Privacy Policy
This Privacy Policy explains how Immaculate Consulting LLC ("Immaculate Consulting," "we," "us," or "our") collects, uses, and protects information when you visit immaculate-consulting.org or interact with us as a prospective or current client.
We are a healthcare technology consulting firm based in Raleigh, North Carolina, serving small and solo medical practices. When we deliver services to a covered entity under HIPAA, our handling of Protected Health Information ("PHI") is governed by a separate, signed Business Associate Agreement — not by this policy. This policy covers only the information we collect through our website and during pre-engagement conversations.
01Information we collect
Information you provide
When you submit a consultation request, use our interactive proposal builder, or otherwise contact us, we collect the information you give us. This may include:
- Your name, work email, and phone number
- Practice name, location, provider count, and approximate annual collections
- Current EHR or practice management system, if any
- Operational pain points or workflow priorities you describe
- Module selections and engagement preferences from the proposal builder
- Any other information you choose to include in messages or attachments
Please do not include patient information in website forms. Our website is not a HIPAA-secured intake channel. If you need to share PHI as part of an active engagement, we will provide a secure, BAA-covered channel.
Information collected automatically
Our website is hosted on Vercel. When you visit, Vercel's infrastructure may log standard server-level information such as your IP address, user agent, and request timestamps for security and operational purposes. We do not use Google Analytics, advertising pixels, session replay tools, or any third-party tracking on this site.
02How we use information
We use the information you provide to:
- Respond to your inquiry and schedule a consultation
- Generate and deliver a customized proposal
- Communicate with you about engagement scope, scheduling, and follow-up
- Improve our website, service offerings, and proposal quality
- Comply with legal, tax, and regulatory obligations
We do not use website-collected information for advertising or sell it to data brokers.
03How information is shared
We share information only as needed to operate the business, and only with vendors that meet appropriate privacy and security standards:
- Form processing: Website form submissions are routed through Formspree, which delivers them to our email and retains a record per their privacy policy.
- Hosting: The website is hosted by Vercel.
- Email: Inquiries are received and stored in our business email (Google Workspace).
- Service providers: When we engage subcontractors or tools to support a specific deliverable (for example, a payment processor for invoicing), we share only the information needed and require them to handle it confidentially.
- Legal: We may disclose information if required by law, subpoena, or to protect our rights, your rights, or the rights of others.
- Business transfers: If Immaculate Consulting is acquired or merged, information may transfer as part of that transaction.
We do not sell personal information.
04Cookies and analytics
This website uses no advertising cookies, no analytics cookies, and no third-party trackers. The site stores a single first-party value in your browser's localStorage to remember your dark/light theme preference. You can clear this at any time through your browser settings.
05Data retention
We retain inquiry and proposal information for as long as needed to respond, evaluate fit, and follow up — typically up to 24 months from your last interaction, after which we delete or de-identify it. If we engage with you as a client, business records (contracts, invoices, deliverables) are retained for the period required by tax and contract law in North Carolina.
06Security
We use reasonable administrative, technical, and physical safeguards to protect information from unauthorized access, alteration, disclosure, or destruction. These include encrypted transport (HTTPS), encrypted email at rest, multi-factor authentication on business accounts, principle-of-least-privilege access, and regular review of vendor security postures. No system is perfectly secure, and we cannot guarantee absolute security. If a breach affects your information, we will notify you as required by applicable law.
07Your rights
Depending on where you live, you may have rights regarding the personal information we hold about you, including the right to:
- Request access to the information we have about you
- Request correction of inaccurate information
- Request deletion of your information
- Opt out of certain uses or disclosures
- Receive a copy of your information in a portable format
To exercise any of these rights, contact us at info@immaculate-consulting.org. We will respond within 45 days. We will not discriminate against you for exercising a privacy right.
08HIPAA & PHI notice
Immaculate Consulting is not a covered entity. When we deliver services that involve handling Protected Health Information on behalf of a covered entity, we operate as a Business Associate under HIPAA, governed by a signed Business Associate Agreement with that client.
This website does not collect, transmit, store, or process PHI. If you accidentally include patient information in a website form or email, we will delete it promptly and ask you to resend through a secure channel.
Our products that do handle PHI (PracticeOS Pro, PracticeOS Command, and any AI-augmented workflows) operate under separate BAAs with clients and with our subprocessors, including Anthropic, OpenAI, Twilio, Supabase, and other infrastructure vendors as applicable. A current list of subprocessors is available to clients on request.
09Children's information
This website is not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has submitted information to us, contact us and we will delete it.
10International visitors
Immaculate Consulting operates from the United States. If you visit our site from outside the U.S., your information will be transferred to and processed in the United States, where data protection laws may differ from those of your country. By using the site, you consent to that transfer.
11Changes to this policy
We may update this policy as our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes will be posted prominently on the website. Your continued use of the site after a change constitutes acceptance of the revised policy.
12Contact us
Questions about this Privacy Policy, or about the information we hold about you, can be sent to:
Immaculate Consulting LLC
Attn: Privacy
Raleigh, North Carolina
info@immaculate-consulting.org