Skip to main content
Privacy Policy — SFA Solutions LLC
SFA Solutions LLC SFA Solutions LLC Back to Website
Legal & Compliance

Privacy Policy

How SFA Solutions LLC collects, uses, protects, and handles your personal information when you use our website and services.

Effective Date: June 1, 2025
Last Updated: June 1, 2025
Austin, Texas, USA
01 — Overview

About This Privacy Policy

SFA Solutions LLC ("SFA Solutions," "we," "us," or "our") is an AI-powered revenue cycle management (RCM) and medical billing company headquartered in Austin, Texas. We are committed to protecting the privacy and security of all personal information entrusted to us by our clients, website visitors, and business partners.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website sfasolutions.net, contact us, or engage with our RCM services. Please read this policy carefully. By accessing our website or using our services, you agree to the terms described herein.

If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services and contact us to discuss your concerns.

Data Controller

SFA Solutions LLC, Austin, Texas, USA — responsible for all data processed on this website.

Scope

Applies to sfasolutions.net and all associated service portals, contact forms, and communications.

Healthcare Context

As an RCM provider, we operate under HIPAA guidelines when handling Protected Health Information.

Our Commitment

We never sell your personal data. We never share mobile data for advertising. Period.

02 — Data We Collect

Information We Collect

We collect information you voluntarily provide and data gathered automatically when you interact with our website or services.

Information You Provide Directly

  • Contact Information: Name, email address, phone number, and fax number submitted through our contact or audit request forms.
  • Practice Information: Practice name, specialty, location, and billing challenges shared when requesting a free audit or engaging our services.
  • Mobile / Phone Numbers: Collected solely when you voluntarily provide them and only used to deliver the service or communications you specifically requested.
  • Communications: Any messages, inquiries, or correspondence you send us via email, form submission, or phone.
  • Service Data: Information required to deliver RCM services, including provider credentialing details, EHR access credentials (stored securely), and billing data processed under a signed Business Associate Agreement (BAA).

Information Collected Automatically

  • Log Data: Browser type and version, operating system, referrer URL, hostname, server request time, and IP address.
  • Usage Data: Pages visited, time spent on pages, links clicked, and navigation patterns — collected in anonymized or pseudonymized form.
  • Device Data: Device type, screen resolution, and general location derived from IP address (country/city level only).
  • Cookies & Tracking Technologies: Session and persistent cookies as described in our Cookies section below.
03 — Mobile & SMS Data

Mobile Number & SMS Communications Policy

SFA Solutions LLC takes the collection and use of mobile phone numbers with the utmost seriousness. This section specifically addresses how we collect, use, store, and protect mobile data in full compliance with applicable regulations including the Telephone Consumer Protection Act (TCPA) and CTIA messaging guidelines.

Collection of Mobile Numbers

We collect mobile phone numbers only when you voluntarily provide them through our website forms, service enrollment, or direct communication with our team. Providing a mobile number is always optional and is never required to access general information about our services.

Use of Mobile Numbers

Mobile numbers collected by SFA Solutions LLC are used exclusively for the following purposes:

  • Transactional and informational SMS communications directly related to your account or service engagement
  • Appointment reminders and scheduling notifications for audit consultations
  • Account activity notifications and login verification codes
  • Responses to inquiries you have specifically directed to us
  • Service updates that are directly relevant to your active engagement with SFA Solutions
Compliance Statement — Mobile Data Protection

We do not sell or share mobile or personal data with third parties, affiliates, or partners for marketing or promotional purposes. We only share data with third parties when it is strictly necessary to deliver our service and only under binding agreements that ensure confidentiality.

Under no circumstances will mobile data be shared or sold for advertising or promotional use. This commitment is absolute and applies to all mobile numbers, SMS opt-in data, and associated contact records collected through any channel.

SMS Opt-In & Opt-Out

If you opt in to SMS communications from SFA Solutions LLC, you may opt out at any time by replying STOP to any message we send. You may also reply HELP for assistance or contact us directly at bd@sfasolutions.net. Standard message and data rates may apply depending on your carrier. Message frequency varies based on your service engagement level.

Storage & Retention of Mobile Data

Mobile numbers are stored in secure, access-controlled systems. They are retained only for as long as necessary to fulfill the purpose for which they were collected, or as required by law. Mobile numbers are deleted or anonymized promptly upon request or following the conclusion of the relevant service relationship.

