Effective Date: February 8, 2026 — Last Updated: February 8, 2026
Round Table System ("we," "us," or "our") is committed to protecting the privacy and security of your personal information, including your protected health information (PHI). This Privacy Policy explains how we collect, use, store, disclose, and safeguard your information when you use our personal health data management platform and related services (collectively, the "Service").
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Name and email address
- Password (stored in hashed form; we never store plaintext passwords)
- Account preferences and settings
1.2 Health Information
When you connect your healthcare provider accounts through our Service, we retrieve health data on your behalf, which may include:
- Medical history and clinical notes
- Laboratory and diagnostic test results
- Medications, allergies, and immunization records
- Vital signs and health measurements
- Care plans and provider information
- Insurance and coverage information
- Demographic information maintained by your healthcare providers
This health information is retrieved using the HL7 FHIR (Fast Healthcare Interoperability Resources) standard through authorized connections with electronic health record systems, including Epic MyChart and other FHIR-enabled platforms. We only access the data you authorize us to retrieve.
1.3 Usage Information
We automatically collect certain technical information when you use the Service, including:
- Browser type and version
- Device type and operating system
- Pages visited and features used within the Service
- Date and time of access
- IP address (used for security and fraud prevention)
1.4 Information We Do Not Collect
We do not collect biometric identifiers, genetic testing results outside of what is available through your connected health records, or any information from sources you have not explicitly authorized.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service: Displaying your health records, enabling you to track health metrics, and managing your connected provider accounts.
- Account Management: Authenticating your identity, managing your account settings, and communicating with you about your account.
- Security: Detecting and preventing unauthorized access, fraud, and other security threats.
- Service Improvement: Analyzing aggregate, de-identified usage patterns to improve the Service's functionality and user experience.
- Legal Compliance: Meeting our obligations under applicable laws and regulations.
- Support: Responding to your questions, requests, and support inquiries.
3. How We Share Your Information
3.1 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information or health data to third parties for marketing, advertising, or any other commercial purpose. This is a core commitment of our Service.
3.2 Limited Sharing
We may share your information only in the following circumstances:
- At Your Direction: When you explicitly authorize sharing with a specific party, such as a family member or healthcare provider.
- Service Providers: With trusted service providers who assist in operating our Service (such as cloud hosting and infrastructure), bound by contractual obligations to protect your data and use it only for the purposes we specify.
- Legal Requirements: When required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case your information would remain subject to the protections of this Privacy Policy.
3.3 De-identified and Aggregate Data
We may use de-identified or aggregated data that cannot reasonably be used to identify any individual for research, analytics, or service improvement purposes. De-identification is performed in accordance with applicable regulations.
4. Data Storage and Security
4.1 Data Storage
Your data is stored on secure servers within the United States. We use industry-standard cloud infrastructure with comprehensive security certifications.
4.2 Security Measures
We implement technical, administrative, and physical safeguards to protect your information, including:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of data at rest using AES-256 or equivalent
- Access controls and authentication requirements for all system access
- Regular security assessments and monitoring
- Audit logging of access to health information
- Secure software development practices
4.3 Data Retention
We retain your personal information and health data for as long as your account is active or as needed to provide the Service to you. If you delete your account, we will delete or de-identify your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).
5. Your Rights and Choices
You have the following rights regarding your information:
- Access: You can access your personal information and health data at any time through your account.
- Correction: You can request correction of inaccurate personal information. Note that health data sourced from your providers should be corrected at the source.
- Deletion: You can request deletion of your account and associated data at any time.
- Data Export: You can export your health data in standard formats.
- Disconnect Providers: You can disconnect any linked healthcare provider account at any time, which will stop further data retrieval from that provider.
- Withdraw Consent: You can withdraw consent for data processing at any time by deleting your account.
To exercise any of these rights, contact us at privacy@roundtablesystem.com.
6. HIPAA and Health Information
Round Table System acts as a personal health data management tool on your behalf. When you use the Service to access your health records through FHIR-based connections (including Epic MyChart), you are exercising your individual right of access to your own health information under the HIPAA Privacy Rule.
We are committed to handling your health information with the same rigor and care expected of entities subject to HIPAA, including:
- Implementing administrative, physical, and technical safeguards
- Limiting access to health information to authorized purposes
- Maintaining audit trails of data access
- Training personnel who may access health information on privacy and security requirements
- Promptly notifying affected individuals in the event of a data breach involving their health information
7. FHIR and Healthcare Provider Connections
Our Service connects to healthcare provider systems using the HL7 FHIR standard. When you authorize a connection:
- You authenticate directly with your healthcare provider's patient portal (such as Epic MyChart)
- You explicitly grant permission for Round Table System to access specific categories of your health data
- We use OAuth 2.0 authorization flows as specified by the SMART on FHIR standard
- Your provider credentials are never stored by Round Table System; we receive and store only authorization tokens
- You can revoke access at any time through our Service or through your provider's patient portal
8. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. Parents and legal guardians may use the Service to manage health records for their minor dependents.
9. Cookies and Tracking
We use only essential cookies required for the Service to function, including session management and security tokens. We do not use advertising cookies, tracking pixels, or third-party analytics services that track you across other websites.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, for significant changes, by sending an email notification to the address associated with your account. The "Last Updated" date at the top of this page indicates when the policy was most recently revised.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please contact us:
- Privacy Inquiries: privacy@roundtablesystem.com
- General Support: support@roundtablesystem.com
- Mailing Address: Round Table System, Attn: Privacy, Chanhassen, MN 55317
We will respond to privacy-related inquiries within 30 days.