Privacy Policy

Last Updated: January 15, 2020


Data Momma, LLC d/b/a PCIHIPAA (“PCIHIPAA” or “we” or “us”) respects your privacy rights and recognizes the importance of protecting the information we collect from you online. This privacy policy (“Privacy Policy”) is effective as of the date last updated and explains how we collect, use, disclose, and protect personally identifiable information through our website, and/or (the “Website”).

This Privacy Policy applies to all Website users including, but not limited to, practices (“Practices”) that use any services included in PCIHIPAA’s compliance package (“Services”), as well as any customers and patients of such Practices (the “Customers”) that benefit from any of the Services. By executing and delivering the Authorization to PROVIDER, agreeing to the Terms of Service, or accessing or using the Website or Services, you agree and consent to the terms of this Privacy Policy.  Any capitalized terms not defined herein have the meaning ascribed in the Terms of Service, available at

The Website may contain links to other websites. This Privacy Policy does not apply to information collected by, on, or through third-party websites. We are not responsible for the privacy practices of such third parties or the content of their websites. Such third parties may have their own privacy policies, and you should review those privacy policies to determine their privacy practices.


Information / Data Collection

Information We Collect

Generally, you will know what personally identifiable information we collect from you through the Website because you will actively provide the information to us through a form or otherwise.  However, we may collect the following personally identifiable information through the Website:

Information about a Practice’s business, including its address, phone number, taxpayer identification number, and certain other identifiable information (such as financial information);

Certain personally identifiable information of the owner of a Practice, including his or her name, postal address, and email address;

Customer names, postal addresses, telephone numbers, email addresses, and other personally identifiable and confidential information;

Mobile, home, fax and/or business telephone (including toll-free) number, service provider name, and the date, time and content of the Practice’s or Customer’s message;

Credit/debit card and other billing information, including cardholder transaction data, card numbers, and expiration dates;

Information provided on any application or authorization; and

Other personally identifiable information provided to us in any way, shape or form.

We also collect the following types of information that are not considered personally identifiable information unless associated with a specific user:

Certain financial or demographic profile information such as age, gender, hobbies, interests, zip/postal code or country;

Information regarding uses of the Services; and

IP Address, and other technical information collected from the servers utilized by you or your vendors, such as information and data that is automatically collected upon visiting the Website (i.e., webpage http headers (home server domain names, Internet Protocol address, operating system type, browser type and language) and user-specific or aggregate information on what pages Website visitors access).

How We Collect Information

Generally, we collect personally identifiable information from you through the Website when you actively provide the information to us through a form or otherwise. However, we may collect information in the following ways:

Through the completion of electronic forms found on our Website;

Through referring websites or third parties;

Through the maintenance and analysis of Website server logs; and

Automatically, using web technologies, described in more detail below, including cookies, web beacons, Website server log analysis, and other technological means.

Certain portions of our Website may require that you register before being able to access them. On those portions of our Website that require registration, we may collect information to determine specific products and services that might be of interest or beneficial to a Practice or Customer.


Use of Information / Data Collected

By collecting and maintaining accurate information, we learn more about the needs of Practices or Customers and are better able to provide Services to such Practices or Customers.

We use the information we collect to identify the parties with whom we are dealing and to provide the Services, including Services that display customized content and advertising. We may also use the information for statistical and/or marketing purposes, to improve our technologies and Services, to provide information about our company, and to deliver promotional information from our partners and third-party vendors. These uses are intended to enhance your experience at the Website and enable us to present you content and services in which we think you might be interested

We reserve the right to share, rent, sell, or otherwise disclose the information we collect to third parties. We may also use the information you provide to market products and services we determine, in our sole judgment, you might find of interest.

When we use third parties to assist us in processing your personal information, we typically request that they comply with this Privacy Policy and any other appropriate confidentiality and security measures. However, we make no representation or warranty that such third party will so comply.

We may also share information with certain third parties in other circumstances, including when complying with legal process, preventing fraud or imminent harm, and ensuring the security of our network and services. We may disclose information about Practices, including personal information, as part of any merger, sale, transfer of company assets, or acquisition. We will take reasonable steps to assure that such information is treated in a manner consistent with this Privacy Policy.

We may add your information to our databases to contact you through future e-mails, postal mailings, telemarketing and SMS text-messaging regarding site updates, upcoming events, new products and services, and/or the status of orders placed online.

We reserve the right to release information to law enforcement or other governmental officials as we, in our sole and absolute discretion, deem necessary to comply with the law.


