Legal

Privacy Policy

Last updated: June 2026

⚠ This is a draft privacy policy provided for informational purposes. It has not been reviewed by legal counsel. Roundmark recommends consulting a qualified attorney before using this document in a commercial context, particularly given the sensitive nature of health-related data.

1. Overview

Roundmark ("we," "us," or "our") operates a client observation and wellness round tracking platform for residential behavioral health and recovery facilities. This Privacy Policy describes how we collect, use, store, and protect information when your facility uses our service.

2. Information We Collect

We collect the following types of information:

Facility information: Organization name, timezone, and operational settings.
Staff information: Names, email addresses, roles, and permissions for users you create within the platform.
Client observation records: Names, dates of birth, bed assignments, check logs including timestamps, staff names, locations, and observation notes entered by your staff.
Usage data: Authentication events, session activity, and system logs used to operate and improve the service.

3. How We Use Information

We use the information collected solely to:

Provide and operate the Roundmark platform for your facility.
Send SMS and email alerts to designated staff regarding check schedules.
Generate reports and logs used by your facility for documentation and compliance.
Maintain the security and integrity of the platform.

We do not sell, share, or disclose your data to third parties except as described in this policy or required by law.

4. Third-Party Services

Roundmark uses the following third-party services to operate:

Twilio: Used to deliver SMS alert notifications to staff. Message content may include client names and check status. Twilio's privacy policy governs data processed through their platform.
Resend: Used to deliver transactional email notifications. Resend's privacy policy governs data processed through their platform.
Railway: Our hosting infrastructure. Application data is stored on Railway-managed servers. Railway's privacy policy governs their data handling practices.

5. Data Storage and Security

All data is stored in a managed PostgreSQL database hosted on Railway's infrastructure. We implement reasonable technical safeguards including encrypted connections (HTTPS/TLS), hashed passwords, and session-based authentication. However, no system is completely secure, and we cannot guarantee absolute data security.

6. HIPAA and Sensitive Health Data

Roundmark may process information that qualifies as Protected Health Information (PHI) under HIPAA if used in a covered healthcare setting. Facilities subject to HIPAA obligations are responsible for ensuring they have appropriate agreements and safeguards in place. Please contact us to discuss a Business Associate Agreement (BAA) if required by your organization.

7. Data Retention

We retain facility and client data for as long as your account remains active. Upon account termination, data may be retained for up to 90 days before permanent deletion, unless you request earlier deletion in writing.

8. Your Rights

Facility administrators may request access to, correction of, or deletion of their facility's data by contacting us directly. We will respond to reasonable requests within 30 days.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify active facilities of material changes via email. Continued use of the platform after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this Privacy Policy can be directed to:
Roundmark
hello@getroundmark.com