04 — How We Use Data

How We Use Your Information

SFA Solutions LLC uses personal information collected for the following legitimate business purposes:

  • Service Delivery: To provide, operate, and improve our medical billing, credentialing, virtual assistance, and RCM services.
  • Communication: To respond to your inquiries, deliver audit reports, and communicate about your account or service engagement.
  • Compliance: To meet legal obligations under HIPAA, TCPA, applicable state laws, and contractual requirements with payers and providers.
  • Website Improvement: To understand how visitors use our website and to optimize content and user experience using anonymized analytics data.
  • Security: To detect, prevent, and address technical issues, fraud, or unauthorized access to our systems.
  • Contractual Obligations: To fulfill our commitments under signed service agreements and Business Associate Agreements (BAAs) with healthcare providers.

We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

05 — Data Sharing

Data Sharing & Third Parties

We treat your data with strict confidentiality. SFA Solutions LLC does not sell, rent, trade, or otherwise transfer your personal information to third parties for commercial gain.

Permitted Disclosures

We may share your information with third parties only in the following limited circumstances:

  • Service Fulfillment: With subcontractors or technology providers engaged directly in delivering your requested RCM services, all of whom operate under binding confidentiality agreements.
  • Payer & Clearinghouse Submissions: With insurance payers, clearinghouses, and relevant government programs (Medicare, Medicaid, TRICARE) as strictly required to process claims on your behalf.
  • Legal Compliance: When required by applicable law, court order, or government authority, or to protect the rights, property, or safety of SFA Solutions LLC, our clients, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case affected parties will be notified and existing privacy commitments honored.
  • With Your Consent: In any other circumstance where you have given clear, prior, and specific consent to such disclosure.
Absolute Prohibition

We expressly prohibit the use of any personal data — including mobile numbers, email addresses, and contact information — for advertising, marketing, or promotional purposes by any third party.

All third-party data processors engaged by SFA Solutions LLC are contractually bound to this restriction. Any vendor or partner found to be in violation of this requirement will be immediately terminated and reported to appropriate regulatory authorities.

06 — HIPAA & Healthcare

HIPAA Compliance & Protected Health Information

As a medical billing and revenue cycle management company, SFA Solutions LLC handles Protected Health Information (PHI) on behalf of covered entities (healthcare providers). Our handling of PHI is governed separately by the Health Insurance Portability and Accountability Act (HIPAA) and the terms of our Business Associate Agreements (BAAs).

Business Associate Agreement

All clients who share PHI with SFA Solutions LLC are required to execute a signed Business Associate Agreement prior to the commencement of services. This agreement defines the permissible uses and disclosures of PHI and establishes the safeguards SFA Solutions maintains to protect it.

PHI Safeguards

  • End-to-end encryption of all data transmission and storage
  • Role-based access controls limiting PHI access to authorized personnel only
  • Regular third-party security audits and penetration testing
  • Comprehensive staff training on HIPAA Privacy and Security Rules
  • Documented incident response and breach notification procedures

For questions specific to the handling of PHI under your BAA, please contact your dedicated account manager or our compliance team at privacy@sfasolutions.net.

07 — Cookies & Analytics

Cookies & Website Analytics

Our website uses cookies to enhance your browsing experience, analyze site usage, and ensure the proper functioning of our web-based tools.

Types of Cookies We Use

  • Session Cookies: Temporary cookies that expire when you close your browser. These are necessary for website navigation and basic functionality.
  • Persistent Cookies: Cookies stored on your device for a defined period that help us recognize returning visitors and maintain preferences.
  • Analytics Cookies: Used to collect anonymized and pseudonymized data about how visitors interact with our site. We use this data solely to improve website performance and content relevance.

Analytics Platform

This website may use Matomo (open-source web analytics) or equivalent privacy-respecting tools to analyze visitor behavior. IP addresses are anonymized before storage. Analytics data is never shared with advertising networks or used to build user profiles for marketing purposes.

Managing Cookies

You may configure your browser to decline all cookies, notify you when a cookie is set, or delete existing cookies at any time. Please note that disabling certain cookies may affect the functionality of this website. You can also opt out of analytics tracking through our cookie consent settings when available on the site.

Server Log Files

Our hosting provider automatically collects standard server log information including browser type, operating system, referrer URL, hostname, server request time, and IP address. This data is used exclusively for technical administration and security monitoring. It is not combined with other personal data sources and is not used for marketing purposes.

