Skip to main content

Privacy Policy

Effective Date: March 1, 2026  |  Last Updated: March 12, 2026

Ciyex Inc. ("Ciyex," "we," "us," or "our") is a 501(c)(3) nonprofit organization (EIN: 41-3609665) dedicated to building open source healthcare technology that puts patients first. We believe every person deserves strong privacy protections, regardless of where they receive care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at ciyex.org and use our services.

1. Our Commitment to Patients

As a nonprofit building open source health records technology, we hold ourselves to the highest standard of data stewardship. Patients own their health data. Our platform is designed so that communities and healthcare providers maintain full control of patient information, with no data monetization, no advertising, and no selling of personal information to third parties.

2. Information We Collect

Information You Provide

  • Account Information: When you sign up for Ciyex EHR, we collect your name, email address, organization name, and role.
  • Donation Information: When you donate via our payment processor (Zeffy), your payment details are handled directly by Zeffy. We receive your name, email, and donation amount but never your credit card number.
  • Contact Information: When you contact us via email or our community forum, we collect your name, email, and message content.

Information Collected Automatically

  • Usage Data: We may collect information about how you access and use our website, including your IP address, browser type, operating system, pages visited, and time spent on pages.
  • Cookies: We use essential cookies to maintain session state. We do not use tracking cookies for advertising purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our EHR platform and website
  • Process donations and send tax receipts
  • Respond to your inquiries and support requests
  • Send important updates about our services (you may opt out at any time)
  • Improve our website and services
  • Comply with legal obligations

4. HIPAA Compliance and Patient Data Protection

Protecting patient health information is central to our mission. Ciyex EHR is designed to be HIPAA-compliant, ensuring that every patient's Protected Health Information (PHI) receives enterprise-grade protection, whether they receive care at a community health center, rural clinic, or urban hospital. PHI processed through the Ciyex EHR platform is handled in accordance with the Health Insurance Portability and Accountability Act (HIPAA). Healthcare organizations using Ciyex EHR are responsible for entering into a Business Associate Agreement (BAA) with Ciyex before processing PHI. Our website (ciyex.org) does not collect or process PHI.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information with:

  • Service Providers: Third-party services that help us operate our platform (e.g., Zeffy for donations, cloud hosting providers). These providers are contractually obligated to protect your data.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental regulation.
  • Nonprofit Reporting: Aggregate, anonymized data may be used in grant applications and annual reports.

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS/SSL), encryption at rest, role-based access controls, and audit logging. While we strive to protect your information, no method of electronic transmission or storage is 100% secure.

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account and associated data at any time.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Object to or restrict certain processing of your data
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time

To exercise any of these rights, contact us at help@ciyex.org.

9. Open Source Transparency

Our source code is publicly available under the AGPL-3.0 license. This means anyone can inspect how we handle data, verify our security practices, and confirm that we do what we say. Transparency is fundamental to earning the trust of the patients and communities we serve.

10. Third-Party Links

Our website may contain links to third-party websites (e.g., GitHub, Zeffy, community forum). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

11. Children's Privacy

Our website and services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last Updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: