Legal

Privacy Policy

Effective date: January 1, 2026 · Last updated: May 2026

Summary: COMPLi collects only what's needed to deliver the service. We do not sell your data. We are HIPAA-compliant, operate under a Business Associate Agreement (BAA) with covered entities, and store data on secure, audited infrastructure.

1. Who We Are

COMPLi is a compliance operating system for skilled nursing facilities (SNFs) and long-term acute care hospitals (LTACs), operated by Compli Group Inc. ("COMPLi," "we," "our," or "us"), a Delaware corporation.

If you have questions about this policy, contact us at support@compli.health.

2. Scope of This Policy

This Privacy Policy applies to:

Our website at compli.health and all subdomains
Our web application at app.compli.health
Any related services, demos, or communications from COMPLi

It does not apply to third-party services linked from our platform. Those services have their own privacy policies.

3. Information We Collect

Account and contact information — Name, email address, job title, facility name, and phone number when you create an account, request a demo, or contact us.

Usage data — How you interact with the platform: pages visited, features used, session duration, and device/browser information. Collected via server logs and analytics tools.

Facility compliance data — Round logs, issue flags, F-Tag records, incident reports, grievances, CAHPS survey responses, and other compliance-related data entered by facility staff. This data is entered and owned by your organization.

Protected Health Information (PHI) — To the extent COMPLi processes PHI on behalf of a covered entity, we do so as a Business Associate under HIPAA. We enter into a BAA with all covered entity customers prior to any PHI processing.

4. How We Use Your Information

To provide, maintain, and improve the COMPLi platform
To authenticate users and secure accounts
To send product updates, support responses, and service notices
To analyze aggregate usage patterns and improve platform performance
To comply with legal obligations and enforce our Terms of Service

We do not use your data for advertising. We do not sell your data to third parties.

5. How We Store and Protect Your Data

COMPLi runs on Google Cloud Platform (GCP) with Cloud Run for compute and Supabase for database services. All data is encrypted at rest and in transit. Access controls are enforced via row-level security policies.

Data is stored in the United States
Access to production data is limited to authorized personnel only
Audit logging is enabled across all data access events
We maintain a formal incident response process

6. HIPAA Compliance

COMPLi is designed to support HIPAA compliance for covered entities and their business associates. We will enter into a Business Associate Agreement (BAA) with any customer that qualifies as a covered entity under HIPAA prior to the processing of any PHI.

If you require a BAA, contact us at support@compli.health before using the platform for PHI-related workflows.

7. Sharing Your Information

We do not sell, rent, or trade your personal information. We may share information with:

Service providers — Infrastructure and technology partners (GCP, Supabase) who process data on our behalf under confidentiality obligations
Legal obligations — When required by law, court order, or to protect the rights and safety of COMPLi, our customers, or the public
Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction

8. Your Rights

Depending on your location, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict certain processing
Data portability

To exercise any of these rights, contact us at support@compli.health. We will respond within 30 days.

9. Cookies and Tracking

Our website uses cookies and similar technologies for authentication, session management, and basic analytics. We do not use third-party advertising cookies. You can control cookie preferences through your browser settings.

10. Data Retention

We retain account and compliance data for the duration of your subscription and for a reasonable period afterward as required by law or for legitimate business purposes. You may request deletion of your data at any time by contacting us.

11. Children's Privacy

COMPLi is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify customers via email or in-app notice.

13. Contact

For privacy-related questions, requests, or concerns:

Email: support@compli.health
Mailing address: Compli Group Inc., [Address], United States