Privacy Policy

This Privacy Policy applies to ScoliBase portal experiences, patient and guardian registration, secure workflows, support interactions, and related services that refer to this policy.

ScoliBase supports intake, care coordination, appointment workflows, uploaded documents and imaging, secure messaging, brace tracking, and related scoliosis care operations.

We may collect account information such as name, email address, phone number, guardian information, and login credentials.

We may collect health-related information and PHI, including intake forms, uploaded imaging, treatment or care-coordination data, messaging data, brace tracking data, and appointment details.

We may also collect technical information such as IP address, browser and device information, session state, login activity, and error or security logs.

Usage and operational analytics may include page interactions, feature usage, workflow completion patterns, and platform performance metrics.

Information may be used for healthcare operations, care coordination, scheduling, patient and guardian communications, security monitoring, platform improvement, analytics, and legal or regulatory compliance.

ScoliBase is designed to support reasonable administrative, technical, and physical safeguards for PHI where HIPAA applies. PHI handling may also be governed by the applicable Notice of Privacy Practices.

Information may be shared with authorized staff, providers, and guardians, with vendors supporting the service under appropriate agreements where applicable, to satisfy legal requirements, or in limited emergency and safety situations as permitted by law.

ScoliBase may use authentication and session cookies, security and CSRF-related cookies, preference cookies, and analytics or performance cookies where enabled.

These technologies help maintain signed-in sessions, support secure access, understand performance, and improve product reliability. Disabling certain cookies may affect sign-in or service functionality.

Security controls may include encryption, access controls, monitoring and logging, session protections, and MFA-related safeguards where enabled. No internet-based service can guarantee absolute security or uninterrupted availability.

Depending on applicable law and workflow context, users may request access to certain information, request corrections, manage communication preferences, or request account deletion subject to retention and legal obligations. HIPAA-related rights may also apply.

Information is retained for as long as reasonably necessary for account administration, care coordination, security, compliance, audit, backup, dispute resolution, and legal obligations. Retention schedules may differ by record type.

ScoliBase may support guardian-managed accounts. Minor access, guardian responsibilities, and consent obligations are subject to platform workflow requirements and applicable law.

Marketing communications, if used, are separate from healthcare-operational or security communications. Users may opt out of marketing messages where applicable.

Privacy, security, and support questions should be directed to the designated ScoliBase contact channels published by the organization.