the relay cannot classify a page or field as safe, it suppresses it. An independent self-check runs on every event before it leaves.

6. When we share information

We share information only with service providers who help us run the Service, and with the destinations our customers choose:

A current list of sub-processors is available on request at hello@minusphi.com. We do not sell or rent personal information, and we do not share it for cross-context behavioral advertising.

7. Cookies & our marketing site

Our marketing Site is intentionally low-footprint: it sets no advertising cookies and runs no third-party ad pixels. The Site loads web fonts from Google Fonts, which necessarily discloses your IP address to Google in order to deliver the fonts. The application at app.minusphi.com uses strictly-necessary cookies to keep you signed in.

8. Data retention

We keep account and billing records for as long as your account is active and as needed to meet legal, tax and accounting obligations. Because the relay's purpose is de-identification, raw event data is processed transiently and is not retained by us as an identifiable record; de-identified signal is delivered to your chosen destinations, where your own retention settings apply. Confirm specific periods for operational logs: [retention period — e.g., 30 days].

9. Data security

We use administrative, technical and physical safeguards designed to protect information, including encryption in transit, encryption of secrets with managed keys, least-privilege access, and network isolation. No method of transmission or storage is completely secure, but we work to protect information consistent with the sensitivity of healthcare contexts.

10. HIPAA & business associates

Many of our customers are HIPAA-covered entities or their business associates. Because the relay may receive website events before de-identification, we can act as a business associate and will enter into a Business Associate Agreement (BAA) with customers who require one — contact hello@minusphi.com to request one. minusPHI is a technology provider, not a law firm; signing a BAA does not by itself make your overall program compliant.

11. International transfers

The Service is operated from the United States. If you access it from outside the U.S., you understand your information will be processed in the U.S. Where required, we rely on appropriate transfer mechanisms. [Confirm hosting region and transfer mechanism.]

12. Your privacy rights

Depending on where you live (for example under the GDPR or the CCPA/CPRA), you may have rights to access, correct, delete or port your personal information, to opt out of certain processing, and not to be discriminated against for exercising these rights. To exercise rights over information we hold as a controller, contact us at hello@minusphi.com. If your request concerns data processed through the relay on a customer's behalf, we will refer you to — or act on the instructions of — that customer, who is the controller of that data. We do not sell personal information or share it for cross-context behavioral advertising.

13. Children's privacy

The Service is intended for businesses and is not directed to children under 16, and we do not knowingly collect their personal information. [Adjust if your customers' contexts involve minors, e.g., pediatric practices.]

14. Changes to this policy

We may update this Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide additional notice. Your continued use of the Site or Service after an update means you accept the revised Policy.

15. Contact us

Questions or requests: hello@minusphi.com. Postal: [Legal entity name], [business address].


See also our Terms of Service.