Privacy Policy
Effective Date: May 3, 2026 · RadTracker, LLC · radtracker.org
1. Who We Are
RadTracker, LLC is a Virginia limited liability company that provides radiology practice management software, including scheduling, productivity tracking, and compensation-related tools. Questions about this policy may be directed to legal@radtracker.org.
2. Information We Collect
Depending on how your practice uses the Services, we may process categories of information such as:
- Account information: name, email address, role (for example administrator, radiologist, or viewer), and related authentication identifiers needed to operate your account.
- Productivity and operations data: work relative value units (wRVUs), CPT codes, modality, timestamps, and similar operational metrics. Where sourced from clinical workflows, we treat such data in accordance with Section 3 and aim to retain only de-identified metrics as described there.
- Event and audit logs: security-relevant and administrative events to support accountability, troubleshooting, and compliance.
- Usage data: technical information such as device type, app version, and interaction patterns used to maintain and improve the Services.
3. How We Handle PHI
RadTracker is not a clinical diagnosis application. When integrations or imports could expose identifiers, we apply technical controls designed to reduce risk, including a PHI scrubber intended to remove patient identifiers before storage where applicable. Accession numbers are hashed, and we strive to store only de-identified metrics needed for productivity and operations. We execute Business Associate Agreements (BAAs) with covered entity customers and appropriate agreements with infrastructure providers where PHI may be processed.
4. How We Use Your Information
We use information to provide and operate the Services, including productivity tracking, scheduling, compensation workflows, push notifications you or your practice enable, platform improvement, and customer support. We do not sell your personal information and we do not use it for third-party advertising.
5. Information Sharing
Information may be visible within your practice according to role and permissions (for example, administrators may access group-level operational data). We share data with service providers that help us run the Services, such as Supabase, Vercel, and Amazon Web Services, under contracts that include data protection commitments (for example, DPAs) appropriate to the processing. We may also disclose information when required by law or to protect the rights, safety, and integrity of RadTracker, our customers, and the public.
6. Data Security
We implement administrative, technical, and organizational measures designed to protect information, including TLS 1.2+ for data in transit, encryption at rest where supported by our infrastructure, row-level security and access controls in the product data layer, AES-256-GCM for stored SFTP-related secrets where applicable, and encrypted secure storage for certain mobile tokens on supported devices. No method of transmission or storage is completely secure; we work to apply reasonable safeguards for our architecture.
7. Data Retention
We retain information while your practice's subscription is active and as needed to provide the Services and meet legal obligations. Following termination, we will delete or de-identify customer data in accordance with your agreement and applicable law, and in many cases within 30 days of termination upon written request, unless a longer period is required by law or contract.
8. Push Notifications
With your permission and your practice's configuration, we may send push notifications related to scheduling, coverage, productivity, and similar operational topics. You can disable push notifications at any time through your device settings or in-app controls where available.
9. Children's Privacy
The Services are not directed to individuals under 18, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps.
10. Your Rights
Subject to your role, your practice's policies, and applicable law, you may have rights to access, correct, or delete certain information. To exercise these rights or ask questions, contact legal@radtracker.org. We will respond consistent with applicable law and verify requests as appropriate.
11. California Privacy Rights (CCPA)
We do not sell personal information as defined by the California Consumer Privacy Act (CCPA). California residents may have additional rights regarding access, deletion, and correction. To submit a request, contact legal@radtracker.org.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Services (for example, in the application) and/or by email to administrators, as appropriate, before the changes take effect unless notice is not required by law.
13. Contact Us
RadTracker, LLC
Email: legal@radtracker.org
Website: radtracker.org