IntakeDesk badgeIntakeDeskbyRheumera

Privacy Policy

Last Updated: December 3, 2025

IntakeDesk (“IntakeDesk,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals who visit our websites and use our products and services (collectively, the “Services”). This Privacy Policy describes how we collect, use, disclose, and safeguard Personal Data in connection with the Services.

HIPAA/PHI: When our Services are used by or on behalf of a HIPAA Covered Entity or Business Associate to process Protected Health Information (“PHI”), the Business Associate Agreement (BAA) governs our use and disclosure of PHI. This Privacy Policy applies to other Personal Data we process outside of a signed BAA context.

1. Information We Collect

  • Account & Contact Data: name, email address, phone, organization, role, and credentials you provide when you create an account, request a demo, or communicate with us.
  • Customer Content & Files: documents and data you upload to the Services (e.g., referral PDFs and related metadata). Ownership remains with you or your organization.
  • Device & Usage Data: IP address, browser/OS, device identifiers, pages viewed, and interactions for security, analytics, and service improvement.
  • Cookies & Similar Technologies: we use cookies and similar tools for authentication, preferences, analytics, and to improve the user experience. See “Cookies & Tracking” below.

2. How We Use Information

  • to provide, operate, secure, and improve the Services;
  • to authenticate users, prevent fraud/abuse, and enforce policies;
  • to provide customer support and respond to inquiries;
  • to analyze usage and develop new features and enhancements;
  • to send service-related notices and, with your consent where required, marketing communications;
  • to comply with legal obligations and protect our rights and those of our users.

3. Legal Bases for Processing (EEA/UK)

Where applicable, we process Personal Data under one or more of the following legal bases: (a) performance of a contract; (b) legitimate interests (e.g., security, improvement, support); (c) compliance with legal obligations; and (d) consent (e.g., certain marketing or cookies).

4. How We Share Information

  • Service Providers / Subprocessors: third parties that help us host, operate, support, or secure the Services. We require appropriate confidentiality, security, and privacy commitments.
  • Legal / Safety: disclosures to comply with law, respond to lawful requests, or protect rights, safety, and security.
  • Business Transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate protections.
  • We do not sell Personal Data and do not share it for cross-context behavioral advertising as defined by certain privacy laws.

5. Security

We implement administrative, technical, and physical safeguards designed to protect Personal Data. However, no method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for configuring the Services appropriately for your use case.

6. Data Retention

We retain Personal Data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Where retention is based on your organization’s configuration or a BAA/DPA, we follow those terms.

7. International Data Transfers

We may process data in the United States and other countries. Where required, we use appropriate safeguards for cross-border transfers, such as Standard Contractual Clauses or other lawful mechanisms.

8. Your Privacy Rights

  • Access, Correction, Deletion: you may request access to, correction of, or deletion of your Personal Data. Where the Services are provided to your employer or provider, we may redirect requests to that organization (the controller).
  • EEA/UK/Swiss Individuals: additional rights may include portability and objection/restriction to processing. You may lodge a complaint with a supervisory authority.
  • U.S. State Laws (e.g., CA/VA/CO/CT/UT): depending on your state, you may have rights to access, delete, correct, and opt out of certain processing. We do not sell Personal Data or share it for cross-context behavioral advertising.
  • To exercise rights, contact privacy@intakedesk.co. We may need to verify your identity and, when applicable, your authority to act for another person.

9. Cookies & Tracking

We use cookies, local storage, and similar technologies to keep you signed in, remember preferences, measure performance, and improve the Services. You can control cookies through your browser settings. Some features may not function properly without certain cookies.

10. Children’s Privacy

The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect Personal Data from children without appropriate consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced by updating the “Last Updated” date and, where appropriate, by additional notice. Your continued use of the Services after changes become effective signifies your acceptance.

12. Contact Us

If you have questions about this Privacy Policy, please contact privacy@intakedesk.co. For legal notices, you may also write to our registered office—contact us for the current address.