Skip to Content

PRIVACY POLICY


Effective Date: May 24, 2026

Last Updated: June 17, 2026

At Sentinel Auditor, a compliance automation platform owned and operated by Elite Data Solution (the "Platform", "Company", "we", "us", or "our"), we respect your privacy and are committed to protecting the corporate data of the healthcare systems and hospitals that utilize our services. This Privacy Policy explains our data collection, processing, and retention practices.

Because our services are designed strictly for institutional Business-to-Business (B2B) hospital price transparency compliance under federal CMS regulations, we enforce a strict privacy-first, zero-retention architecture.


1. NO PHI OR PATIENT DATA COLLECTION (HIPAA EXEMPTION)

Our Platform is designed exclusively to analyze public-facing hospital Machine-Readable Files (MRFs) and internal billing chargemasters containing institutional standard charges, CPT codes, HCPCS codes, and payer-negotiated rates.

  • No Protected Health Information (PHI): Under no circumstances do our services request, parse, record, or store any Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA).

  • No HIPAA Business Associate Agreements (BAAs): Since we do not process, receive, or maintain patient clinical records, identifiers, or billing claims, we are not a HIPAA-covered entity or Business Associate. We do not provide HIPAA-compliant storage and do not sign or execute Business Associate Agreements (BAAs).

  • Restriction on Uploading PHI: Users are strictly prohibited from uploading patient charts, records, or identifying patient data. If we discover that a file contains PHI, it will be immediately and permanently purged from our volatile memory.


2. PRIVACY-BY-DESIGN & EPHEMERAL IN-MEMORY PROCESSING

To guarantee absolute security boundaries for hospital billing departments, our parsing and remediation systems are optimized for secure, transient execution:

  • Ephemeral Server Processing: All data parsing, schema evaluation, validation rules, and file remediation execute strictly in secure, volatile server memory. Raw uploaded files are processed in real-time and are never stored long-term on our systems.

  • Zero-Retention Boundary: Raw hospital chargemaster sheets and pricing matrices are temporarily held in memory only during the active session and are automatically expunged and deleted from our servers within twenty-four (24) hours of completing the audit or remediation run.


3. INFORMATION WE COLLECT

We collect only non-sensitive corporate and transactional metadata necessary to establish licensing, verify transaction history, and manage accounts. This is limited strictly to:

  • Corporate Identifiers: Hospital Name, Physical Address, and Federal Employer Identification Number (EIN).

  • Operational Metadata: Direct URLs to the Hospital's public Price Transparency pages and machine-readable data files.

  • Contact Details: Corporate email address of the compliance officer or billing manager.

  • Billing & Transaction Data: Payment reference identifiers, payment status, transaction timestamp, and amount processed via our third-party Merchant of Record (e.g., Paddle, Lemon Squeezy). We do not store or process complete credit card details on our servers.


4. DATA RETENTION & DELETION POLICY

For customers using our cloud hosting and CDN distribution capabilities (e.g., the Elite Suite enterprise tier):

  • Public CDN Files: Fully compliant, remediated MRF files deployed to our Secure CDN network to fulfill federal public-disclosure URL mandates are hosted securely for the duration of your active subscription.

  • Ephemeral Backend Cache: Any files temporarily processed on our server systems are fully expunged, deleted, and overwritten in system memory within twenty-four (24) hours of completing the audit or remediation run.

  • Billing Records: We retain standard corporate purchase history and invoice receipts as required to comply with local tax legislation, financial audits, and corporate record-keeping requirements.


5. DATA SHARING & THIRD-PARTY SERVICES

We do not sell, lease, trade, or distribute your corporate contact info, transparency file data, or internal pricing schemas to third-party data brokers, insurers, or marketing companies. We share information only with:

  • Merchants of Record (Paddle / Lemon Squeezy): To securely process subscription billing, transactional fees, and regional tax compliance.

  • Government Web-Scrapers: Compliant MRF files hosted on our public CDN are intentionally accessible to public web-scrapers, researchers, and CMS compliance auditors, in direct alignment with federal transparency regulations.


6. SECURITY SAFEGUARDS

We maintain rigorous operational, technical, and administrative security measures to protect hosted files and corporate accounts:

  • Encryption: All hosted files are protected by AES-GCM-256 encryption at rest and secure SSL/TLS channels in transit.

  • Access Controls: Cloud CDN container instances are isolated, preventing unauthorized horizontal access.


7. INDIAN GOVERNING LAW & JURISDICTION

⚖️ Legal Notice: This Privacy Policy and all matters relating to data protection shall be governed by and construed in accordance with the laws of India. Any legal actions or disputes arising under this policy shall be resolved through binding commercial arbitration in Lucknow, India.


8. POLICY AMENDMENTS

We reserve the right to modify this Privacy Policy at any time. Updates will be posted on this page with a revised "Last Updated" date. Your continued use of the Platform signifies acceptance of any updated privacy terms.


9. CONTACT US

If you have any questions, concerns, or legal inquiries regarding our privacy procedures, please contact our administrative desk through the official channels listed on our homepage.