01 Overview
Proton RCM ("Company," "we," "us," or "our") is a physician-founded revenue cycle management firm serving independent medical practices in the United States. We are committed to protecting the privacy of individuals who interact with our website.
This Privacy Policy explains what information we collect when you visit protonrcm.com, how we use it, who we share it with, and the choices you have. By using our website or submitting information through any form on this site, you agree to the practices described in this Policy.
This Policy does not cover information we process on behalf of healthcare provider clients as a Business Associate under HIPAA. Such processing is governed by individual BAAs and applicable federal law.
02 Information We Collect
Information You Provide Directly
When you complete our Revenue Diagnostic request form or any other form on this site, you may provide:
- Identity information: Full name, professional title
- Contact information: Work email address, phone number (including WhatsApp)
- Practice information: Medical specialty, current EHR or billing system, approximate monthly collections range
- Narrative information: Descriptions of billing challenges you voluntarily provide in open-text fields
You are not required to provide all information. Fields marked optional will not affect your ability to request a diagnostic.
Information Collected Automatically
When you visit our website, our analytics and infrastructure providers may automatically collect:
- Device & browser data: IP address, browser type and version, operating system, screen resolution
- Usage data: Pages viewed, time on page, scroll depth, links clicked, referring URL
- Session data: Session timestamps, entry and exit pages
This data is collected via cookies and similar technologies described in Section 6.
Information from Third Parties
We do not purchase or acquire personal information from data brokers or list vendors. If you contact us via LinkedIn, email, or WhatsApp, we may retain the content and metadata of that communication.
03 How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Respond to your diagnostic or inquiry request — schedule and conduct your free practice revenue audit | Performance of a contract / Legitimate interests |
| Communicate about our services — send follow-up information, proposals, and service updates | Legitimate interests (with opt-out) |
| Improve our website — analyze usage patterns, test page layouts, diagnose technical issues | Legitimate interests |
| Marketing communications — send relevant content about RCM, billing, and practice management (only with your consent or where permitted by law) | Consent / Legitimate interests |
| Compliance and legal obligations — respond to lawful requests, protect against fraud, enforce our Terms | Legal obligation / Legitimate interests |
We do not sell your personal information. We do not use your information for automated decision-making that produces legal or similarly significant effects.
04 Information Sharing
We share your information only in the limited circumstances described below:
- Service providers: We use third-party vendors (form processing, email delivery, analytics, CRM) who process data on our behalf under contractual data protection obligations. See Section 10 for a full list.
- Professional advisors: Attorneys, accountants, and insurers where necessary for legal, compliance, or business purposes.
- Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and give you an opportunity to opt out before such transfer takes effect.
- Legal requirements: We may disclose information if required by law, subpoena, court order, or regulatory authority, or to protect the rights and safety of Proton RCM, its clients, or the public.
We do not sell, rent, or trade your personal information to any third party for their own marketing purposes.
05 HIPAA & Protected Health Information
Critical Distinction
This website is a business marketing site. You should not — and are not able to — submit any patient PHI, medical records, claim data, or individually identifiable health information through any form on this site. No PHI is collected here.
If Proton RCM engages your practice as a revenue cycle management service provider, we will act as a Business Associate under HIPAA. All PHI we access in that capacity is governed exclusively by the executed Business Associate Agreement between Proton RCM and your practice — not this Privacy Policy.
Our BAA includes provisions covering:
- Permitted uses and disclosures of PHI
- Safeguards to prevent unauthorized use or disclosure
- Breach notification obligations
- Sub-contractor compliance obligations
- Return or destruction of PHI upon contract termination
To request a copy of our standard BAA, contact us at protonrcm@gmail.com or visit our BAA Request page.
06 Cookies & Tracking Technologies
We use cookies and similar technologies to operate and improve our website. Here is a summary of what we use and why:
| Category | Purpose | Examples |
|---|---|---|
| Strictly Necessary | Core site functionality; cannot be disabled | Session state, CSRF tokens |
| Analytics | Understand how visitors use our site; anonymized where possible | Google Analytics 4 |
| Marketing / Advertising | Measure ad campaign effectiveness; retargeting | Google Ads, Meta Pixel (if enabled) |
| Functional | Remember preferences (e.g. reduced motion) | localStorage preferences |
You can control cookies through your browser settings. Disabling non-essential cookies will not affect your ability to use the site or submit inquiry forms. A cookie consent banner is displayed on your first visit where required by applicable law.
We honor browser-level Do Not Track (DNT) signals where technically feasible.
07 Data Retention
We retain personal information collected through this website for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law.
- Inquiry and form data: Retained for up to 24 months from the date of submission, or until you request deletion, whichever is earlier.
- Analytics data: Retained per the default or configured retention settings of the analytics provider (typically 14 months for GA4).
- Email communications: Retained for up to 36 months for audit and relationship management purposes.
After the applicable retention period, information is securely deleted or anonymized. You may request earlier deletion at any time — see Section 9.
08 Security
We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information we hold, including:
- TLS/HTTPS encryption for all data transmitted to and from this website
- Access controls limiting who within our organization can access contact and inquiry data
- Vendor due diligence to confirm that third-party processors maintain appropriate security standards
- Regular review of our data handling practices
No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to responding promptly to any suspected breach and notifying affected individuals as required by law.
09 Your Rights & Choices
Depending on your location, you may have the following rights with respect to your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete information.
- Deletion: Request deletion of your personal information, subject to legal obligations we may have to retain it.
- Opt-out of marketing: Unsubscribe from marketing emails at any time using the link in any email we send, or by contacting us directly.
- Data portability: Request a structured, machine-readable copy of information you have provided to us.
- Withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
California residents may have additional rights under the California Consumer Privacy Act (CCPA / CPRA), including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information as defined under the CCPA.
To exercise any of these rights, contact us at protonrcm@gmail.com. We will respond within 30 days. We may need to verify your identity before processing your request.
10 Third-Party Services
Our website uses the following third-party services that may process your information:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Analytics 4 | Website usage analytics | policies.google.com |
| Google Tag Manager | Tag and tracking management | policies.google.com |
| Forminit / Form Processor | Form submission handling | forminit.com |
| Google Fonts | Web typography delivery | policies.google.com |
| Cloudflare CDN | Icon library delivery (Font Awesome) | cloudflare.com |
These providers are contractually bound to process data only on our behalf and per our instructions, except where required by law. We recommend reviewing their individual privacy policies for further detail.
11 Children's Privacy
Our website and services are directed exclusively to healthcare professionals, practice administrators, and business decision-makers. We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have inadvertently collected information from a minor, we will delete it promptly. If you believe a minor has submitted information through our site, contact us at protonrcm@gmail.com.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will update the "Last Updated" date at the top of this page. For material changes, we will provide more prominent notice (such as a banner on the homepage or email notification to recent inquirers).
Your continued use of our website after any update constitutes your acceptance of the revised Policy.
13 Contact Us
For questions, concerns, or rights requests related to this Privacy Policy, reach out to our operations team directly:
Privacy Inquiries
We aim to acknowledge all privacy requests within 48 hours and resolve them within 30 days. For BAA-related requests, we respond within 1 business day.