1. Information We Collect

CLIA Lab Citations collects information to provide and improve our services. The types of information we collect include:

1.1 Information You Provide

• Payment Information: When you purchase access to premium features or CSV downloads, payment information is processed securely through Stripe. We do not store your full credit card details on our servers.
• Purchase Records: We store records of your purchases, including state, year, months selected, and purchase timestamps for order fulfillment and customer support.
• Contact Information: Email addresses and other contact information when you communicate with us or request support.
• Session Data: We use browser sessionStorage and localStorage to remember your payment status and unlocked content during your browsing session.

1.2 Automatically Collected Information

• Usage Data: Pages visited, time spent on pages, search queries, filters applied, and interactions with features (maps, tables, downloads)
• Device Information: Browser type, operating system, screen resolution, IP address, and device identifiers
• Location Data: When using map features, we may collect approximate location data based on your IP address or map interactions
• Cookies and Tracking Technologies: We use cookies, localStorage, and sessionStorage to maintain your session, remember preferences, and track analytics
• Google Analytics: We use Google Analytics (via Google Tag Manager) to understand how visitors use our site

1.3 Public Data We Display

CLIA Lab Citations displays publicly available CMS-2567 survey data from the Centers for Medicare & Medicaid Services (CMS). This includes:

• Facility names, addresses, and contact information
• CMS certification numbers and CLIA IDs
• Survey dates, types, and event IDs
• Deficiency tags and summaries
• Lab director names (when available in public records)
• Geocoded location data for mapping features

Note: This data is sourced from public CMS records and is not considered personal information under most privacy regulations, as it relates to business entities and public regulatory records.

2. How We Use Your Information

We use the information we collect to:

• Service Delivery: Provide access to CMS-2567 citation data, search functionality, map visualizations, and CSV downloads
• Payment Processing: Process payments for premium features, CSV downloads, and facility unlocks through Stripe
• Access Control: Track and manage your access to premium content and purchased downloads
• Customer Support: Respond to your inquiries, provide technical support, and assist with order fulfillment
• Analytics and Improvement: Analyze usage patterns to improve our services, fix bugs, and enhance user experience
• Security: Detect and prevent fraud, abuse, and unauthorized access
• Compliance: Meet legal obligations and respond to lawful requests

3. Information Disclosure

We may disclose your information in the following circumstances:

• Payment Processing (Stripe): Payment information is shared with Stripe for secure payment processing. Stripe's privacy policy applies to payment data: https://stripe.com/privacy
• Data Storage (Supabase): Your purchase records and session data are stored securely with Supabase, our database and hosting provider
• Analytics (Google): Usage data is shared with Google Analytics and Google Tag Manager for website analytics. Google's privacy policy applies: https://policies.google.com/privacy
• Mapping Services (Google Maps): When using map features, location data may be shared with Google Maps API for geocoding and map display
• Legal Requirements: We may disclose information if required by law, court order, or in response to valid requests by public authorities
• Business Transfers: Information may be transferred in connection with any merger, sale of assets, or acquisition
• With Your Consent: We may share information with your explicit consent for specific purposes

4. Method of Disclosure

We disclose information through secure channels, including:

• Encrypted connections (HTTPS/TLS) for data transmission
• Secure API integrations with trusted service providers
• Controlled access through authentication and authorization mechanisms

5. Security Practices

We implement security measures to safeguard your information:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure payment processing through PCI-compliant providers
• Regular backups and disaster recovery procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Cookies and Tracking Technologies

We use the following tracking technologies:

• Session Storage: Stores payment status and unlocked content during your browsing session
• Local Storage: Remembers your facility unlock status and preferences
• Cookies: Used by Google Analytics and Google Tag Manager for analytics tracking
• Google Analytics: Tracks page views, user interactions, and site performance

You can control cookies through your browser settings. However, disabling cookies may affect functionality, including:

• Remembering your payment status and unlocked content
• Maintaining your session across page visits
• Providing personalized features

To opt out of Google Analytics tracking, you can install the Google Analytics Opt-out Browser Add-on.

7. Third-Party Services

Our service integrates with the following third-party services:

• Stripe: Payment processing for purchases. See Stripe's Privacy Policy
• Supabase: Database and backend services for data storage. See Supabase's Privacy Policy
• Google Maps: Map display and geocoding services. See Google's Privacy Policy
• Google Analytics: Website analytics and usage tracking. See Google's Privacy Policy

Our service may also contain links to third-party websites (such as facility websites, Google Business profiles, and external resources) that are not owned or controlled by CLIA Lab Citations. We have no control over, and assume no responsibility for, the privacy policies or practices of any third-party sites or services.

8. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal and contractual obligations)
• Objection: Object to processing of your information for certain purposes
• Data Portability: Request transfer of your data to another service provider
• Opt-Out: Opt out of marketing communications and certain tracking technologies
• Withdraw Consent: Withdraw consent for data processing where consent is the legal basis

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

Note: Some information, such as purchase records required for accounting and tax purposes, may be retained even after account deletion to comply with legal obligations.

9. Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Data Retention

We retain your information for as long as necessary to:

• Provide our services and fulfill your purchases
• Comply with legal obligations (e.g., tax and accounting records)
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

Purchase records are typically retained for at least 7 years to comply with tax and accounting requirements. Session data stored in your browser (localStorage/sessionStorage) persists until you clear your browser data or it expires.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our service, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure your information receives adequate protection in accordance with this Privacy Policy.

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Through our website contact form
• By email (if contact information is provided on the website)

We will make every effort to respond to your inquiry promptly and address your concerns.