SMS Communication Platform Privacy Policy

Effective Date: 11/13/2025

1. INTRODUCTION

Pediatric Emergency Standards, Inc. d/b/a Handtevy (“Handtevy,” “we,” “us,” or “our”) provides this Privacy Policy (“Policy”) to describe how we collect, use, disclose, and safeguard information when you use our SMS communication platform (“SMS Platform” or “Service”).

This Privacy Policy is incorporated into our Terms of Service. By using the SMS Platform, you accept and agree to this Privacy Policy. If you do not agree, you must not use the SMS Platform.

2. INFORMATION WE COLLECT

We collect contact information such as name, mobile phone number, and email address, professional information including job title, department, and organization name, account credentials and authentication factors, message content and metadata including timestamps, sender/recipient information, and delivery status, usage data such as login times and feature usage patterns, device information including device type, operating system, and wireless carrier, technical logs and error reports, and general location data such as area code and time zone.

We explicitly prohibit and do not knowingly collect any Protected Health Information (PHI) under HIPAA, patient names or identifiers, clinical data, Social Security Numbers, or financial account information. We will immediately delete any prohibited information discovered on the SMS Platform.

3. HOW WE USE INFORMATION

We use information to operate and deliver the SMS Platform including message routing and delivery, account management and authentication, system monitoring and security, audit logging and compliance monitoring, facilitating communications between authorized parties, generating de-identified analytics to improve platform performance and develop new features, and meeting legal obligations and responding to lawful requests.

4. PROHIBITION ON PROTECTED HEALTH INFORMATION

The SMS Platform is not designed or authorized for Protected Health Information (PHI) as defined under HIPAA. Users must not transmit any PHI including patient names, identifiers, medical record numbers, diagnoses, treatments, or any HIPAA identifiers. The platform is exclusively for operational communications.

Users may communicate aggregate, de-identified statistics, general operational status, and resource availability information provided it contains no patient identifiers or protected health information.

The transmitting party bears all liability. We may suspend or terminate access for violations. We are not a Business Associate under HIPAA for SMS communications.

5. INFORMATION SHARING AND DISCLOSURE

We share information with authorized SMS Platform users as directed for message delivery, third-party service providers including Twilio, Inc. for SMS transmission, cloud providers for hosting, and telecommunications carriers for delivery, your organization’s administrators for oversight and audit purposes, legal authorities when required by valid court orders, subpoenas, lawful requests, or in emergencies involving safety or security, and successor entities in business transfers (subject to continued privacy protections). We may share fully de-identified aggregate analytics for business purposes.

The privacy practices of the relevant third parties, including details on the information they may collect about you, is subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by us, we are not responsible for these third parties’ information practices.

We do not sell personal information to third parties.

6. DATA RETENTION

We retain message content, metadata, audit logs, and de-identified analytics for as long as they have an ongoing business purpose or are required to meet regulatory, contractual, or operational obligations. Because the SMS Platform is provided to organizations, data retention policies are set at the organizational level, subject to individual privacy rights described in Section 8. Once data is no longer needed, it is securely deleted or archived in accordance with our Data Management Policy.

7. DATA SECURITY

7.1 Security Measures

We implement reasonable security measures including encryption of data in transit, role-based access controls and multi-factor authentication, security monitoring and intrusion detection, comprehensive audit logging, regular personnel training, incident response procedures, and contractual security requirements for service providers.

7.2 Security Limitations

However, no system is completely secure. You acknowledge that SMS communications are not end-to-end encrypted by design, messages may be retained by telecommunications carriers, we cannot control device or network security, and electronic communications may be intercepted during transmission. You agree that we are not responsible for any electronic communication or data which may be lost, altered, intercepted, or stored without authorization during transmission across networks not owned by us. We do not guarantee your information will not be misused or disclosed and have no liability for such misuse or disclosure except as required by law.

