1. Introduction
Canvas Score (a Roya.com LLC Product) (“we,” “us,” or “our”) is committed to protecting the privacy and security of all individuals and businesses (“Users”) who use our website, mobile app, and related services (the “Services”). Our platform enables businesses, including healthcare providers, to interact securely with their own customers, clients, or patients, which may involve the collection and processing of Personally Identifiable Information (“PII”) and, where applicable, Protected Health Information (“PHI”).
This Privacy Policy explains how we collect, use, share, and protect your information in compliance with applicable privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) where PHI is involved.
By using our Services, you agree to the practices described in this Privacy Policy.
2. Who We Serve
We provide services to various types of businesses, such as:
Healthcare Providers and Covered Entities: Using our platform to securely interact with their patients using PHI and or PII data.
Other Businesses and Organizations: Using our platform to manage customer relationships, communications, and data that may include PII.
For businesses subject to HIPAA, we may act as their Business Associate under the law.
3. Information We Collect
Depending on how you use our Services, we may collect:
a. Personal Information (PII):
Name, address, email, phone number
User account credentials
Billing and payment information for Business users
Business contact details
b. Protected Health Information (PHI):
Health-related data provided by or for Healthcare Providers and their patients
Communications between Providers and patients through the platform
c. Automatically Collected Information:
IP address, browser type, device identifiers
Cookies and similar technologies to improve your experience
Usage logs and interactions with our Services
4. How We Use Your Information
We may use PII and PHI to:
Provide, operate, and maintain our Services for businesses and their end users
Facilitate secure communication and messages between businesses and their customers
Process payments, manage accounts, and provide customer support
Communicate updates, respond to requests, and improve our Services
Meet legal and regulatory requirements, including HIPAA when applicable
Protect the rights, security, and integrity of our systems and Users
5. Our HIPAA Compliance
When handling PHI on behalf of Covered Entities or other HIPAA-regulated customers, we:
Enter into Business Associate Agreements (BAAs) as required
Implement appropriate administrative, physical, and technical safeguards to protect PHI
Limit the use and disclosure of PHI to the minimum necessary for permitted purposes
Promptly notify Covered Entities of any unauthorized use or disclosure of PHI in accordance with HIPAA Breach Notification Rules
Businesses that use our Services remain responsible for their own HIPAA compliance, including obtaining any necessary patient consents or authorizations.
6. How We Share Your Information
We may share your information:
As instructed by the business you interact with, to provide Services to their customers
With trusted third-party vendors who support our operations under confidentiality and data protection agreements consistent with HIPAA, if applicable
When required by law, regulation, subpoena, or legal process
To protect our rights, safety, or property, or that of others
With your explicit consent, when applicable
We do not sell PII or PHI to third parties.
7. Data Security
We maintain reasonable and appropriate administrative, physical, and technical safeguards to protect PII and PHI, including:
Encryption of data at rest and in transit
Access controls and authentication
Monitoring, audits, and regular security training
Incident response procedures for data breaches
However, no system is completely secure, and we cannot guarantee absolute security.
8. End Users’ Rights
Depending on your role and applicable laws, your rights may include:
Accessing or requesting copies of your information
Requesting corrections or updates
Requesting restrictions on certain uses or disclosures
Receiving an accounting of certain disclosures
For PHI, filing a complaint with your Provider or the U.S. Department of Health and Human Services (HHS)
End users (such as patients or customers) should generally contact the business or healthcare provider you interact with to exercise these rights.
9. Cookies and Tracking
We use cookies and similar technologies to:
Improve user experience and functionality
Analyze usage trends and performance
Manage user sessions and security
You can control cookie settings through your browser, but disabling cookies may limit some features of the Services.
10. Third-Party Providers
Our Services may contain content or links from third-party websites or services. We are not responsible for their privacy practices or content. Please review those third parties’ privacy policies separately.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated “Effective Date.” Your continued use of the Services means you accept the revised Privacy Policy.
12. Disclaimer of Warranties and Limitation of Liability
You expressly acknowledge and agree that your use of our services is at your sole risk. All services are provided “as is” and “as available,” without any warranty of any kind, whether express or implied, including but not limited to any implied warranties of merchantability, fitness for a particular purpose, non-infringement, or course of performance. We do not warrant that the services will be uninterrupted, nor error-free at all times.
To the fullest extent permitted by law, you agree to indemnify, defend, and hold harmless Roya.com LLC, its affiliates, officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, and expenses, including reasonable attorneys’ fees, arising out of or in any way connected with your access to or use of the services.
You agree that Roya.com LLC will not be responsible or liable for any direct, indirect, incidental, consequential, special, exemplary, or punitive damages, including but not limited to loss of profits, goodwill, use, data, or other intangible losses, even if we have been advised of the possibility of such damages.
13. Contact Us
If you have questions about this Privacy Policy, your information, or our privacy practices, please contact us:
Email: support@roya.com
