Legal

Privacy Policy

How we collect, use, and protect information. Arbor Genie LLC.

Effective date: April 28, 2026

Last updated: April 28, 2026

This Privacy Policy describes how Arbor Genie LLC ("Arbor Genie," "we," "us," or "our") collects, uses, and protects information in connection with our products and services — including Fax Genie, Pathway Genie, and this website (collectively, the "Services"). We take privacy seriously, particularly given our work in healthcare.

Information We Collect

From practice administrators and account holders

  • Contact and account information — name, email address, practice name, phone number, and billing information collected when you sign up for or manage a Services account
  • Communications — messages you send us by email or through support channels

From the Services (Fax Genie, Pathway Genie)

  • Protected Health Information (PHI) — Fax Genie and Pathway Genie process clinical documents and patient data on behalf of healthcare practices. This data is processed under a Business Associate Agreement (BAA) as required by HIPAA. We do not use PHI for any purpose other than providing the contracted Services to your practice.
  • Usage and log data — system logs, error reports, and service metrics collected automatically to maintain and improve the Services. These logs may include IP addresses and user actions but are not used for advertising or sold to third parties.

From this website

  • Contact form submissions — name and email if you reach out through the website
  • Standard web server logs — IP address, browser type, pages visited, referrer, and timestamps. We do not run third-party behavioral tracking or advertising pixels on this site.

How We Use Information

  • To provide, operate, and improve the Services
  • To communicate with you about your account, support requests, and service updates
  • To comply with legal obligations, including HIPAA
  • To detect and prevent fraud, abuse, or security incidents

We do not sell personal information. We do not use PHI for product improvement, AI model training, or any purpose beyond the contracted Services without a separate written agreement.

HIPAA and Business Associate Agreements

When Arbor Genie processes PHI on behalf of a covered healthcare practice, we act as a Business Associate under HIPAA. All practices that transmit PHI through our Services must have a signed BAA with Arbor Genie before any PHI is processed. We maintain HIPAA-required administrative, technical, and physical safeguards and will report breaches in accordance with the HIPAA Breach Notification Rule. Contact chris@arborgenie.com to request a BAA.

AI and Machine Learning

Fax Genie and Pathway Genie use AI and large language models to process clinical documents and generate patient communications. Data submitted for processing is used only to perform the requested task (e.g., classify a fax, generate a patient message). We do not use customer PHI to train general-purpose AI models. Our AI providers are selected and configured to comply with our HIPAA obligations, including execution of appropriate BAAs with those providers.

Data Sharing

We share information only:

  • With your practice's EHR or connected systems — as directed by your workflow configuration (e.g., uploading a matched fax to your EHR)
  • With service providers — cloud infrastructure, monitoring, and other vendors who assist in operating the Services and who are bound by confidentiality and, where applicable, HIPAA obligations
  • As required by law — in response to valid legal process or to protect the rights and safety of Arbor Genie, our customers, or others

We do not sell, rent, or share personal information or PHI with advertisers or data brokers.

Data Retention

We retain account and service data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations and support requests. PHI processed through the Services is retained only as long as necessary to perform the contracted Services or as required by applicable law. Retention schedules are documented in your BAA.

Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data we handle, including encryption in transit and at rest, access controls, and audit logging. In the event of a security incident affecting PHI, we will notify affected practices as required by the HIPAA Breach Notification Rule.

Your Rights

Depending on your location, you may have rights to access, correct, or delete personal information we hold about you as an account holder. To exercise these rights, contact us at chris@arborgenie.com. Requests related to PHI (patient rights) should be directed to your healthcare practice, which controls that data as the Covered Entity.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or a notice posted through the Services. The "Last updated" date at the top reflects the most recent revision.

Contact

Arbor Genie LLC
Snoqualmie, WA 98065
chris@arborgenie.com