Softiya
Start Free Trial

Privacy Policy

Privacy Policy

Effective Date: 03/16/2026

Softiya LLC (“Softiya,” “we,” “our,” or “us”) provides software, websites, mobile applications, and related consulting, implementation, support, and professional services (collectively, the “Services”). This Privacy Policy describes how we collect, use, disclose, store, and otherwise process information in connection with the Services.

This Privacy Policy applies to information collected through the Softiya websites, the Softiya software platform, the Softiya mobile applications, including the Softiya Field Staff mobile application and related Android and iOS releases, communications with us, and related consulting, onboarding, implementation, support, and business operations.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, your use of the Services constitutes consent to the practices described in this Privacy Policy.

1. Scope and Roles

Softiya may process information in different roles depending on the context:

  • Customer data / service data. Where a customer organization submits, stores, or manages information within the Services, Softiya generally processes such information on behalf of the customer and subject to the applicable contract(s), customer instructions, and law.
  • Business Associate role. Where the Services are used in connection with protected health information (“PHI”) governed by HIPAA, Softiya acts as a Business Associate only to the extent set forth in a fully executed Business Associate Agreement (“BAA”) and applicable law.
  • Independent business records. Softiya also collects and processes its own business records, including account, billing, support, security, usage, and vendor-management information, for its own legitimate business and legal purposes.

Where Softiya processes personal information or regulated data solely on behalf of a customer, that customer is responsible for determining the legal basis for processing, providing any required privacy notices, obtaining any required consents or authorizations, and responding to requests from its workforce members, patients, clients, or other end users, except to the extent otherwise required by law or contract.

2. Information We Collect

2.1 Account, Registration, and Business Information

We may collect names, email addresses, telephone numbers, mailing or business addresses, agency or company name, employer and job title, username, login, and authentication-related information, subscription, billing, and account-administration records, and other information you provide when creating an account, requesting a demo, starting a trial, purchasing services, or contacting us.

2.2 Customer Operational Data

Customers and authorized users may submit or cause the Services to process operational data, which may include:

  • Client, patient, staff, contractor, and caregiver information
  • Schedules, assignments, visits, and timesheets
  • Clinical, service, or care-related documentation
  • Authorizations, claims, billing, and payer-related data
  • Internal notes, communications, attachments, and uploaded records
  • Other data submitted to or generated through use of the Services

2.3 Protected Health Information

Where applicable, the Services may store, transmit, or process PHI and other regulated health data on behalf of customers. In such cases, Softiya’s use and disclosure of PHI is governed by the applicable BAA, contract terms, and law. This Privacy Policy supplements, and does not replace, any BAA or other binding data-processing terms.

2.4 Device, Technical, and Log Information

We may automatically collect technical and usage information, including:

  • IP address
  • Device type, device identifiers, operating system, and browser type
  • Application version, crash data, diagnostics, and performance metrics
  • Timestamps, pages/screens viewed, feature usage, session activity, and interactions with the Services
  • Approximate geolocation derived from IP address
  • Other technical data necessary to operate, secure, maintain, and improve the Services

2.5 Mobile App Permissions and Device Features

Depending on the features used, the mobile applications may request access to certain device permissions or features, including:

  • Camera: to capture images, scan or upload documentation, verify records, support visit-related workflows, or perform other user-initiated app functions
  • Photos / Files / Media: to select, upload, or attach images, forms, and documents
  • Location: to support visit verification, EVV, routing, or other operational workflows, where enabled by the customer or required for the feature used
  • Notifications: to send service-related alerts, reminders, and operational updates
  • Other device features reasonably necessary for the specific function invoked by the user or enabled by the customer

Softiya does not claim access to device features beyond what is disclosed to the user by the operating system and authorized by the user or customer configuration.

2.6 Communications and Support Information

We may collect the contents of messages, support requests, implementation discussions, training communications, and other correspondence you send to us, along with records of our responses.

2.7 Cookies and Similar Technologies

Our websites and web applications may use cookies, local storage, session technologies, and similar tools to authenticate users, maintain sessions, remember preferences, improve functionality, analyze usage, and support security and fraud prevention. Your browser or device may allow you to manage certain cookies or similar technologies, but disabling them may affect functionality.

