DashboardHC Privacy Policy

Last Updated: December 2025

This Privacy Policy ("Policy") describes how Data Services Partners, the operator of the DashboardHC platform ("DashboardHC", "we", or "us") collects, uses, and safeguards information in connection with:

• The DashboardHC analytics platform, including any associated mobile or web applications, APIs, and related systems (the "Platform"), and
• The public DashboardHC website and related online pages (the "Website").

DashboardHC provides enterprise analytics and reporting services to skilled nursing and assisted living operators and other healthcare organizations in the United States (each a "Customer"). We do not provide services directly to individual consumers or patients.

When a Customer has entered into a SaaS Services Agreement and Business Associate Agreement with DashboardHC (together, the "Customer Agreements"), those agreements govern DashboardHC's processing of Customer Data, including Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA"). If there is any conflict between this Policy and the Customer Agreements, the Customer Agreements control.

1. Scope and Roles

Website Visitors

You are a Website Visitor when you visit or interact with our public Website (for example, to learn about our services or submit a contact form). We do not intend to collect PHI through the public Website.

Platform Users

You are a Platform User when you access the Platform on behalf of a Customer. Platform Users are provisioned by, or at the direction of, the Customer. We process Customer Data, which may include PHI, as a business associate to the Customer and only as permitted by the Customer Agreements.

2. Key Definitions

• Customer – The organization that has executed the Customer Agreements with DashboardHC.
• Customer Data – Data that a Customer or its users submit to or store in the Platform, which may include PHI and other sensitive information.
• PHI – Protected Health Information as defined by HIPAA.
• Platform – DashboardHC's hosted analytics applications, mobile apps, APIs, and related systems.
• Website – DashboardHC's public-facing website and marketing pages.

3. Information We Collect

3.1 Website Visitors

When you visit the Website, we may collect:

• Log information such as IP address, browser type, pages viewed, and the time and date of your visit.
• Device and usage information such as operating system and general location (e.g., city or region).
• Form information that you choose to submit, such as your name, business email address, organization, and message content.
• Essential cookies or similar technologies that are necessary for basic site functionality and security.

3.2 Platform Users and Customer Data

When you use the Platform as an authorized user of a Customer, we may process:

• User profile information such as name, business email address, username, role, and associated Customer.
• Customer Data that the Customer or its users provide, configure, or transmit to the Platform, which may include PHI from the Customer's systems.
• Authentication and audit logs capturing logins, device and network metadata, access times, and certain in-application actions to support security and compliance.
• Support and operations data such as communications with DashboardHC support, configuration details, and information needed to troubleshoot issues.

All Customer Data, including any PHI, is processed by DashboardHC as a business associate of the Customer and is governed by the Customer Agreements.

4. How We Use Information

4.1 Website Visitors

We use information collected from Website Visitors to:

• Provide, maintain, and secure the Website.
• Respond to inquiries and communicate with you about our services.
• Analyze Website usage trends and improve our Website and communications.
• Comply with applicable laws and enforce our terms.

4.2 Platform Users and Customer Data

We use information processed in the Platform to:

• Provide, operate, and support the Platform and related services for the Customer.
• Authenticate users, enforce access controls, and maintain security and audit logs.
• Configure and deliver analytics, dashboards, and reporting for the Customer.
• Provide training and support to the Customer and its users.
• Comply with legal and regulatory obligations applicable to DashboardHC as a business associate.

DashboardHC does not use PHI for advertising or marketing, does not sell PHI or other personal information, and does not use PHI to train external AI models.

4.3 De-Identified and Aggregated Data

We may use de-identified or aggregated data derived from Customer Data to maintain, analyze, and improve the Platform and related services. When we do so, we implement processes designed to ensure that such data does not identify any individual and, in the case of PHI, meets HIPAA de-identification requirements.

5. Subprocessors and Service Providers

We may engage third-party service providers ("subprocessors") to support hosting, storage, security, logging, customer support, and related functions. Subprocessors that handle Customer Data do so under written agreements that include appropriate confidentiality and security obligations, including HIPAA-required terms where applicable.

A current list of subprocessors used for the Platform is available to Customers upon request.

6. Cookies and Similar Technologies

The Platform uses primarily essential cookies and similar technologies to support authentication, session management, and security. These technologies are not used to serve advertising or to build consumer profiles.

7. Security

DashboardHC maintains administrative, physical, and technical safeguards appropriate for a HIPAA business associate to protect Customer Data processed in the Platform. While we work to protect information, no system can be guaranteed to be 100% secure.

If you become aware of any actual or suspected unauthorized access to the Platform, you should promptly notify your organization's administrator and, if directed, contact DashboardHC using the information below.

8. Data Retention

Retention, return, and destruction of Customer Data, including PHI, are governed by the Customer Agreements and applicable law. We may retain certain configuration data, audit logs, and minimal operational records for security, compliance, and business continuity purposes, consistent with the Customer Agreements.

9. International Use

The Platform is designed and intended for use by Customers located in the United States. Our services are not intended to support cross-border transfers of PHI outside the United States unless expressly addressed in the Customer Agreements.

10. Individual Rights and Requests

For PHI processed in the Platform, individuals typically have certain rights under HIPAA (for example, to access or amend their information). Those rights are exercised through the applicable Covered Entity or Customer. DashboardHC acts as a business associate and will support the Customer in responding to such requests as required by the Customer Agreements and applicable law.

If you are a Website Visitor and would like to request access to or deletion of personal information that you submitted through the Website (where applicable law provides such rights), you may contact us using the information below.

11. Children and Consumer Use

The Website and Platform are directed to business and professional users and are not intended for children under the age of 16 or for use by individual consumers or patients. We do not knowingly collect PHI directly from individual patients acting in a personal capacity through the Website.

12. Changes to This Policy

We may update this Policy from time to time. The "Last Updated" date at the top of this page indicates when this Policy was last revised. Material changes will generally be communicated to Customers through appropriate channels. Your continued use of the Website or the Platform after an updated Policy becomes effective signifies your acknowledgement of the changes.

13. Contact Us

If you have questions about this Policy or how we handle information, please contact us at:

Email: help@dashboardhc.com