HomePrivacy Policy

Privacy Policy

Simple Advocate LLC · Effective Date: January 1, 2026 · Last Updated: January 12, 2026

1. Overview

Simple Advocate LLC ("Simple Advocate," "we," "our," "us") provides a secure, parent-managed digital platform that helps individuals store, organize, and manage medical, educational, developmental, and personal documents ("Personal Health Information," "PHI"), along with related notes, appointments, and resources.

This Privacy Policy explains:

  • What information we collect
  • How we use, share, and protect it
  • Your rights and choices
  • How we comply with the FTC Health Breach Notification Rule (HBNR), state privacy laws, and consumer protection laws

Simple Advocate is not a healthcare provider, is not a HIPAA Covered Entity, and does not operate as a Business Associate unless a Covered Entity enters into a Business Associate Agreement (BAA) with us.

Most information in the app is uploaded directly by users and is therefore regulated by the FTC, not HIPAA.

2. Information We Collect

We collect the following categories of information when you use Simple Advocate:

2.1 Information You Upload or Enter

You may upload, store, or enter:

  • Medical documents (evaluations, reports, diagnoses, letters, treatment plans)
  • Educational records (IEPs, 504 Plans, assessments, progress reports)
  • Therapy-related information (notes, goals, summaries)
  • Developmental notes, care plans, or milestones
  • Personal documents or files
  • Contact information (name, phone, email)
  • Demographic information (child's age, school, services)
  • Appointments, calendars, reminders, task lists
  • Notes you create within the app

This information is stored solely at your direction and under your control.

2.2 Automatically Collected Information

We may collect:

  • Device information (browser type, IP address, OS)
  • Usage data (pages viewed, features used, time spent)
  • Cookies or similar technologies for functionality and analytics

This helps us analyze performance, improve features, and maintain security.

2.3 Information From Connected Services

If you choose to connect external services, we may receive limited information necessary for functionality, such as:

  • Authentication details (e.g., Google login)
  • Data from patient portals only if you export it manually and upload it to Simple Advocate
  • Website hosting tools (Bluehost, WordPress)
  • Customer management tools (Salesforce)
  • Payment tools (Stripe)
  • Email communication tools

We do not access your medical portal accounts on your behalf. You must log in, download your records, and manually upload them to Simple Advocate.

3. How We Use Your Information

We use your information to:

  • Provide and improve the Simple Advocate platform
  • Store and organize documents you upload
  • Help you manage appointments, reminders, and tasks
  • Respond to inquiries or support requests
  • Maintain the security and integrity of our systems
  • Develop new features and enhancements
  • Process payments for subscription services
  • Comply with applicable laws and regulations

We do not sell your data. We do not share your data with advertisers.

4. How Your Information Is Shared

We may share information only in the following situations:

4.1 With Your Explicit Direction

You may choose to share documents or information with family members, caregivers, educators, therapists, and advocates. Sharing always requires your action and consent.

4.2 With Service Providers (Vendors)

We use third-party vendors to support the platform, such as Google (cloud storage, analytics), Salesforce (CRM / email), Stripe (payment processing), and other analytics tools. Vendors only access the minimum data necessary to provide their services. All vendors handling stored documents or sensitive data must sign a Business Associate Agreement (BAA) or equivalent data protection agreement.

4.3 When Required by Law

We may disclose information if required to comply with legal processes, respond to law enforcement requests, protect our legal rights, or prevent harm to users.

4.4 In the Event of a Business Transfer

If we merge, sell, or transfer ownership, your information may transfer as part of the transaction, subject to ongoing privacy protections.

5. How We Protect Your Information

We use administrative, technical, and physical safeguards including:

  • Encryption of data at rest and in transit
  • Multi-factor authentication for internal access
  • Role-based access controls
  • Secure hosting environments
  • Vendor BAAs and security reviews
  • Regular vulnerability assessments
  • Logging and monitoring for suspicious activity

No system is 100% secure, but we implement industry-standard protections.

6. Your Rights and Choices

Depending on your state of residence, you may have the right to:

  • Access your information
  • Correct inaccurate information
  • Download/export documents and data
  • Delete your account and stored information
  • Withdraw consent for data processing
  • Request information about vendors who handle your data

To exercise these rights, contact: [email protected]

7. Children's Information

Parents or legal guardians may upload documents about their children. Simple Advocate does not collect information directly from children, does not create child accounts without parental control, relies on the parent's consent for all child-related data, and complies with the principles of COPPA and relevant state laws.

If we learn that a child has created an account without parental consent, it will be deleted.

For complete details on how we handle children's data, please see our Children's Data Policy.

8. How Long We Keep Your Information

We retain information only as long as:

  • Your account is active
  • We need it to provide services
  • It is required by law

You may delete your account and associated documents at any time. Backups containing your data are deleted automatically within a defined retention window.

9. FTC Health Breach Notification Rule (HBNR)

As a Personal Health Record (PHR) provider, Simple Advocate complies with the FTC Health Breach Notification Rule, which requires us to notify you, the FTC, and media outlets (if the breach affects more than 500 residents of a state) if there is a breach involving unsecured health information. We will notify you promptly as defined by the rule.

For full details on our breach notification procedures, please see our Health Breach Notification Rule Policy.

10. HIPAA Clarification

Simple Advocate is:

  • Not a HIPAA Covered Entity
  • Not a Business Associate unless a Covered Entity signs a BAA with us
  • A consumer-managed PHR under FTC and state law

Documents uploaded by parents do NOT make us a HIPAA entity. If we later provide services to healthcare or educational institutions and receive PHI directly from them, we will operate under HIPAA and sign BAAs with those entities.

11. Changes to This Policy

We may periodically update this Privacy Policy. If changes are significant, we will provide notice through email or in-app alerts. Continued use of the platform constitutes acceptance of updates.

12. Related Policies

The following policies provide additional information and are intended to be read together with this Privacy Policy:

13. Contact Us

If you have questions or requests regarding your privacy: [email protected]

© Simple Advocate, 2026 · www.mysimpleadvocate.com