GDPR & HIPAA Compliance

🛡️ GDPR & HIPAA Compliance 

Effective Date: 10/01/2025

CollateralBuddy is committed to protecting personal data and ensuring compliance with applicable regulations, including the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) where relevant.

🇪🇺 GDPR Compliance (for EU/EEA Users)

If you are located in the European Union or European Economic Area, the following applies:

✅ Lawful Basis for Processing

We process personal data based on:

• Your consent

• Contractual necessity

• Legitimate interests (e.g., improving services)

• Legal obligations

🔍 Data Subject Rights

You have the right to:

• Access your personal data

• Correct inaccuracies

• Request deletion (“right to be forgotten”)

• Restrict or object to processing

• Data portability

To exercise these rights, contact privacy@collateralbuddy.com.

🌍 Data Transfers

Your data may be transferred outside the EU/EEA. We use appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure protection.

🏥 HIPAA Compliance (for U.S. Healthcare-Related Use)

If you use CollateralBuddy in a context involving Protected Health Information (PHI), the following applies:

🔐 Safeguards

We implement administrative, physical, and technical safeguards to protect PHI, including:

• Data encryption in transit and at rest

• Access controls and audit logs

• Secure user authentication

📄 Business Associate Agreements (BAAs)

If you are a Covered Entity or Business Associate under HIPAA, we are prepared to sign a Business Associate Agreement (BAA) to formalize our responsibilities regarding PHI.

🚫 Limitations

CollateralBuddy is not intended for direct storage or transmission of patient medical records unless explicitly configured for HIPAA compliance. Please consult your legal team before uploading PHI.

Fantastic—here’s a version of the GDPR & HIPAA Compliance Addendum tailored for enterprise onboarding or partner agreements. It’s structured to be easily embedded into contracts, master service agreements (MSAs), or onboarding documentation for life sciences, diagnostics, or medtech organizations.

📄 GDPR & HIPAA Compliance Addendum

Applicable to Enterprise Clients and Strategic Partners of CollateralBuddy

Effective Date:10/01/2025

Applies to: All enterprise-level engagements involving data processing, content creation, or platform integration with CollateralBuddy.

🔐 Data Protection & Privacy Commitments

CollateralBuddy agrees to comply with applicable data protection laws, including:

• General Data Protection Regulation (GDPR) (EU Regulation 2016/679)

• Health Insurance Portability and Accountability Act (HIPAA) (U.S. Public Law 104-191)

These commitments apply to all services provided under enterprise agreements where personal data or protected health information (PHI) may be processed.

 🇪🇺 GDPR-Specific Provisions

 Lawful Basis

CollateralBuddy processes personal data under one or more lawful bases: consent, contractual necessity, legal obligation, or legitimate interest.

Data Subject Rights

Enterprise clients must ensure their users are informed of their rights under GDPR, including access, rectification, erasure, restriction, objection, and portability. CollateralBuddy will support reasonable requests to fulfill these rights.

International Transfers

Where data is transferred outside the EU/EEA, CollateralBuddy will implement appropriate safeguards, including Standard Contractual Clauses (SCCs) or equivalent mechanisms.

🏥 HIPAA-Specific Provisions

Business Associate Agreement (BAA)

If the enterprise client is a Covered Entity or Business Associate under HIPAA, CollateralBuddy will execute a BAA outlining responsibilities for handling PHI.

Safeguards

CollateralBuddy maintains administrative, physical, and technical safeguards to protect PHI, including:

• Data encryption (AES-256 or equivalent)

• Role-based access controls

• Secure audit trails and logging

Permitted Use

CollateralBuddy is not intended for direct patient record storage unless explicitly configured for HIPAA-compliant workflows. Enterprise clients must ensure PHI use aligns with agreed terms.

Compliance Contact

For compliance-related inquiries, data processing agreements, or BAA execution, please contact:

CollateralBuddy Compliance Team

Email: support@collateralbuddy.com