Privacy Policy

Last updated: June 10, 2026

1. Introduction

Datatronics LLC (d/b/a SOPdesk) ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SOPdesk service ("Service"). We are committed to maintaining the highest standards of data protection and security.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, organization name, and other information necessary to provide the Service.

Content and Documents

We collect and store the Standard Operating Procedures, documents, images, and other content you upload or create using the Service. This may include healthcare-related information.

Usage Information

We automatically collect information about how you use the Service, including pages visited, features used, time spent, and other analytics data.

Technical Information

We collect technical information such as IP address, browser type, device information, and operating system to provide and improve the Service.

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your account
  • Provide AI-powered features for SOP creation and assistance
  • Send service-related communications and updates
  • Ensure security and prevent fraud
  • Comply with legal obligations and healthcare regulations
  • Analyze usage patterns to improve user experience

4. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

  • With your consent: When you explicitly authorize us to share information
  • Service providers: With the third-party providers that operate parts of the Service on our behalf
  • Legal requirements: When required by law or to protect rights and safety
  • Business transfers: In connection with mergers, acquisitions, or asset sales
  • Within your organization: With other users in your organization as configured by administrators

Our service providers (subprocessors): Supabase (database, authentication, and file storage), Railway (application hosting), Cloudflare (content delivery and security), Stripe (payment processing), Resend (transactional email), and OpenRouter, which routes AI requests to model providers Anthropic and OpenAI when you use AI features. A current list is maintained on our Subprocessors page.

5. Healthcare Data Protection

SOPdesk is designed for healthcare organizations and we understand the sensitivity of the information you manage. We implement robust security measures to protect your data:

  • Data encryption in transit and at rest
  • Role-based access controls and user authentication
  • Organization-level data isolation enforced at the database layer
  • Audit logging of key account and document activity
  • Automated backups through our infrastructure provider

Important — Not Intended for PHI: SOPdesk is a documentation, training, and compliance management platform. It is not intended for, and must not be used to store or transmit, Protected Health Information (PHI) such as patient names, medical record numbers, or other individually identifiable patient health data. SOPdesk does not act as a HIPAA Business Associate and is not represented as "HIPAA compliant." Users are responsible for ensuring their SOPs and documentation do not contain PHI or other sensitive patient data.

6. Data Security

We take the security of your information seriously:

  • All data is encrypted in transit using TLS
  • Data is encrypted at rest (AES-256) by our database and storage provider, Supabase
  • Every database query is scoped to your organization through row-level security policies
  • The Service is hosted on Railway and fronted by Cloudflare for DDoS protection and traffic filtering
  • Payment card data is handled entirely by Stripe and never touches our servers

7. AI and Machine Learning

Our Service includes AI features to assist with SOP creation and management. When you use these features:

  • Content you submit to an AI feature (such as SOP text or assistant questions) is sent to our AI providers — OpenRouter, which routes requests to Anthropic or OpenAI models — to generate the response
  • This happens only when you actively use an AI feature; content you create without AI features is not sent to AI providers
  • We do not use your content to train AI models; our AI providers' standard API terms likewise state that API content is not used to train their models
  • AI features are optional — you can use the Service fully without them

8. Data Retention and Deletion

Retention: We retain your information for as long as your account is active or as needed to provide the Service. Some information may be retained longer for legal compliance.

Deletion: To delete your account, contact us at [email protected]. We will delete your personal information and content within 30 days of a verified request, except where retention is required by law.

Backup Data: Deleted data may remain in backup systems for up to 90 days before permanent deletion.

9. Your Rights and Choices

You have the following rights regarding your information:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Export your data in a standard format
  • Restriction: Limit how we process your information
  • Objection: Object to certain processing activities

To exercise these rights, contact us at [email protected].

10. Cookies and Tracking

We use cookies and similar technologies to provide functionality, remember preferences, and analyze usage. You can control cookie settings through your browser, though some features may not work properly if disabled.

See our Cookie Policy for detailed information about our use of cookies.

11. International Data Transfers

The Service is operated from the United States, and your information is stored and processed in the United States by us and our service providers. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States.

12. Children's Privacy

The Service is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Significant changes will be communicated via email or Service notification.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Datatronics LLC (d/b/a SOPdesk) — Privacy Officer

Email: [email protected]

Address: 4406 E Main St, Suite 102, PMB 1002, Mesa, AZ 85205