1OR

Legal

Privacy Policy

Last updated: July 2026

1OR respects your privacy and is committed to protecting information shared through our website and platform. This Privacy Policy explains how we collect, use, disclose, and protect information.

1. Information We Collect

We may collect the following types of information:

Account Information: name, email, phone number, organization, role, login credentials.

Operational Data: scheduling details, vendor assignments, case-related workflow activity, communication logs, and task completion data.

Usage Data: IP address, browser type, device information, log data, pages visited, and analytics data.

Protected Health Information (PHI): if entered or transmitted through the platform by covered entities or business associates, PHI is handled under applicable agreements and HIPAA requirements.

2. How We Use Information

We use information to:

Provide and operate the 1OR platform

Coordinate surgical scheduling, readiness, vendor workflows, and communication

Authenticate users and manage accounts

Improve platform performance and usability

Support compliance, reporting, and auditability

Communicate important operational updates

3. HIPAA & Healthcare Data

Where applicable, 1OR acts as a Business Associate under HIPAA and follows the terms of signed Business Associate Agreements (BAAs).

We use reasonable administrative, technical, and physical safeguards to protect PHI and other sensitive information.

4. Information Sharing

We do not sell personal information.

We may share information with:

Authorized users within your organization

Vendors or partners involved in your workflows

Service providers who help us operate the platform

Regulators or legal authorities when required by law

5. Data Security

We use reasonable security practices, including access controls, encryption where appropriate, monitoring, and administrative safeguards.

However, no system can guarantee absolute security.

6. Data Retention

We retain information for as long as necessary to provide services, meet legal obligations, resolve disputes, and enforce agreements.

7. Your Choices

Depending on your role and applicable law, you may request access, correction, or deletion of certain personal information.

Organizational data requests may need to be handled through your employer or healthcare organization.

8. SMS/Text Messaging Privacy

We may collect your phone number and messaging preferences to send transactional alerts related to surgical case readiness, task assignments, escalations, and scheduling updates.

SMS opt-in and consent data will not be sold or shared with third parties for marketing purposes.

You may opt out at any time by replying STOP. Reply HELP for assistance.

Consent records and retention. When you opt in to receive SMS messages from 1OR, we record evidence of your consent: the date and time (UTC), the IP address and browser/device identifier (user agent) from which consent was given, the version of the disclosure text you accepted, and where the consent was captured. We keep the same kind of record when you opt out or opt back in. We retain consent and opt-out records for at least four (4) years after your account relationship with 1OR ends, in order to comply with our legal obligations under the Telephone Consumer Protection Act (TCPA) and related federal and carrier requirements. Because these records are retained to comply with a legal obligation, they are exempt from deletion requests under applicable privacy laws (including the CCPA/CPRA) and may be retained after your account is deactivated or deleted.

9. Cookies & Analytics

We may use cookies or similar technologies to understand website usage and improve our services.

10. Updates to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.

11. Contact Us

For questions about this Privacy Policy, contact us at:

contact@1orhealth.com