We are not able to claim that YCBM is HIPAA compliant, mainly due to the fact that our system relies on creating and holding data on a 3rd party system (namely Google and Microsoft calendars) and therefore is a degree away from our own absolute control over the data.
We are a UK company; and as such, we do comply with the UK's Data Protection Act (UK GDPR) and EU GDPR and we have a number of robust security measures in place.
Basically, whatever information you gather on the booking form is stored on our server and retained for the purposes of notifications and reminders. So, we would hold John Smith's email and phone number so that we can send text messages, confirmation emails and reminders to him (as selected by you). The information itself isn't encrypted but we use industry-strength encryption to protect the server.
The data for individual bookings will be held and processed by us up to the date of the relevant booking and for up to 24 months after the time and date of the booking by default. The data will be automatically deleted after 24 months unless the account holder changes the default setting.
You can determine what information you gather through our system and whether or not you delete past bookings on a regular basis. Our data deletion feature allows you to automatically set data to delete at the time you specify.
Please feel free to take a look at our Privacy and data protection policy for more information.