Privacy Policy

Your data is handled with clear limits and clear purpose.

You should never have to guess what a vendor does with your information. This policy tells you what we collect, why we collect it, how it is protected, and what to do if you have questions.

Effective: July 1, 2025 Last Updated: November 12, 2025 Primary Site: icatapult.com
Fast clarity
We do not sell PHI. We do not use one provider’s PHI to benefit another provider. When PHI is involved, it is governed by a Business Associate Agreement with that provider.
HIPAA and PHI Scope What We Collect Contact Privacy Officer
This policy is designed for practices, compliance teams, and decision makers who want direct answers.

Quick answers for decision makers

  • Offer: a HIPAA aligned system with written commitments when PHI is involved
  • Reason now: privacy and compliance review is a common bottleneck, handle it before launch
  • Clear instructions: patients contact the practice, practices contact Catapult
  • Accountability: safeguards, incident response, retention rules, and documented handling
If you are a patient
If you submitted information to a healthcare provider using Catapult tools, your requests related to PHI go through your provider. See Your HIPAA Rights.
We keep tracking on our public site separate from PHI workflows.

1. Overview

Catapult Business Innovations LLC (“Catapult,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect Personal Information. It also explains how we handle Protected Health Information (“PHI”) when we process it on behalf of healthcare providers who are Covered Entities under HIPAA.

Our primary website is https://www.icatapult.com. By accessing or using our website or services, you consent to the practices described in this policy.

2. HIPAA Compliance and Scope

When Catapult provides services to a healthcare provider (a “Covered Entity”), we act as a Business Associate under HIPAA. In those cases, PHI handling is governed by a formal Business Associate Agreement (BAA) with that provider.

Clear limit
This Privacy Policy supplements, but does not override, the terms of any BAA. Catapult does not use or disclose PHI except as permitted under a BAA and as required by law.
Read HIPAA Compliance Page Your HIPAA Rights

3. Types of Information We Collect

a. Personal Information (Non PHI)

Information you provide directly, such as your name, email address, phone number, job title, and company name when you request a demo or contact us. We also collect technical information like IP address and cookie data from website visitors.

b. Protected Health Information (PHI)

In our role as a Business Associate, we may process PHI on behalf of a Covered Entity. This can include individually identifiable health information submitted through HIPAA covered services such as:

  • Appointment request forms
  • Patient intake forms
  • Information exchanged via AI Phone, Chat, or Voice Agents
We keep public website analytics separate from PHI workflows.

4. How We Use Your Information

We use information to:

  • Provide, maintain, and improve services such as website management and ad campaigns
  • Operate AI Agents on behalf of healthcare providers
  • Respond to inquiries, schedule demos, and provide customer support
  • Fulfill contractual obligations under a BAA
  • Comply with legal obligations and enforce terms of service
Non negotiables
We do not use PHI collected on behalf of one provider for the benefit of any other provider. We do not sell PHI.

5. Safeguards for PHI and Other Data

Catapult implements administrative, physical, and technical safeguards required under the HIPAA Security Rule to protect PHI. Measures may include:

  • Encryption of data in transit and at rest
  • Strict access controls and user authentication
  • Secure, HIPAA compliant hosting infrastructure
  • Security monitoring and incident response procedures
  • HIPAA training for team members with potential access to PHI

6. Disclosure of Information

We may disclose Personal Information or PHI in these situations:

To our clients (Covered Entities)

PHI is provided to the healthcare provider on whose behalf it was collected, as governed by the BAA.

To our subcontractors

We may use subcontractors (for example GoHighLevel and secure cloud hosting) to perform services. Subcontractors who handle PHI are required to sign BAAs with us and follow the same HIPAA standards.

As required by law

We may disclose information if required by subpoena, court order, or other legal process.

For business transfers

If there is a merger or acquisition, we require the receiving party to safeguard PHI with the same level of protection.

7. Cookies and Tracking

Our public website uses essential cookies and analytics tools to improve user experience. These tools do not collect PHI.

Important distinction
When providing services on behalf of a Covered Entity, our tools are configured to be HIPAA aligned and are not designed to tie PHI to tracking identifiers.

8. Your HIPAA Rights

If you are a patient of a healthcare provider that uses our services, you have rights regarding your PHI under HIPAA, including rights to access, amend, or request an accounting of disclosures.

Clear instructions
To exercise these rights, contact your healthcare provider directly. As a Business Associate, Catapult cannot act on patient requests unless directed by the Covered Entity.

9. Data Retention

We retain PHI only as long as specified in the BAA with the healthcare provider or as required by law. We retain non PHI Personal Information as long as needed to fulfill the business purposes described in this policy.

10. Children’s Privacy

Our services are intended for healthcare practices and are not directed to children under 13. We do not knowingly collect Personal Information from children under 13. If we become aware that PHI of a minor was collected, it is handled in accordance with HIPAA and the applicable BAA.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The Last Updated date at the top of this page shows when changes were made. Review this page periodically if you want the latest version.

12. Contact Us

Questions about privacy or PHI handling should go to our Privacy Officer:

Catapult Business Innovations LLC
ATTN: Privacy Officer
Email Privacy Officer Read HIPAA Compliance Page
This policy is provided for transparency and operational clarity. It is not legal advice.