Compliance ProLog In

Disclaimer: Please consult a licensed attorney before relying on these documents. These materials are provided for informational purposes only and do not constitute legal advice.

Privacy Policy

Last updated: March 9, 2026

1. Introduction

Ali Management Group LLC (“Company,” “we,” “us,” or “our”) operates Compliance Pro (compliancepro.live), a HIPAA-compliant compliance management platform for home care agencies. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. What Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored as a cryptographic hash)
  • Organization/company name
  • Role within the organization

2.2 Protected Health Information (PHI)

In the course of using the Service, your organization may enter PHI about clients and employees, including:

  • Client names, dates of birth, and contact information
  • Service agreements and care plans
  • Employee credentials, certifications, and training records
  • Medical and compliance documentation
  • Form submissions and e-signature records

2.3 Usage Data

We automatically collect certain information about your use of the Service:

  • IP address and approximate geographic location
  • Browser type, device type, and operating system
  • Pages viewed, features used, and time spent on the Service
  • Error logs and performance data
  • Referring URLs and navigation patterns

3. How We Use Your Data

We use the information we collect to:

  • Provide the Service: Process compliance data, manage forms, track credentials and training
  • Compliance tracking: Generate compliance scores, risk alerts, and reports for your organization
  • Notifications: Send email alerts for expiring credentials, overdue training, form assignments, and system updates
  • AI features: Power compliance analysis, document reading, and risk detection using anonymized data only
  • Improve the Service: Analyze usage patterns to improve functionality and user experience
  • Security: Detect, prevent, and respond to security incidents and fraud
  • Legal compliance: Comply with applicable laws, regulations, and legal processes

4. Third-Party Services

We use the following third-party services to operate the platform. Each service is selected for its security practices and, where applicable, willingness to sign a Business Associate Agreement (BAA):

4.1 Supabase

Role: Database hosting, authentication, and file storage
Data processed: All account data, PHI, and uploaded documents
HIPAA: Supabase signs a BAA and provides HIPAA-eligible infrastructure with encryption at rest and in transit

4.2 Anthropic Claude API

Role: AI-powered compliance checking, document reading, and risk analysis
Data processed: Anonymized data only. Our PHI sanitizer strips all personally identifiable information (names, dates of birth, SSNs, phone numbers, email addresses, and physical addresses) before any data is sent to Anthropic.
HIPAA: No PHI is transmitted to Anthropic. All AI processing uses de-identified data.

4.3 SignWell

Role: Electronic signature processing and management
Data processed: Documents sent for signature, signer email addresses and names
HIPAA: SignWell provides HIPAA-compliant e-signature services

4.4 Paubox

Role: HIPAA-compliant email delivery
Data processed: Email addresses, notification content
HIPAA: Paubox provides encrypted, HIPAA-compliant email delivery and signs a BAA

4.5 AWS Amplify

Role: Application hosting and content delivery
Data processed: Application code, static assets, network requests
HIPAA: AWS provides HIPAA-eligible services with a BAA

5. HIPAA Compliance

Ali Management Group LLC operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We are committed to protecting the privacy and security of PHI in accordance with HIPAA regulations.

  • We execute Business Associate Agreements (BAAs) with all customers who are Covered Entities
  • We execute BAAs with all subcontractors who access PHI
  • We implement comprehensive administrative, physical, and technical safeguards
  • We maintain documented HIPAA policies and procedures
  • We provide breach notification in compliance with the Breach Notification Rule
  • We conduct regular risk assessments and security audits

6. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account data: Retained while your account is active and for 90 days following account closure
  • PHI and compliance data: Retained while your subscription is active. Upon termination, data is retained for 90 days to allow for export, then securely deleted
  • Audit logs: Retained for 6 years as required by HIPAA regulations
  • Usage data: Retained in anonymized form for up to 2 years
  • Backup copies: Deleted within 30 days of primary data deletion

You may request deletion of your data at any time by contacting info@compliancepro.live. We will process deletion requests within 30 days, subject to legal retention requirements.

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete personal data
  • Deletion: Request deletion of your personal data, subject to legal retention requirements
  • Export: Request your data in a standard, machine-readable format
  • Restriction: Request that we limit the processing of your data in certain circumstances
  • Objection: Object to certain processing of your personal data

To exercise any of these rights, contact us at info@compliancepro.live. We will respond to your request within 30 days.

8. Security Measures

We implement comprehensive security measures to protect your data:

  • Encryption at rest: All data stored in our databases and file storage is encrypted using AES-256 encryption
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Access controls: Role-based access controls limit data access to authorized personnel only
  • Audit logging: All access to PHI is logged and monitored
  • Multi-tenant isolation: Each organization’s data is logically isolated using row-level security policies
  • Regular backups: Automated daily backups with point-in-time recovery
  • Incident response: Documented incident response procedures with breach notification capabilities

9. Cookies and Tracking

We use essential cookies to maintain your authentication session and remember your preferences (such as dark/light mode). We do not use third-party advertising or tracking cookies.

10. Children’s Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The “Last updated” date at the top of this page indicates when this Privacy Policy was last revised.

12. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Ali Management Group LLC
Attn: Privacy Officer
2810 N Church St #501279
Wilmington, DE 19802
Email: info@compliancepro.live
Website: compliancepro.live