Privacy Policy

Effective Date: October 15th, 2025

Operon, LLC ("Operon.Cloud", "we", "our", or "us") is committed to protecting the privacy of our users and customers. This Privacy Policy describes how we collect, use, and protect personal and organizational data when you visit our website, engage with our services, or interact with the Operon.Cloud platform.

1. Overview

Operon.Cloud is a B2B SaaS platform that provides blockchain-powered interoperability infrastructure for healthcare organizations, including payers, providers, and technology vendors. Our platform enhances data trust, auditability, and compliance while minimizing disruption to existing systems. We do not store Protected Health Information (PHI) directly; rather, we store metadata, digital signatures, and cryptographic references to facilitate compliance and visibility.

2. Information We Collect

We collect the following types of information:

a. Personal Information

  • Name, email address, job title, company name, and other information submitted via forms or registration pages.
  • Communications data including support inquiries and feedback.

b. Technical & Usage Data

  • IP address, browser type/version, operating system, pages visited, time spent, referring URL, device identifiers.
  • Analytics data from cookies and tracking technologies.

c. Platform Metadata

  • Transaction references (e.g., hashed IDs)
  • Integration events (e.g., timestamps, endpoints used)
  • Consent logs, fraud detection markers, and access audit data

We do not collect or store raw healthcare data or PHI on our platform.

3. How We Use the Information

We use collected information to:

  • Deliver and manage platform functionality
  • Enable fraud detection and consent enforcement
  • Improve user experience and product performance
  • Respond to inquiries and provide customer support
  • Ensure regulatory compliance (e.g., HIPAA, CCPA)
  • Send marketing or informational updates (with opt-out capability)

4. Legal Basis for Processing

We rely on the following legal bases for processing personal data:

  • User consent (e.g., when signing up for communications or beta access)
  • Contractual necessity (e.g., providing our services)
  • Legal obligations (e.g., for auditability, regulatory investigations)
  • Legitimate interest (e.g., fraud detection, platform analytics)

5. Data Sharing and Subprocessors

We share limited data with:

  • Google Cloud Platform: Infrastructure and cloud services
  • Hedera Hashgraph: Distributed ledger services

We do not sell or rent any personal information to third parties. Subprocessors are contractually bound to adhere to security and confidentiality requirements.

6. Security Measures

We use industry-standard administrative, technical, and organizational safeguards to protect data:

  • Encryption in transit and at rest
  • Blockchain-based tamper-proof ledgers
  • Secure APIs with token-based authentication
  • Role-based access control (RBAC)
  • Regular security audits and penetration testing

7. Data Retention

We retain:

  • Personal data for the duration of the customer relationship and up to 7 years thereafter (or as required by law)
  • System metadata for a minimum of 7 years for compliance
  • Email and marketing preferences until opted out or deleted

8. Cookies and Tracking Technologies

We use cookies and similar tracking tools for:

  • Website analytics (e.g., Google Analytics)
  • Performance monitoring
  • Session state management
  • Tailored messaging and product optimization

You may control cookie settings through your browser preferences.

9. User Rights

Under applicable regulations (e.g., CCPA, HIPAA), you have the right to:

  • Request access, correction, or deletion of personal data
  • Object to or restrict processing under certain conditions
  • Withdraw consent for marketing communications
  • File a complaint with a regulatory authority

Requests can be made via privacy@operon.cloud.

10. Incident Response and Breach Notification

We maintain a written incident response plan. In the event of a breach involving personal data:

  • Affected individuals will be notified within required regulatory timeframes (e.g., 60 days for HIPAA, "without undue delay" for CCPA).
  • The nature of the breach, the affected data types, and recommended protective actions will be communicated.

11. Children's Privacy

Operon.Cloud is intended for enterprise use only and not directed at individuals under the age of 13. We do not knowingly collect personal data from minors.

12. International Considerations

Our services are primarily intended for the U.S. healthcare market. We do not knowingly transfer personal data outside of the U.S. and do not fall under GDPR compliance scope at this time.

13. Changes to This Privacy Policy

This policy may be updated from time to time. Users will be notified via email or through the website before significant changes take effect.

14. Contact Us

Operon, LLC
30 N Gould St Ste R, Sheridan, WY 82801
Phone: +1 925-222-5515
Email: privacy@operon.cloud