Privacy Policy

Effective Date: July 1, 2025 Last Updated: November 12, 2025

1. Overview

Catapult Business Innovations LLC (“Catapult,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and protect Personal Information, including any Protected Health Information (“PHI”) we may process on behalf of our clients who are Covered Entities under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Our primary website is https://www.catapultagents.com. By accessing or using our website or services, you consent to the practices described below.

2. HIPAA Compliance and Scope

When Catapult provides services to a healthcare provider (a “Covered Entity”), we act as a Business Associate as defined under HIPAA. In such cases, our collection, use, and disclosure of PHI are governed by a formal Business Associate Agreement (BAA) with that provider.

This Privacy Policy supplements, but does not override, the terms of any BAA. Catapult does not use or disclose PHI except as permitted under a BAA and as required by law.

3. Types of Information We Collect

Catapult may collect the following:

  • a. Personal Information (Non-PHI): Information you provide to us directly, such as your name, email address, phone number, job title, and company name when you request a demo or contact us. We also collect technical information like IP addresses and cookie data from our website visitors.
  • b. Protected Health Information (PHI): In our role as a Business Associate, we may process PHI on behalf of a Covered Entity. This includes individually identifiable health information submitted by patients through HIPAA-covered services, such as:
    • Appointment request forms
    • Patient intake forms
    • Information exchanged via our AI Phone, Chat, or Voice Agents

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services (e.g., website management, ad campaigns).
  • Operate our AI Agents on behalf of healthcare providers.
  • Respond to your inquiries, schedule demos, and provide customer support.
  • Fulfill our contractual obligations under a BAA.
  • Comply with legal obligations and enforce our terms of service.

We do not use PHI collected on behalf of one provider for the benefit of any other provider. We do not sell PHI.

5. Safeguards for PHI and Other Data

Catapult implements administrative, physical, and technical safeguards required under the HIPAA Security Rule to protect all PHI. These measures include:

  • Encryption of data in transit and at rest.
  • Strict access controls and user authentication.
  • Secure, HIPAA-compliant hosting infrastructure.
  • Regular security monitoring and incident response procedures.
  • Mandatory HIPAA training for all team members with potential access to PHI.

6. Disclosure of Information

We may disclose Personal Information or PHI:

  • To Our Clients (Covered Entities): We provide PHI to the specific healthcare provider on whose behalf we collected it, as governed by our BAA.
  • To Our Subcontractors: We may use subcontractors (e.g., GoHighLevel, secure cloud hosting) to perform our services. We require all subcontractors who handle PHI to sign their own BAAs with us, binding them to the same HIPAA standards.
  • As Required by Law: We may disclose information if required by a subpoena, court order, or other legal process.
  • For Business Transfers: In the event of a merger or acquisition, we will ensure that the receiving party agrees to safeguard PHI with the same level of protection.

7. Cookies and Tracking

Our public website (https://www.catapultagents.com) uses essential cookies and analytics tools to improve user experience. These tools do not collect PHI. When providing services on behalf of a Covered Entity (e.g., on their website), our tools are configured to be HIPAA-compliant and do not tie PHI to tracking identifiers.

8. Your HIPAA Rights

If you are a patient of a healthcare provider that uses our services, you have rights regarding your PHI under HIPAA, including the right to access, amend, or request an accounting of disclosures.

To exercise these rights, please contact your healthcare provider (the Covered Entity) directly. As a Business Associate, Catapult cannot act on patient requests unless directed to do so by the Covered Entity.

9. Data Retention

We retain PHI only as long as specified in our BAA with the healthcare provider or as required by law. We retain non-PHI Personal Information for as long as necessary to fulfill the business purposes outlined in this policy.

10. Children’s Privacy

Our services are intended for use by healthcare practices and are not directed at children under 13. We do not knowingly collect Personal Information from children under 13. If we become aware that PHI of a minor has been collected, we will handle it in accordance with HIPAA and the terms of our BAA.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top of this page will indicate when changes were made. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer:

Catapult Business Innovations LLC ATTN: Privacy Officer Email: legal@catapultagents.com Website: https://www.catapultagents.com