Use of Web Technologies


A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on the Website. We may link the information we store in cookies to personally identifiable information that you submit while on our Website. We use both session ID cookies and persistent cookies. A session ID cookie expires when a browser is closed. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies also enable us to track and target the interests of our users to enhance the experience on our Website. You can remove the persistent cookies by following the directions provided in your internet browser’s “help” file. If you reject cookies, you may still use our Website, but your ability to use some areas of our Website will be limited.

Clear Gifs

We employ a software technology called clear gifs (aka web beacons/web bugs), that helps us better manage the content on our Website by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Website users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on website pages and are about the size of the period at the end of a sentence. We do not tie the information gathered by clear gifs to your personally identifiable information.

We use clear gifts in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you would like to opt-out of these emails, please see the “Opting Out” section of this Privacy Policy below.

Log Files

As is true of most websites, we gather information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

We use this information, which does not identify individual users, to analyze trends, to administer the Website, to track users’ movements around the site and to gather demographic information about our user base as a whole.

Do Not Track

When you use the Website, we may receive “do not track” requests from you, whether via signals from web browsers or other mechanisms. At this time, we do not respond to such “do not track” requests, although we may in the future.



We take reasonable precautions to protect the confidentiality and security of Practices’ and Customers’ personally identifiable information by using industry recognized security safeguards such as site monitoring, secured networks and servers, firewalls, and encryption. When we ask for sensitive information, we protect it through the use of encryption during transmission, such as SSL (Secure Socket Layer). We regularly test and update our technology to enhance security. However, no method of transmission over the Internet is 100% secure. Therefore, while we strive to protect Practices’ and Customers’ personally identifiable information within industry standards, we cannot guarantee its absolute security.

Our employees are trained and required to safeguard Practices’ and Customers’ information. Our internal controls limit access to information based on job functionality.


No Information Collected from Children

The information and Services provided by us or our affiliates, sponsors, and advertisers are not intended to be viewed by children (under 18 years old). No information is knowingly collected or retained from children (except as Customers), nor is any such information knowingly used for any marketing or promotional purposes whatsoever, either inside or outside the Website. No part of the Website is designed to attract anyone under the age of 18. Children are not eligible to use the Services and we ask that minors (under the age of 18) do not submit any personal information to us or use the Services.



Based upon the personally identifiable information that you provide us, we may send you a welcoming email. We will also communicate with you in response to your inquiries, to provide the Services you request, and to manage your account.


Opting Out

If you want to be removed from our marketing list and do not want us to send you email, regular mail, or other messages about our products and services, you can opt out. To do so, please send an email to, with the word “REMOVE” in the subject line, or unsubscribe by clicking here: Unsubscribe To opt out of SMS text messages, reply to the text you received with the word “REMOVE.”

California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of such residents’ personal information to third parties for such third parties’ direct marketing purposes. To make such a request, please e-mail us at:


Privacy Policy Updates

We reserve the right to change this Privacy Policy at any time, so please review it on a regular basis. Any changes made to this Privacy Policy will be posted here. The date stamp at the top of the page represents the last day this Privacy Policy was updated. If you have questions about this Privacy Policy, you can contact us at By using or accessing the Services or the Website, you will be deemed to have agreed to and accepted this Privacy Policy.


Manage Accurate Information

If your personally identifiable information changes, or if you no longer choose to use our Services, you can contact customer service by email, telephone or postal mail at the contact information listed below to assist you with changes to your account.

To the extent any Practice’s account(s) close or become inactive, we will continue to protect such Practice’s and it Customers’ information as described in this Privacy Policy.


Business Transitions

In the event that we go through a business transition, such as a merger, acquisition, or sales, your personal information will likely be among the assets transferred. You will be notified of any such change in ownership or control of your personal information.


California Resident Requests

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year.

To request a copy of the information disclosure provided by us pursuant to Section 1798.83 of the California Civil Code, your request must include “California Privacy Rights Request” in the subject or first line of the request and include your name, street address, city, state, and zip code. You must send your request to us via e-mail or mailing address in the Contact Us section below.

Please note that under this law we are not required to respond to your request more than once per calendar year, nor are we required to respond to any request that is not sent to the e-mail or mailing address provided.


Protection of Sensitive Information

Notwithstanding the limited application of this Privacy Policy to information processed by our Website, it the policy of PCIHIPAA to (1) protect the confidentiality of Social Security Numbers SSNs it receives or stores (“SSNs”), (2) prohibit unlawful disclosure of SSNs, and (3) limit access to SSNs.

We store, transmit, and disclose SSNs only to the extent necessary to provide payment processing services, and always in an encrypted format.  Access to SSNs is limited through the use of role-based permissions, on a need-to-know basis.