Published for transparency while formal governance documents are prepared with counsel. There is no binding effective date until this banner is removed.
shteg.ai is a registered HIPAA clearinghouse and, as such, a covered entity — so this policy is framed to HIPAA obligations for protected health information rather than to a general consumer-SaaS posture. As stated across this site, no real PHI has yet flowed through the system. This draft describes the intended handling of PHI and personal data once live operation, under Business Associate Agreements, begins.
In production, protected health information would be processed only to perform clearinghouse and settlement functions, handled under BAAs, held in a hash-chained audit ledger, and isolated per tenant. Integrations that touch PHI without a BAA in place fail closed. Site-visitor data (the ordinary logs of a marketing website) is separate from PHI and minimal. Specific retention, sharing, and patient-rights language will be finalized in the binding version.
Because this is a draft, the most reliable answer is a direct one. For questions about privacy, PHI handling, or Business Associate Agreements, email us and a human will respond. When the finalized policy is published, this draft banner will come down and an effective date will appear.
Privacy, PHI handling, or a Business Associate Agreement — send a note and a person will respond. No form that posts into a void.