Privacy Policy

Funnl Software, Inc. (“Funnl,” “we,” “us,” or “our”) is committed to protecting the privacy of our users (“Nurses,” “Providers”) and the patients they serve. This Privacy Policy explains how our Stateless Clinical Decision Support architecture handles data.

Funnl operates on a Zero-Retention basis regarding Protected Health Information (PHI).

Transient Processing: Patient data entered into the triage interface is processed entirely in your browser's local memory (Client-Side).

No Storage: We do not save, store, or log patient names, dates of birth, or symptom data to any persistent database.

Session Termination: Upon the completion of a triage session or the closing of the browser tab, all patient data is permanently discarded from the application state.

Funnl Software, Inc. provides clinical decision support infrastructure intended for use by healthcare providers, clinics, and organizations acting as “Covered Entities” under the Health Insurance Portability and Accountability Act (HIPAA).

While our “Stateless” architecture ensures that no Protected Health Information (ePHI) is permanently stored, retained, or logged in our databases, we recognize our regulatory role as a Business Associate when processing transient patient data during active triage sessions in the browser. Funnl maintains strict administrative, physical, and technical safeguards in compliance with HIPAA requirements. We are fully capable and prepared to execute formal Business Associate Agreements (BAAs) with our clinical clients prior to their deployment of the Service.

While we do not store patient data, we do store account information for authorized users (Nurses/Admins) via Supabase:

Account Info: Name, work email (name@clinic.com), and encrypted password.

Usage Logs: Timestamps of login activity and protocol access counts (for billing purposes). These logs are anonymized and contain NO patient identifiers.

Schmitt-Thompson Clinical Content: We interface with Schmitt-Thompson APIs to retrieve clinical protocols. This connection is read-only.

Supabase: Used for authentication and subscription management.

Vercel: Used for hosting and edge function execution.

Stripe: Used for secure payment processing and subscription management. Funnl does not directly collect or store your full credit card information or financial data; this is handled entirely by Stripe.

Because Funnl does not store patient data, data deletion requests apply only to your administrative account information. You have the right to access, correct, or request the deletion of your account data at any time. To request account deletion, please contact us at the email provided below.

Under Nevada law (NRS 603A), Nevada residents who have purchased goods or services from us may opt out of the “sale” of “covered information” (as such terms are defined under Nevada law) to third parties for monetary consideration. Funnl Software, Inc. does not currently sell your covered information to third parties, nor do we have plans to do so. However, if you are a Nevada resident and would like to submit a request to opt out of any potential future sales under Nevada law, you may do so by contacting our Designated Request Address at privacy@funnl.health. Please note that we may take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.

For privacy concerns, please contact:

Funnl Software, Inc.
Henderson, NV
Email: privacy@funnl.health