ABA Engine, LLC’s Notice of Privacy Practices (this “Notice”) sets out the key elements of how we address the privacy and security of the data and other information entrusted to us by our customers through their access and use of ABA Engine’s software, including any related mobile applications and other online services (collectively, “Services”).

As privacy laws and practices evolve, we may amend this Notice from time to time. While we will endeavor to give reasonable notice of such changes, we reserve the right to do so without prior notice where required by changes in applicable law. For our customers, we will endeavor to communicate any changes through the communication channels provided in the software.

For any questions, requests, or concerns regarding privacy, contact us at support@abaengine.com.

I. OVERVIEW

We process Customer Data under the direction and control of our customers. We retain no ownership, nor do we have control over the origination or validity of the Personal Data we process on behalf of our customers. We do not request nor maintain direct relationships with individuals whose Personal Data we maintain in Customer Databases we host and manage as part of our Services. Accordingly, we do not directly request nor collect consents or instructions to access, correct, update, or delete personal information — such requests should be made directly to our customers. We will honor and support any instructions our customers provide with respect to Personal Data maintained in our databases.

Our customers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring Personal Data to the software.

II. PROTECTING PERSONAL INFORMATION

ABA Engine is a provider of hosted, cloud-based practice management software to ABA therapy providers who are subject to laws and regulations governing the use and disclosure of Protected Health Information (“PHI”). In the United States, HIPAA and HITECH, along with the regulations adopted under those statutes and applicable state laws, govern the handling of PHI. ABA Engine, as a Business Associate under HIPAA, has entered into Business Associate Agreements with its customers as required by HIPAA.

III. SECURITY, THREATS, AND BREACH NOTIFICATION

ABA Engine’s software platform has physical, administrative, and technical security measures in place to protect against the loss, misuse, unauthorized access, and alteration of data and PHI under our direct control. When the Services are accessed using current browser technology, TLS encryption protects information using server authentication and data encryption. ABA Engine hosts the Service in a secure server environment using firewalls and other advanced technology to prevent unauthorized access. Unique usernames and passwords, and multi-factor authentication are required each time a user logs in.

These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of PHI. However, no system can guarantee 100% security at all times. In the event we detect a security threat or vulnerability, we may contact our customers to recommend protective measures. Incidents of suspected or actual unauthorized handling of PHI are directed to our legal and compliance teams. If we determine that PHI has been misappropriated or otherwise wrongly acquired, we will promptly issue a report to each affected customer in accordance with applicable law and the applicable Business Associate Agreement.

IV. USE OF AGGREGATED AND DE-IDENTIFIED DATA

ABA Engine may collect, analyze, and use data derived from customer use of the platform in aggregated, de-identified form (“Aggregated Data”) for legitimate business purposes, including product development, platform improvement, and marketing. Aggregated Data does not identify any individual customer, their employees, or their clients, and does not constitute PHI or individually identifiable health information. Examples of permitted uses include publishing aggregate platform performance statistics, such as average improvements in client intake timelines or reductions in scheduling conflicts across our customer base.

ABA Engine will not identify any customer by name, logo, or other identifying information in any marketing or public-facing materials without that customer’s prior written consent.

V. RETENTION AND DELETION

ABA Engine will retain Personal Health Information as necessary for the following purposes:

• As required to manage and administer the Services;
• As required to carry out legal responsibilities (e.g., legal holds and other legal procedures);
• To resolve a dispute (including enforcement of a contract); or
• As expressly communicated to a customer at the time of collection.

Upon expiration or termination of a customer’s agreement, ABA Engine will retain Customer Data for a period of ninety (90) days. Following that period, ABA Engine may permanently delete all Customer Data. If it is not feasible to delete or destroy retained Personal Health Information within that period, we will continue applying the same safeguards described in this Notice for as long as such data is retained. Note: ABA Engine retains its own compliance documentation, security policies, and BAA-related records for a minimum of six (6) years as required by HIPAA. Customer data retention and record-keeping obligations remain the responsibility of the covered entity.

VI. SHARING AND DISCLOSURE

IN NO CASE WILL ABA ENGINE SELL OR RENT PERSONAL HEALTH INFORMATION TO THIRD PARTIES. ABA Engine will only share Personal Health Information in the following circumstances:

• With law enforcement officials, governmental agencies, or other legal authorities: (i) in response to their request; (ii) when permitted or required by law; (iii) to establish our compliance with applicable laws, rules, or regulations; or (iv) to establish, protect, or exercise our legal rights or defend against legal claims.
• With any other person as directed in writing by our customers.

VII. SMS MESSAGING

ABA Engine may send SMS text messages to users who have explicitly opted in through our platform. These messages are strictly for service-related purposes such as two-factor authentication, scheduling notifications, or portal message alerts.

• Opt-In Use Only: Mobile numbers collected will only be used for ABA Engine service notifications and will not be shared with third parties for marketing purposes.
• Opt-Out Instructions: You can opt out of receiving text messages at any time by replying STOP to any message.
• Support Instructions: For assistance, reply HELP or contact us at support@abaengine.com.

VIII. GOOGLE USER DATA ACCESS

When you sign into ABA Engine using Google OAuth, our Services may request access to certain information from your Google Account. This access is used only to support features you actively enable within ABA Engine. Specifically, ABA Engine may:

• Basic Profile Information: Access your name, email address, and profile picture to create and manage your ABA Engine account.
• Google Calendar: View and edit your calendar events to schedule, manage, and sync appointments inside the ABA Engine platform.
• Gmail: Read, compose, and send emails from your Gmail account on your behalf; manage drafts and email labels; view email messages and related settings to support scheduling and communication features.
• Google Contacts: See, edit, download, and delete your Google Contacts when you choose to sync them with the platform; access automatically saved contacts to support communication and scheduling features.

ABA Engine does not sell or rent Google user data. We only use this information to deliver features you have enabled. You may revoke ABA Engine’s access to your Google Account at any time by visiting: https://myaccount.google.com/permissions.

CONTACT

For questions, requests, or concerns regarding this Notice, contact us at:

ABA Engine, LLC
1 SE Ocean Blvd, Stuart, FL 34994

support@abaengine.com

Privacy Policy: https://abaengine.com/privacy_policy/

Terms of Service: https://abaengine.com/terms_of_service/

Fulfillment Policy: https://abaengine.com/fulfillment-policy/