Privacy Policy

Last Updated: 2026-03-06

BxConnect LLC ("BxConnect," "we," "us," or "our") operates the BxConnect platform, including our website, web application, and mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

Personal Information

When you create an account or use our Service, we may collect:

  • Name, email address, and phone number
  • Account credentials (managed securely through our authentication provider)
  • Organization and role information
  • Billing and payment information (processed securely by Stripe; we do not store full payment card numbers)

Behavioral and Health-Related Data

The core function of BxConnect involves collecting and managing behavioral and health-related data, which may include:

  • Patient or client names, dates of birth, and demographic information
  • Behavioral goals, session notes, and data collection records
  • ABC (Antecedent-Behavior-Consequence) observations
  • Incident reports and behavioral assessments
  • Treatment plans and progress data

This data may constitute Protected Health Information (PHI) under HIPAA. See Section 3 for how we handle PHI.

Usage Data

We automatically collect certain information when you use the Service, including:

  • IP address and browser type
  • Pages visited, features used, and time spent on the Service
  • Referring URLs and search terms

Device Information

When using our mobile application, we may collect:

  • Device type, operating system, and version
  • Unique device identifiers
  • Mobile network information

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your subscription
  • Authenticate your identity and manage account access
  • Facilitate behavioral data collection and goal tracking
  • Send you important notices, such as changes to our terms or policies
  • Respond to your requests, comments, or questions
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues or security threats
  • Comply with legal obligations

3. HIPAA Compliance & Protected Health Information

BxConnect is designed to support HIPAA-compliant workflows for covered entities and their business associates. When the Service is used by or on behalf of a healthcare provider or other HIPAA-covered entity:

  • We act as a Business Associate under HIPAA and will enter into a Business Associate Agreement (BAA) upon request
  • PHI is encrypted both at rest and in transit
  • Access to PHI is controlled through role-based permissions and row-level security at the database level
  • We maintain audit logs for access to PHI
  • We do not use PHI for marketing or advertising purposes
  • We do not sell PHI to third parties

For users outside of a formal clinical setting (e.g., families using the platform independently), behavioral data collected may not constitute PHI under HIPAA. Regardless, we apply the same security safeguards to all user data.

4. Third-Party Services

We use the following third-party services to operate the platform. Each has its own privacy policy governing the use of your information:

  • Auth0 (by Okta) — Authentication and identity management. Auth0 processes your login credentials and authentication tokens. Auth0 does not have access to your behavioral or health-related data.
  • Stripe — Payment processing. Stripe processes your payment information for subscription billing. We do not store your full credit card number. Stripe is PCI DSS Level 1 certified.
  • Amazon Web Services (AWS) — Cloud hosting and infrastructure. Our application, database, and files are hosted on AWS in the United States. AWS provides the underlying infrastructure with SOC 2, ISO 27001, and HIPAA-eligible services.

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption at rest: All data stored in our database is encrypted using AES-256 encryption
  • Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2 or higher
  • Row-level security: Database-level access controls ensure that users can only access data within their authorized scope
  • Access controls: Role-based permissions with granular, tiered access (organization-wide, assigned patients, and authored content)
  • Secure authentication: Multi-factor authentication support through Auth0
  • Infrastructure security: Hosted on AWS with VPC isolation, security groups, and encrypted storage

While we strive to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Children's Privacy

BxConnect is designed for use by adults (clinicians, caregivers, and parents) to collect behavioral data about minors in their care. The platform is not intended for direct use by children under the age of 13.

  • We do not knowingly collect personal information directly from children under 13
  • Behavioral data about minors is entered by authorized adult users (parents, caregivers, or clinicians)
  • Parents and guardians maintain control over their child's data and can request access, correction, or deletion at any time
  • In clinical settings, data about minors is managed under the supervision of the treating clinician and is subject to applicable healthcare privacy laws

If you believe we have inadvertently collected personal information from a child under 13, please contact us at support@bxconnect.net and we will promptly delete such information.

7. Data Retention & Deletion

  • Active accounts: We retain your data for as long as your account is active and as needed to provide the Service
  • After cancellation: Upon account cancellation, we will retain your data for a reasonable period to allow for reactivation, after which it will be securely deleted
  • Deletion requests: You may request deletion of your account and associated data at any time by contacting support@bxconnect.net
  • Legal retention: We may retain certain information as required by law, for legitimate business purposes, or to resolve disputes
  • Backup data: Copies of your data may persist in our backup systems for a limited period after deletion from production systems

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Data portability: Request a copy of your data in a structured, machine-readable format
  • Restriction: Request that we restrict processing of your information in certain circumstances
  • Objection: Object to our processing of your information in certain circumstances

To exercise any of these rights, please contact us at support@bxconnect.net. We will respond to your request within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to delete: You may request that we delete your personal information, subject to certain exceptions
  • Right to opt-out: You have the right to opt out of the sale of your personal information. We do not sell your personal information.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights

To make a CCPA request, please contact us at support@bxconnect.net.

10. Cookies & Analytics

Our website and Service may use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Understand how you use the Service to improve our offering

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

We do not currently use third-party analytics or advertising tracking services on the platform. If this changes, we will update this policy accordingly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date at the top of this page.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

BxConnect LLC
Email: support@bxconnect.net