Privacy Policy

1. Introduction

EZVFC ("we," "our," or "us") operates the EZVFC mobile application and website at ezvfc.net (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

EZVFC is a VFC (Vaccines for Children) inventory management platform designed for healthcare providers. Because our Service handles Protected Health Information ("PHI") as defined under HIPAA, we are committed to the highest standards of data privacy and security.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account & Organization Information

• Name, email address, and password for account registration
• Organization name, clinic location(s), and NPI number
• Role and permissions within your organization

2.2 Patient & Health Information

To provide vaccine administration tracking, we collect and store patient information you enter into the Service, which may include:

• Patient name, date of birth, and contact information
• Vaccine administration records (lot numbers, dates, dosages, routes)
• VFC eligibility status
• Vaccine Information Statement (VIS) delivery records

This information constitutes Protected Health Information ("PHI") under HIPAA and is handled accordingly.

2.3 Inventory & Usage Data

• Vaccine inventory records (NDC codes, lot numbers, expiration dates, quantities)
• Audit and reconciliation logs
• Barcode scan activity and waste documentation

2.4 Technical & Device Information

• Device type, operating system, and app version
• IP address and general location (city/region level)
• App usage analytics (pages viewed, features used, session duration)
• Push notification tokens (for iOS push notification delivery)
• Crash reports and error logs

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process vaccine administration records and maintain inventory counts
• Generate compliance and reconciliation reports
• Send push notifications and alerts (e.g., low stock, expiration warnings)
• Authenticate users and enforce role-based access controls
• Respond to support requests and communicate service updates
• Monitor for security threats and prevent unauthorized access
• Comply with applicable legal and regulatory obligations (including HIPAA)

We do not sell, rent, or share your data — including PHI — with third parties for marketing or advertising purposes.

4. HIPAA Compliance

EZVFC acts as a Business Associate under HIPAA for Covered Entities that use our Service. We enter into a Business Associate Agreement ("BAA") with each Covered Entity customer. Our data practices for PHI are governed by HIPAA's Privacy Rule, Security Rule, and Breach Notification Rule.

Key safeguards include:

• Encryption of PHI in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access control limiting PHI access to authorized personnel
• Audit logging of all PHI access and modifications
• Breach notification procedures compliant with HIPAA requirements

5. Information Sharing & Disclosure

We may share your information with:

• Service Providers: Trusted third-party vendors who assist in operating the Service (e.g., cloud hosting, authentication, analytics) under appropriate data processing agreements.
• Your Organization: Administrators within your organization have access to data entered by users in their account.
• Legal Requirements: When required by law, court order, or governmental authority.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.

6. Data Retention

We retain account and health-related data for as long as your organization maintains an active account with us, and for a period thereafter as required by applicable law or as specified in your Business Associate Agreement. You may request deletion of your account data by contacting us at the address below.

7. Push Notifications

The EZVFC iOS app may send push notifications for inventory alerts (low stock, expiring vaccines) and other Service-related updates. You can manage notification preferences in your device's Settings app or within the EZVFC app at any time. Disabling notifications does not affect your access to the Service.

8. Children's Privacy

The EZVFC Service is intended for healthcare professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children under 13. Patient records for minor patients are handled as PHI under HIPAA and are accessible only to authorized clinicians.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and associated data
• Object to or restrict certain processing activities
• Data portability (receive a copy of your data in a machine-readable format)

To exercise these rights, please contact us at privacy@ezvfc.net. Note that certain requests may be subject to legal obligations (e.g., HIPAA record retention requirements).

10. Security

We implement industry-standard technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice in the app prior to the change becoming effective. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: