Your privacy is important to us at Baton. We want to be clear how we use your personal information as well as
The information we collect and why we collect it.
How we use that information and when we disclose it
Third party applications and any data that is communicated with these applications
The steps we take to protect your information.
For the purposes of this document, the type of data we collect and store is broken down into two subsets:
Personal Information and Personal Health Information (PHI).
Personal Information We Collect
Personal information refers to information that lets us know the specifics of who you are (as a partner or
customer). Here are the ways in which we may collect personal information and the types of information you may
Account and User Information
We collect information about you and your company when you register for an account, create or modify your
profile, and agree to purchase our services. Information we collect includes, but is not limited to, your
name, username, address, email address, phone number, and payment information.
Internet and Device Information
We record certain information and store it in log files when you visit our websites or utilize our
applications. This information may include but is not limited to IP addresses and device identifiers, ISPs,
browser type, Operating Systems, date/time stamp, mobile carrier, and system configuration information.
hard drive or in memory, and can help improve your experience (e.g. by allowing you to access and use our
applications without re-entering your username or password). Information we store in cookies may be associated
with personal information you submit while using our applications and websites. If you decline cookies on our
site, you may not be able to use all aspects of our Services.
We may use a 3rd-party service (Intercom) to provide customer support inside of our application. Information
passed to Intercom may include username, email address, and first and last name. Furthermore, additional
information about how users are interacting with Baton’s applications may be passed to Intercom in order for
us to better understand application usage.
Personal Health Information (PHI)
PHI may be provided to Baton in the following 2 ways.
Direct user interaction with Baton Applications
Users will directly input PHI data into Baton’s application(s) in order for Baton to facilitate more efficient
patient discharge. Baton will only prompt users for the minimum PHI data which is necessary for Baton’s
Interface with Redox
Baton will pull data from a third-party provider (Redox). Baton will only request from Redox the minimum PHI
data necessary for application functionality. Also, Baton may transmit some PHI data input via users bacto to
Redox under the following circumstance: The customer has decided that PHI data entered directly into Baton
should be transmitted to the customer’s internal EHR (and we will use Redox to facilitate this transmission).
How we secure your data
Baton will never share data with any third-parties, except for
In the fashion outlined above with Redox and Intercom;
If the customer grants express written approval to do so;
We believe that disclosure is reasonably necessary to comply with any applicable law, regulation,
process or governmental request;
To enforce our terms of service or to protect the security or integrity of Baton’s products and
To protect the property, rights, and safety of Baton
To protect our customers or the public
To prevent the death or serious bodily injury of any person
To defend ourselves against any possible third-party allegations, claims, or other litigation
Baton’s application and web infrastructure is housed in AWS, and we have built our infrastructure to adhere
to HIPAA standards for software and data, basing our overall architecture on the AWS HIPAA stack and
ensuring that we are following government guidelines.
Baton will anonymize PHI once it is no longer needed for our services to function properly (i.e. in a timely
fashion after patient discharge). We will maintain some information included but not limited to: Length of
patient stay, communication latency between stages of our process, and metrics around the effectiveness of
our services. This information shall be anonymized in order that it may never be used to identify an
No transmission of data over the Internet or Wireless Networks can ever be guaranteed to be 100% secure. While
we devote substantial effort and resources to protect personal information, as a customer you acknowledge
that: Some security and privacy vulnerabilities of the Internet are beyond our control, we cannot 100%
guarantee security when data in transit, and it is possible that data may be viewed or tampered by a third
We may share or transfer any and all data in connection with, or during negotiations of, the event of any
financing, merger, sale, or acquisition of all or a portion of our business to another company. If any such
events occur, we will provide updates either via direct email and/or posts to our company website
Please contact us with any questions about this Policy by email at firstname.lastname@example.org.