3. How We Use Information

We may use information for the following purposes, as applicable:

  • Providing, operating, maintaining, supporting, and securing the Services
  • Authenticating users and managing accounts, subscriptions, licenses, and permissions
  • Configuring customer environments, workflows, integrations, and operational settings
  • Processing transactions, invoicing, collections, and related account administration
  • Providing customer service, technical support, training, onboarding, and consulting
  • Monitoring performance, debugging errors, performing analytics, and improving the Services
  • Enforcing contracts, policies, acceptable-use standards, and legal rights
  • Preventing, detecting, investigating, and responding to fraud, abuse, misuse, security incidents, and technical issues
  • Complying with legal, regulatory, audit, contractual, and reporting obligations
  • Any other purpose disclosed at the time of collection or otherwise permitted by law

We may also use aggregated or de-identified information for lawful business purposes, including analytics, benchmarking, product improvement, and business planning, provided such information does not identify an individual where required by law.

4. Legal Bases for Processing

Where applicable law requires a legal basis for processing, Softiya may rely on one or more of the following:

  • Performance of a contract
  • Legitimate interests, including operation, improvement, support, and security of the Services
  • Compliance with legal obligations
  • Protection of vital interests
  • Consent, where required by law
  • Other lawful bases available under applicable law

5. HIPAA, PHI, and Healthcare Data

5.1 Business Associate Role

Where Softiya processes PHI on behalf of a covered entity or business associate customer, Softiya functions as a Business Associate only to the extent established by an executed BAA and applicable law.

5.2 Customer Obligations

Customers are solely responsible for determining whether HIPAA, state privacy laws, or other regulated-data requirements apply to their use of the Services; entering into any required BAA or data-processing agreement; obtaining required consents, authorizations, and acknowledgments; providing legally required notices; configuring permissions and user access appropriately; and ensuring their own personnel use the Services in compliance with applicable law and customer policy.

5.3 Safeguards

Softiya implements administrative, technical, and physical safeguards designed to protect information, including, where applicable:

  • Access controls and authentication measures
  • Role-based permissions
  • Encryption in transit and, where applicable, at rest
  • Logging, monitoring, and audit mechanisms
  • Vendor and personnel access restrictions
  • Incident-response and operational security measures

No safeguard, network, service, or device can be guaranteed to be completely secure or error-free, and Softiya disclaims any representation or warranty of absolute security.

6. How We Disclose Information

6.1 Service Providers, Subprocessors, and Contractors

We may disclose information to vendors, subprocessors, consultants, contractors, and service providers that support the Services or our business operations, such as providers of cloud hosting and infrastructure, storage, backup, and security services, application performance monitoring and error logging, customer support and communications tools, payment processing and accounting services, professional advisors, and implementation, maintenance, or related operational support.

Such parties may process information only as authorized by Softiya and subject to contractual confidentiality, security, and use restrictions, where applicable.

6.2 Corporate Transactions

We may disclose information in connection with an actual or proposed merger, acquisition, financing, investment, reorganization, bankruptcy, sale of assets, or similar corporate transaction, subject to applicable confidentiality and legal requirements.

6.3 Compliance, Protection, and Enforcement

We may preserve, use, or disclose information as we deem reasonably necessary to:

  • Comply with applicable law, regulation, subpoena, court order, legal process, governmental request, or audit
  • Enforce our contracts, policies, and legal rights
  • Detect, prevent, investigate, or address fraud, security incidents, misuse, technical problems, or illegal activity
  • Protect the rights, property, safety, systems, users, customers, or the public

6.4 At Customer Direction

We may disclose information where authorized or directed by the applicable customer or user, including through enabled integrations, customer-configured workflows, exports, or reporting.

6.5 No Sale of PHI; No Unauthorized Marketing Use of PHI

Softiya does not sell PHI. Softiya does not use PHI for marketing or advertising except as permitted by law, contract, and any applicable BAA.

7. Data Retention

Softiya retains information for as long as reasonably necessary to provide the Services, satisfy contractual obligations, maintain security and business continuity, comply with legal, tax, accounting, regulatory, audit, and recordkeeping requirements, resolve disputes, and enforce agreements and legal rights.

