Privacy Policy

N-ABLE LLC ("N-ABLE," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Clinic Portal (collectively, the "Services"). Please read this Privacy Policy carefully. By using our Services, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide to us, including:

• Contact information: name, email address, phone number
• Business information: business name, specialty, practice type
• Account credentials: username and password for Portal access
• Communications: any additional information you provide in contact forms, emails, or other communications with us

1.2 Information Collected Automatically

When you access our Services, we automatically collect certain information, including:

• IP address: collected for security purposes, fraud prevention, and to help diagnose technical issues
• Session cookies: used to maintain your connection between the frontend and backend of our Services
• Browser type and version
• Device information
• Pages visited and features used within our Services

1.3 Protected Health Information

Our Website and Portal are not designed to collect Protected Health Information (PHI). Please do not submit PHI through contact forms, support requests, the Portal, or any other communication channel unless specifically instructed under a separate written agreement. If PHI is inadvertently submitted, we may delete it without notice and are not responsible for maintaining, securing, or returning such information.

Our on-premises clinical documentation systems (MLE) process patient data locally at clinic locations. This data does not traverse our cloud services or the systems described in this Privacy Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain our Services
• To process and manage your account registration
• To respond to your inquiries and provide customer support
• To send you information about our services, updates, and promotional materials (with your consent where required)
• To monitor and analyze usage patterns and trends
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations
• To enforce our Terms of Service

3. Cookies and Tracking Technologies

3.1 Essential Cookies Only

We currently use only essential cookies that are necessary for the operation of our Services. These cookies enable core functionality such as session management and security features. We do not use analytics cookies, advertising cookies, or other non-essential tracking technologies at this time.

3.2 Cookie Management

Most web browsers allow you to control cookies through their settings. Because we use only essential cookies, disabling them may prevent you from using our Services. If we add non-essential cookies in the future, we will update this policy and provide appropriate consent mechanisms.

4. Third-Party Services

We use the following third-party services to operate our Services. These vendors process the personal information described in Section 1 (such as account information, contact details, and billing data). We do not send Protected Health Information to these providers.

4.1 Hosting Providers

• Vercel: Hosts our main website. Subject to Vercel's Privacy Policy.
• Cloudflare: Provides hosting and security services for the Portal. Subject to Cloudflare's Privacy Policy.

4.2 Email Services

• Resend: Processes transactional emails on our behalf. Subject to Resend's Privacy Policy.

4.3 Payment Processing

• Stripe: Processes payments for paid services. We do not store complete credit card information. Subject to Stripe's Privacy Policy.

We encourage you to review the privacy policies of these third-party services to understand how they handle your information.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• With service providers: We share information with third-party vendors who perform services on our behalf, subject to confidentiality obligations
• For legal compliance: We may disclose information if required by law, court order, or government request
• To protect rights: We may disclose information to protect the rights, property, or safety of N-ABLE, our users, or others
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Secure authentication mechanisms
• Regular security assessments
• Access controls limiting who can view personal information
• IP address logging for security monitoring

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

6.1 Security Incident Notification

In the event of a security incident affecting your personal information, we will notify affected users as required by applicable law.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. We may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. When personal information is no longer needed, we will securely delete or anonymize it.

8. Your Rights and Choices

8.1 Access and Correction

You may access and update your account information at any time by logging into the Portal. For information not accessible through your account, you may contact us to request access or correction.

8.2 Account Deletion

You may request deletion of your account by contacting us. Upon account deletion, we will remove or anonymize your personal information, except as required for legal compliance or legitimate business purposes.

8.3 Marketing Communications

You may opt out of receiving promotional emails by following the unsubscribe instructions in those emails. Even after opting out, you may still receive transactional or account-related communications.

9. Healthcare Data and HIPAA

9.1 Website and Portal Are Not HIPAA Services

The Website and Portal are not offered as HIPAA-covered services and are not intended for the collection, storage, or transmission of Protected Health Information (PHI). Do not submit PHI through these channels.

9.2 Business Associate Agreements

Business Associate Agreements (BAAs) are available only for N-ABLE's on-premises clinical documentation systems (MLE) installed at clinic locations. These systems process PHI locally and are governed by separate service agreements. If you require a BAA, please contact us to discuss appropriate arrangements.

9.3 Local Processing Architecture

Our clinical documentation systems are designed with a local-first architecture. Patient data is processed on-premises at clinic locations and does not traverse our cloud services. This design supports compliance with HIPAA's minimum necessary standard and helps protect patient privacy.

9.4 Demonstration Data

All data displayed in N-ABLE demonstration environments is entirely fabricated and synthetic. No real patient information is used in demonstrations. Any resemblance to real individuals is purely coincidental.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

11. State Privacy Rights

Depending on your state of residence, you may have additional privacy rights under applicable law.

11.1 California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of your personal information. As noted above, we do not sell personal information.

11.2 Other States

Residents of other states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, and Utah) may have similar rights, including rights to access, correct, delete, and port their personal information. We honor valid requests from residents of all states with applicable privacy laws.

11.3 Exercising Your Rights

To exercise your privacy rights, please contact us using the information below. We may need to verify your identity before processing your request.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our Website and updating the "Effective Date" above. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: