Fayton Consulting
Legal

Privacy Policy

Last updated: April 27, 2026

Fayton Consulting (“Fayton,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our healthcare services platform, websites, and related services (the “Services”).

1. Information We Collect

We collect the following categories of information:

  • Account information: name, email address, phone number, organization affiliation, role, and authentication credentials.
  • Professional information: credentials, licenses, certifications, and onboarding documents submitted as part of HR or credentialing workflows.
  • Operational data: medical coding cases, billing records, invoices, payments, support tickets, chat messages, calendar events, and e-signature submissions you create or are routed through the Services.
  • Protected Health Information (PHI): when applicable, patient information processed in connection with medical coding or billing services. Our handling of PHI is governed by the Health Insurance Portability and Accountability Act (“HIPAA”) and any Business Associate Agreement in effect.
  • Usage and device information: log data, IP addresses, browser type, operating system, referring pages, and pages visited within the Services.
  • Cookies and similar technologies: session cookies for authentication and limited analytics cookies for service improvement.

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Services.
  • Authenticate users and authorize access to organization-scoped data.
  • Process invoices, payments, and other financial transactions.
  • Communicate with you about your account, the Services, and support requests.
  • Detect, investigate, and prevent fraudulent or unauthorized activity.
  • Comply with legal obligations and enforce our agreements.

3. How We Share Information

We do not sell personal information. We share information only as described below:

  • Within your organization: with users authorized by your organization to access the Services.
  • Service providers: with vendors that help us operate the Services (for example, cloud hosting, email delivery, accounting platforms, and analytics providers), bound by contractual confidentiality and security obligations.
  • Legal requirements: when required by law, subpoena, court order, or other valid legal process, or to protect the rights, property, or safety of Fayton, our customers, or others.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality safeguards.
  • With your consent: when you direct us to share information.

4. HIPAA and Protected Health Information

When Fayton acts as a business associate of a covered entity under HIPAA, we handle PHI in accordance with the applicable Business Associate Agreement and the HIPAA Privacy and Security Rules. PHI is not used or disclosed except as permitted by the BAA, by law, or as authorized by the individual.

5. Data Security

We implement technical and organizational safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. Measures include encryption of sensitive fields at rest, encryption in transit, role-based access controls, audit logging, and regular review of access. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain information for as long as necessary to provide the Services, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. Retention periods for PHI are governed by applicable law and the Business Associate Agreement.

7. Your Choices and Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of personal information about you, or to object to certain processing. To exercise these rights, contact us using the details below. Where Fayton processes personal information on behalf of an organization (such as your employer or a covered entity), please direct your request to that organization.

8. Third-Party Services

The Services integrate with third-party providers including, without limitation, Intuit QuickBooks Online (for accounting), Amazon Web Services (for document storage), Supabase (for real-time messaging features), and email delivery providers. Your use of those services is governed by their own privacy policies.

9. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us so we can delete it.

10. International Users

The Services are operated from the United States. If you access them from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Services or by email. The “Last updated” date at the top of this page indicates when the policy was last revised.

12. Contact Us

Questions about this Privacy Policy or our data practices? Contact us at privacy@fayton.net.

Fayton Support

We typically reply within minutes

Hi there! Please share your details and we'll connect you with our team.

Quick questions:

Powered by Fayton Consulting