Retention periods may vary by data type, customer configuration, contractual obligations, legal requirements, backup cycles, and litigation hold or preservation obligations.

Upon termination or expiration of a customer relationship, information may remain in backups, archives, logs, or retained records for a commercially reasonable period or as otherwise required or permitted by law, contract, or legitimate business needs, after which it may be deleted, anonymized, or de-identified in accordance with Softiya’s practices and obligations.

8. International Data Transfers

The Services are primarily operated in the United States. If you access or use the Services from outside the United States, you acknowledge that information may be transferred to, stored in, and processed in the United States or other jurisdictions that may have different data-protection laws than your jurisdiction. Where required by applicable law, Softiya will use legally recognized transfer mechanisms.

9. Your Rights and Choices

Depending on your jurisdiction and the nature of Softiya’s role, you may have rights relating to your personal information, such as the right to request:

  • Access
  • Correction
  • Deletion
  • Restriction
  • Objection
  • Portability
  • Withdrawal of consent, where processing is based on consent

These rights are not absolute and may be limited by law, contract, security requirements, technical feasibility, Softiya’s role as a service provider, processor, or Business Associate, or the rights of others.

Where Softiya processes information solely on behalf of a customer, the relevant customer may be the appropriate party to receive and respond to your request. Softiya may redirect you to the customer or require that the request be submitted through the customer.

Requests may be submitted using the contact information below. Softiya may take reasonable steps to verify the identity and authority of any requester before responding.

10. US State Privacy Disclosures

To the extent applicable under US state privacy laws, Softiya may act in different roles depending on the context, including as a business, service provider, contractor, processor, or other legally recognized role. Any rights afforded by such laws are subject to applicable exemptions and limitations, including exemptions for HIPAA-regulated information and contexts.

Softiya does not discriminate against individuals for exercising rights provided by applicable law.

11. Children’s Privacy

The Services are intended for use by businesses, agencies, providers, and authorized workforce members, not for direct use by children as a consumer service. To the extent information about minors is submitted into the Services by customers, such information is processed as part of the customer’s operations and subject to the customer’s legal responsibilities and, where applicable, contractual terms and BAAs.

12. Third-Party Services and Links

The Services may contain links to, integrations with, or dependencies on third-party websites, platforms, content, or services not controlled by Softiya. Softiya is not responsible for the privacy, security, availability, or content practices of third parties, and use of such third-party services is subject to their own terms and policies.

13. Security Disclaimer

Softiya uses commercially reasonable measures designed to protect information against unauthorized access, use, disclosure, alteration, and destruction. However, no method of transmission over the internet, no mobile device, no software application, and no storage or security system can be guaranteed to be fully secure, uninterrupted, or error-free.

Except to the extent prohibited by law or expressly agreed in writing, Softiya disclaims any representation, warranty, or guarantee that the Services or any information will be immune from security incidents, interception, unauthorized access, corruption, loss, misuse, or other adverse events.

14. Changes to This Privacy Policy

Softiya may revise this Privacy Policy from time to time in its sole discretion. The updated version will be posted with a revised effective date. Where required by law, Softiya will provide additional notice of material changes through reasonable means. Your continued access to or use of the Services after the effective date of an updated Privacy Policy constitutes acknowledgment of the updated Privacy Policy to the extent permitted by law.

15. Contact Information

If you have questions about this Privacy Policy or Softiya’s privacy practices, contact:

Softiya LLC
Email: support@softiya.com
Website: https://softiya.com

16. App-Specific Disclosure for Google Play and Mobile Platforms

The Softiya mobile applications may collect, process, or transmit certain data and use certain device permissions in connection with workforce operations, scheduling, documentation, visit workflows, and customer-configured features.

For example, subject to actual app functionality and customer configuration, the mobile app may:

  • Access the camera to capture, scan, or upload images or documentation
  • Access files or photos selected by the user for upload or attachment
  • Access location information for EVV, visit verification, routing, or related operational purposes
  • Use network and device data to authenticate users, maintain sessions, diagnose errors, and protect the Services
  • Send notifications relating to operational workflows and service use

Such data is used to provide and support the Services, comply with customer instructions, protect system integrity, and fulfill legal and contractual obligations. Softiya does not authorize advertising-based use of PHI and does not sell PHI.