08 — Data Security

How We Protect Your Data

SFA Solutions LLC implements enterprise-grade security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

  • Encryption in Transit: All data transmitted to and from our website and systems uses SSL/TLS encryption (HTTPS). Encrypted connections are indicated by the padlock icon in your browser.
  • Encryption at Rest: Sensitive data is encrypted at rest using industry-standard encryption protocols.
  • Access Controls: Strict role-based access controls ensure that only authorized personnel can access personal data, and only to the extent required by their responsibilities.
  • Security Audits: We conduct regular internal compliance reviews and periodic third-party security assessments.
  • Staff Training: All SFA Solutions personnel receive comprehensive data security and HIPAA privacy training upon onboarding and annually thereafter.
  • Incident Response: We maintain documented breach notification and incident response procedures compliant with HIPAA and applicable state laws.

Please note that no method of transmission over the internet or electronic storage is 100% secure. While we apply commercially reasonable safeguards, we cannot guarantee absolute security of data transmitted to us via email or web forms.

09 — Your Rights

Your Data Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information. To exercise any of these rights, contact us at privacy@sfasolutions.net. We will respond within 30 days.

Your Right
What This Means
Access
Request a copy of the personal information we hold about you, including its origin, recipients, and the purpose of collection — at no charge.
Correction
Request that inaccurate or incomplete personal data we hold about you be corrected or updated.
Deletion
Request deletion of your personal data where it is no longer necessary for the purpose it was collected, subject to legal retention requirements.
Objection
Object to the processing of your data for direct marketing purposes or where processing is based on our legitimate interests.
Portability
Receive your personal data in a structured, machine-readable format for transfer to another service provider, where technically feasible.
Restriction
Request that we restrict processing of your data in certain circumstances, such as while a correction request is being verified.
Revocation
Withdraw consent to data processing at any time where processing is based on consent. Withdrawal does not affect the lawfulness of prior processing.
Complaint
File a complaint with the appropriate regulatory authority if you believe your data protection rights have been violated.
10 — Data Retention

How Long We Keep Your Data

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to meet our contractual obligations, or as required by applicable law.

  • Website Inquiry Data: Contact form submissions are retained for up to 24 months, after which they are securely deleted unless a service relationship has been established.
  • Client Service Data: Data processed under a signed service agreement is retained for the duration of the engagement plus seven (7) years, in compliance with healthcare billing record requirements.
  • Mobile Numbers & SMS Records: Retained only for the duration of the active service relationship and deleted promptly upon request or conclusion of services.
  • Server Logs: Automatically deleted or anonymized within 90 days of collection.
  • PHI: Retained and disposed of in accordance with the terms of the applicable BAA and HIPAA regulations.

When data is no longer required, it is securely deleted or anonymized using industry-standard methods to prevent reconstruction or unauthorized recovery.

11 — Social Media

Social Media Integrations

Our website may contain links or integration features for social media platforms including LinkedIn and Instagram. These integrations allow you to share or connect our content with your social media profiles. Please note the following:

LinkedIn

Our website may include LinkedIn features. When you interact with these features and are logged into LinkedIn, LinkedIn may associate your visit with your user account. SFA Solutions LLC receives no personal data as a result of these interactions. For details, review LinkedIn's Privacy Policy at linkedin.com/legal/privacy-policy.

Instagram

Our website may include Instagram features. If you are logged into Instagram and interact with an Instagram button on our site, Instagram may associate your visit with your profile. We receive no information from Instagram about the content of data transmitted. For details, review Instagram's Privacy Policy at privacycenter.instagram.com.

SFA Solutions LLC is not responsible for the data practices of any third-party social media platform. We recommend reviewing the privacy policies of any social platform you use.

12 — Policy Changes

Updates to This Privacy Policy

SFA Solutions LLC reserves the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational needs. When changes are made, we will update the "Last Updated" date at the top of this page.

For material changes that significantly affect your rights or our use of your data, we will provide notice via email (if you are a registered client or have submitted a contact form) or via a prominent notice on our website prior to the change taking effect.

Your continued use of our website following the posting of any changes constitutes acceptance of the revised Privacy Policy. If you disagree with the updated policy, you may opt out of communications and request deletion of your data as described in the Your Rights section.

13 — Contact Us

Privacy & Compliance Contact

If you have questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact our compliance team using the information below. We are committed to responding to all privacy-related inquiries within 30 business days.

Email

bd@sfasolutions.net

Fax

(616) 239-0024

Jurisdiction

Austin, Texas, USA — governed by U.S. federal and Texas state law.

Regulatory Complaints

You may file a complaint with the FTC (ftc.gov) or your state's Attorney General office.

We expressly prohibit the use of contact information published in this policy for sending unsolicited promotional or advertising communications. SFA Solutions LLC reserves the right to pursue legal action against senders of unauthorized spam or marketing communications directed to our contact addresses.