AltitudeIQ - High Data Quality. Inevitable.

Privacy Policy

Effective March 24, 2026

  • Overview
  • Information We Collect
  • How We Use Information
  • Data Residency and Security
  • HIPAA and Business Associate Role
  • Data Sharing and Disclosure
  • Data Subject Rights
  • Data Retention
  • Updates to This Policy
  • Contact Us

Overview

ALTITUDEIQ, INC. ("AltitudeIQ," "we," "us," or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our enterprise software platform and related services.

Our Business Model

AltitudeIQ provides B2B SaaS enterprise software solutions. AltitudeIQ operates its development environment on AWS and deploys into customer-controlled cloud environments (currently AWS and Azure). Customer data remains within the customer environment at all times. We serve enterprise customers in regulated industries, including healthcare organizations where we act as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA).

AltitudeIQ is not a system of record. Customers retain full regulatory validation responsibility for all data in their environments.

Scope of This Policy

This Privacy Policy applies to:

  • Business contact information collected for account management purposes.
  • Technical metadata collected for security and service delivery.
  • Our role as a Data Processor/Business Associate for enterprise customers.

What This Policy Does NOT Cover

This policy does not cover Customer Data (including Protected Health Information) processed on behalf of our enterprise customers within their own cloud environments. Such data is governed by our customer agreements and remains under the customer's exclusive control.

Information We Collect

We collect minimal personal information, limited to what is necessary for business operations:

Business Contact Information

  • Names and job titles of authorized contacts at customer organizations.
  • Business email addresses for account management and technical communications.

Technical and Usage Data

  • IP addresses and system logs for security monitoring and service delivery.
  • Authentication metadata including login timestamps and access patterns.

Internal Operational Monitoring (Command Center)

AltitudeIQ operates an internal monitoring service ("Command Center") for infrastructure and application health. By design, Command Center does not receive, access, or store any Customer Data or Protected Health Information (PHI).

How We Use Information

We use the limited information we collect for:

  • Service Delivery: Providing, maintaining, and supporting our platform.
  • Account Management: Managing contracts, billing, and service updates.
  • Security: Detecting, preventing, and responding to security threats.

Data Residency and Security

Customer-Controlled Deployment

AltitudeIQ operates its development environment on AWS and deploys into customer-controlled cloud environments (currently AWS and Azure). Customer data remains within the customer environment at all times.

Security Measures

We implement industry-standard security controls, including:

  • Encryption: Data is encrypted in transit and at rest using industry-standard protocols.
  • Access Control: Multi-factor authentication (MFA) is required for administrative access to production-impacting systems.
  • Monitoring: Continuous security logging and automated alerting for system events.

Compliance Alignment

AltitudeIQ operates in alignment with SOC 2 Trust Services Criteria and is conducting a formal readiness assessment. We implement the administrative, physical, and technical safeguards required by HIPAA for Business Associates.

HIPAA and Business Associate Role

When acting as a Business Associate for HIPAA Covered Entities:

  • We execute formal Business Associate Agreements (BAAs).
  • We commit to notifying customers of any suspected PHI breach within 72 hours of discovery (internal escalation SLA), which aligns with the 60-day HIPAA regulatory notification deadline (45 CFR 164.404).
  • We maintain a designated HIPAA Privacy & Security Officer to oversee our compliance program.

Data Sharing and Disclosure

  • No Sale of Data: We do not sell, rent, or trade personal information.
  • Service Providers: We share limited business contact info with essential providers (e.g., Azure, email services) who are contractually bound to protect it.
  • Legal Requirements: We may disclose information if required by law or to protect the safety of our users.

Data Subject Rights

Individuals may request access to, correction of, or deletion of their business contact information by contacting us at privacy@altitudeiq.ai. We respond to verified requests within 30 days. For requests regarding data held within a customer's environment, please contact that customer organization directly.

Data Retention

  • Business Contact Information: Retained for the duration of the business relationship plus a reasonable period not to exceed three years for legal and audit purposes.
  • Technical Logs: Retained for up to 24 months unless a longer period is required for security investigations.

Updates to This Policy

We may update this policy periodically. Material changes will be communicated to customers via email or through official technical update channels.

Contact Us

Dalton Wang

Chief Compliance Officer & HIPAA Privacy Officer

ALTITUDEIQ, INC.

dwang@altitudeiq.ai

© 2026 AltitudeIQ. All rights reserved. · Privacy Policy