Privacy policy

StreamForma ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website streamhealth.co (the "Site") or use our services.

StreamForma operates as an authorized partner of MedSync Corp to provide healthcare revenue optimization services, including medical record consolidation and gap-in-care analysis solutions to healthcare providers.

Our Business Address: StreamForma, c/o Business Operations, Costa Mesa, CA 92626, United States

• Service Delivery: Provide and deliver our healthcare revenue optimization services, Process and respond to your inquiries and service requests, Schedule and conduct Founder Q&A sessions and consultations, Facilitate communication between you and MedSync Corp service providers, Provide customer support and technical assistance
  

• Business Operations: Maintain and improve our Site and services, Develop new features and offerings, Conduct research and analysis on healthcare market trends, Monitor and analyze usage patterns and service performance, Ensure compliance with legal and regulatory requirements, Protect against fraud, abuse, and security threats
  

We may share your information in the following circumstances: (4.1) Service Provider (MedSync Corp): We share your information with MedSync Corp (3540 Toringdon Way, Ste #200, Charlotte, NC 28277) to deliver medical record consolidation and gap-in-care analysis services. (4.2) Business Partners: 7Streams for commission tracking, authorized referral partners (with consent). (4.3) Service Providers: Google Workspace, Instantly.ai, Attio (CRM), Webflow, Google Analytics, LinkedIn Ads, Typeform, Calendly, Canva Pro, Notion, Stripe. (4.4) Legal Obligations: Comply with legal processes, enforce Terms of Use, prevent fraud. (4.5) Business Transfers: In event of merger or acquisition. (4.6) With Your Consent.

StreamForma operates as a Business Associate under HIPAA and HITECH Act. We DO NOT collect, access, or process Protected Health Information (PHI) from individual patients. We DO collect business information from healthcare providers (covered entities). MedSync Corp acts as the Business Associate for medical record consolidation services. When healthcare providers engage our services, they enter into a Business Associate Agreement (BAA) with MedSync Corp, ensuring HIPAA compliance. For HIPAA inquiries: privacy@StreamForma.co | Phone: +1 888-668-9087

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights: Right to Know (request disclosure of personal information we have collected), Right to Delete (request deletion of personal information), Right to Correct (request correction of inaccurate information), Right to Opt-Out (we do not sell personal information), Right to Non-Discrimination. To exercise your California rights: Email: privacy@StreamForma.co | Phone: +1 888-668-9087 | Mail: StreamForma, Attn: Privacy Rights Request, Costa Mesa, CA 92626. We will respond within 45 days.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Privacy Policy on this page and update the Last Updated date at the top. For material changes, we will notify you via email (to the address associated with your account) or prominent notice on our Site. Your continued use of our Site and services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

We implement industry-standard security measures to protect your information: Technical Controls (Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest; Firewalls, Access Controls with MFA, Intrusion Detection, Vulnerability Management), Organizational Controls (Employee Training, Background Checks, Access Restrictions, Incident Response Plan, Vendor Management, Data Minimization), Physical Controls (Secure Facilities, Device Security, Secure Disposal). Our service provider MedSync Corp maintains SOC 2 Type II Certification and HIPAA Compliance. Despite our security measures, no method of transmission over the internet is 100% secure.

We use cookies and tracking technologies to enhance your experience. Types: Strictly Necessary Cookies (required for Site functionality), Performance/Analytics Cookies (Google Analytics), Functionality Cookies (preferences, settings), Targeting/Advertising Cookies (Google Ads, LinkedIn Insight Tag). Third-party services: Google Analytics (up to 2 years), Google Ads (up to 2 years), LinkedIn Insight Tag (up to 2 years), Calendly (session), Webflow (up to 1 year). You can control cookies through your browser settings. Disabling cookies may affect Site functionality.

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law. Typical retention periods: Contact Information (5 years after last interaction), Lead Inquiry Forms (3 years from submission), Email Communications (7 years), Meeting Recordings (2 years with consent), Website Analytics (26 months Google Analytics default), Contract Records (7 years after contract termination), Marketing Lists (until opt-out or 3 years of inactivity). You may request earlier deletion by contacting privacy@streamhealth.co.

Stream Health is based in the United States, and our service providers operate primarily in the United States. By using our Site and services, you consent to the transfer of your information to the United States. We ensure that international data transfers comply with applicable laws, including Standard Contractual Clauses (SCCs) for transfers to third countries, Adequacy Decisions recognized by relevant authorities, and Data Processing Agreements with all international service providers. If you are located in the EEA, United Kingdom, or Switzerland, you have additional rights under GDPR. Contact: privacy@streamhealth.co

Our Site and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will: Delete the information immediately, Notify the parent or guardian (if contact information is available), Terminate any accounts created by the child. If you believe we have collected information from a child, please contact us at privacy@streamhealth.co

Our Site may contain links to third-party websites, including: MedSync Corp (meetmedsync.com), Industry publications and resources, Partner websites, Social media platforms (LinkedIn). We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal information. Third-party services we link to include: MedSync Corp, LinkedIn (linkedin.com), Google Workspace (google.com).

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: StreamForma Privacy Department | Mailing Address: Stream Health, Attn: Privacy Officer, Costa Mesa, CA 92626, United States | Email: privacy@StreamForma.co | Phone: +1 888-668-9087 | Business Hours: Monday-Friday, 8:00 AM - 6:00 PM Pacific Time | For HIPAA-related inquiries: Email privacy@StreamForma.co with Subject Line: HIPAA Inquiry | For California Privacy Rights requests: Email privacy@StreamForma.co with Subject Line: California Privacy Rights Request | For general inquiries: Email info@StreamForma.co | Phone: +1 888-668-9087 | We will respond to all inquiries within 10 business days. Effective Date: October 8, 2025 | Version: 1.0 | Stream Health Privacy Policy - © 2025 StreamForma. All rights reserved.