Privacy policy.

§ 01

Information we collect.

We collect information you provide directly when you contact us, request an engagement, or send a research inquiry — typically your name, email address, firm name, and role. We also collect standard usage data through web analytics, including pages visited, browser type, and IP address. During an active engagement, we receive 837 claims files, 835 remittance advice files, and payer contracts from the engaging firm or the target practice as specified in the engagement letter.

§ 02

How we use information.

We use the information we collect to respond to inquiries, deliver engagement services, improve our products, send updates with your consent, and comply with legal obligations. We do not sell personal information to third parties. We do not use personal information for targeted advertising.

§ 03

Healthcare data and protected health information.

CAPE processes claims data on behalf of our engaging firms under fully executed Business Associate Agreements. Claims and remittance files received during an engagement are stored on HIPAA-compliant infrastructure with AES-256 encryption at rest and TLS encryption in transit, accessible only to authorized engagement personnel.

Engagement data is retained for the duration of the engagement and the contractually specified post-close monitoring period. Upon termination, data is either returned to the engaging firm or destroyed according to the terms of the engagement letter. We do not aggregate, anonymize, or re-purpose patient-level data across engagements.

§ 04

Data security.

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, audit logging, and regular security reviews. Access to engagement data is limited to authorized personnel on a need-to-know basis. Full security documentation is available to engaging firms upon request under appropriate confidentiality terms.

§ 05

Cookies and analytics.

We use strictly necessary cookies to operate this website. With your consent, we use analytics cookies to understand aggregate usage patterns. You can disable analytics cookies at any time through your browser settings without affecting site functionality.

§ 06

Spam protection.

We use Cloudflare Turnstile to protect our contact form from automated abuse. When you visit a page containing the form, Cloudflare collects information necessary to distinguish human visitors from bots, including your IP address and limited environmental signals from your browser. This information is processed by Cloudflare on our behalf and is governed by Cloudflare’s Turnstile Privacy Policy. Turnstile is configured to run invisibly and does not display a challenge unless a visitor’s session is flagged as suspicious.

§ 07

Third-party services.

We use a limited set of third-party service providers for hosting, analytics, and operational infrastructure. Each is contractually required to protect data on our behalf and may process it only as directed by Crescent. We do not share engagement data with any third party beyond what is required to deliver the service, and only under appropriate data-protection agreements.

§ 08

Your rights.

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data. To exercise these rights, contact us at privacy@crescentintel.com. We respond to verified requests within 30 days.

§ 09

Changes to this policy.

We may update this Privacy Policy periodically as our services or applicable law evolves. We will notify engaged firms of material changes by email and post a revised date at the top of this page. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

§ 10

Contact.

Questions about this policy can be directed to privacy@crescentintel.com or by mail to Crescent Intelligence, Inc., attention: Privacy Team.