Privacy Policy
Effective Date: October 14, 2025
1. Overview
Dash Level LLC (“Dash Level,” “we,” “us,” or “our”) is committed to protecting your privacy and maintaining the confidentiality of personal and health information collected through our CRM and related services.
We comply with applicable data-protection laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and act as a Business Associate when handling data on behalf of healthcare providers or covered entities.
2. Information We Collect
We collect the following categories of data:
Personal Information: Name, email, phone number, business details, and billing data.
Account Data: Login credentials, usage logs, IP address, browser type, and device information.
Client & Patient Data (PHI): Information you store or process within our CRM, including names, contact details, health-related data, or appointment information. You remain the data owner; we act only as a service provider.
Payment Data: Processed securely by third-party vendors such as Stripe.
3. HIPAA Compliance and Business Associate Obligations
When handling PHI on your behalf:
We sign a Business Associate Agreement (BAA) upon request.
We implement administrative, technical, and physical safeguards in accordance with 45 CFR §§164.308–164.316.
Access to PHI is restricted to authorized personnel with legitimate business purposes.
PHI is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256).
We will notify clients of any unauthorized access or breach involving PHI as required by HIPAA Breach Notification Rules.
We do not sell, disclose, or use PHI for marketing without written authorization.
4. How We Use Information
We use collected data to:
Provide, maintain, and secure the CRM and marketing tools.
Support integrations with partners (e.g., GoHighLevel, Twilio, Google).
Communicate service updates, account notices, and security alerts.
Comply with legal, regulatory, or contractual obligations.
5. Data Retention and Deletion
PHI and personal data are retained only as long as necessary for business or legal purposes.
Upon termination or written request, we will securely delete or return PHI in compliance with 45 CFR §164.504(e)(2)(ii)(J).
6. Data Sharing
We share data only with:
Subcontractors and vendors who sign BAAs or confidentiality agreements.
Legal authorities as required by law.
Third-party integrations explicitly authorized by the user (e.g., email or SMS marketing tools).
7. Your Rights
You (or your clients) may:
Access, correct, or delete personal data.
Request an accounting of disclosures for PHI.
Revoke consent to communications at any time.
Requests can be sent to privacy@dashlevel.com.
8. Security Measures
We maintain a robust information-security program that includes:
Encryption in transit and at rest
24/7 intrusion detection
Role-based access control
Secure backups and audit logging
Annual security and HIPAA compliance reviews
9. Cookies and Analytics
We use cookies only for session management and performance analytics. We do not track PHI or sensitive data with cookies.
10. International Transfers
All data is stored on servers located within the United States. We do not transfer PHI internationally.
11. Updates to This Policy
We may update this Privacy Policy periodically. The latest version will be posted at dashlevel.com/privacy-policy.
Terms & Conditions
1. Overview
These Terms and Conditions (“Terms”) govern your use of Dash Level’s website, CRM, and related services (“Services”). By using our Services, you agree to these Terms and all applicable laws, including HIPAA where relevant.
2. Relationship to GoHighLevel
Dash Level licenses and customizes CRM software based on the GoHighLevel platform.
While we configure and manage CRM accounts, GoHighLevel remains the underlying technology provider and may process data on our behalf as a subcontractor under HIPAA.
3. Eligibility
You must be 18 or older and authorized to represent your organization.
4. Business Associate Agreement (BAA)
If you are a covered entity or business associate under HIPAA, a signed BAA is required before storing or transmitting PHI through our Services.
We maintain written policies, training programs, and safeguards to meet HIPAA Security and Privacy Rule standards.
5. Data Ownership
You retain full ownership of all data—including PHI—stored in your CRM account.
Dash Level acts solely as a data processor and Business Associate, accessing data only as needed to support the Services.
6. Acceptable Use
You agree not to:
Upload or share PHI without a signed BAA.
Violate any applicable privacy, health, or data-protection laws.
Use the platform for spam, unauthorized marketing, or unlawful activity.
7. Payment and Billing
All subscription fees are billed in advance and are non-refundable except as required by law. Recurring billing continues until cancellation.
8. Termination
Either party may terminate with written notice. Upon termination:
We will return or destroy PHI within 30 days (unless otherwise required by law).
Any outstanding fees remain payable.
9. Security and Breach Notification
We will notify affected customers of any confirmed security incident involving PHI without unreasonable delay and in accordance with 45 CFR §164.404.
10. Limitation of Liability
To the fullest extent permitted by law, Dash Level is not liable for indirect or consequential damages, including loss of data or business interruption. Liability for any claim will not exceed the amount paid in the past 12 months.
11. Governing Law
These Terms are governed by the laws of the State of New York, excluding conflict-of-law principles.
Venue for disputes will be the state or federal courts in Dutchess County, NY.
12. Modifications
We may modify these Terms from time to time. Continued use constitutes acceptance of the revised Terms.