7.3 Shared Responsibility

We, or our third-party service providers, secure the SMS Platform infrastructure, servers, and transmission systems. You are responsible for securing your devices, maintaining credential confidentiality, following security best practices, and reporting security incidents. Your organization is responsible for user management, access control, and organizational security policies.

8. YOUR RIGHTS AND CHOICES

Depending on your location, you may have rights to access your information and receive it in a portable format, correct inaccurate information and update your preferences, request deletion, restrict or object to certain processing, and opt out of non-essential messages by replying “STOP” (though transactional messages and organizational alerts required for operations may continue).

Because the SMS Platform is provided to your organization as a business service, exercising these rights may require coordination with your organization. We cannot delete information that: (a) your organization requires us to retain under our service agreement, (b) is required for audit, compliance, or legal obligations, or (c) is necessary for ongoing operational communications.

To exercise these rights, contact [email protected]. We will respond within thirty to forty-five days as required by applicable law. If we cannot fully comply with a request due to organizational requirements or legal obligations, we will explain the reasons.

9. ORGANIZATIONAL RELATIONSHIPS

Your organization controls your SMS Platform access and may monitor your usage in accordance with organizational policies. Organizations set policies for required notifications and communication protocols. We act on organizational instructions regarding your account. Data shared between organizations is limited to designated communications for operational coordination.

While your organization controls certain aspects of the service, you retain individual privacy rights under applicable law as described in Section 8, subject to the operational constraints of the B2B service model.

10. CHILDREN’S PRIVACY

The SMS Platform is not intended for individuals under 18. We do not knowingly collect information from minors. By using the SMS Platform, you represent that you are at least 18 years old.

11. STATE-SPECIFIC PRIVACY RIGHTS

11.1 California Residents

California residents have rights under CCPA/CPRA including the right to know what information is collected, delete information subject to exceptions, opt out of sales (we don’t sell data), correct inaccurate information, limit use of sensitive information, and non-discrimination for exercising rights.

Information Categories: We collect identifiers (name, phone, email), professional information (job title, organization), network activity data (usage, device info), and general location data (area code, time zone). We collect this from you directly, from your organization, automatically through SMS Platform use, and from service providers. We use it for service delivery, security, compliance, and improvements. We share with service providers, your organization, other authorized users as directed, and legal authorities as required.

11.2 Other States

Residents of Virginia, Colorado, Connecticut, Utah, and other states with privacy laws may have similar rights. Contact [email protected] for details.

12. INTERNATIONAL DATA TRANSFERS

The SMS Platform operates in the United States. If you access from outside the U.S., your information will be transferred to and processed in the United States. By using the SMS Platform, you consent to this transfer and U.S. law will apply.

13. AUTOMATED DECISION-MAKING

The SMS Platform uses automated systems to route messages, trigger alerts based on configured thresholds, and escalate notifications per defined workflows. You may request human review of automated decisions by contacting us.

14. THIRD-PARTY PRACTICES

This Policy does not apply to your mobile carrier, your organization’s policies, other platform organizations, or external services referenced in communications. We are not responsible for third-party privacy practices.

15. POLICY UPDATES

We may modify this Policy at any time by posting the revised version with an updated effective date to our website. We may notify you of material changes through SMS Platform notifications, email to administrators, or other reasonable means, but are not required to provide individual notice. Your continued use after changes constitutes acceptance. We encourage periodic review of this Policy.

16. CONTACT INFORMATION

Privacy Officer
Pediatric Emergency Standards, Inc. d/b/a Handtevy
Email: [email protected]

ACKNOWLEDGMENT

By using the SMS Platform, you acknowledge you have read this Policy and our Terms of Service, consent to these data practices, understand you must not transmit PHI or prohibited information, recognize your organization may have additional policies, and understand multi-party communications involve data sharing among authorized parties.

The SMS Platform is for operational notifications only. Never include patient information or PHI in any messages.

Last Edited on 11/13/2025