Privacy Policy for ICRM LLC

Effective Date: 01/01/2025

Last Updated:01/01/2025

ICRM LLC (“ICRM,” “we,” “our,” or “us”) values your privacy
and is committed to protecting your personal information. This Privacy Policy
describes how we collect, use, store, and share information—including protected
health information (PHI) and personally identifiable information (PII)—through
our Integrated Client Relationship + Marketing (ICR+M) platform. We are
committed to compliance with the Health Insurance Portability and
Accountability Act (HIPAA), the Federal Communications Commission (FCC) regulations,
and other applicable privacy laws.

1. Scope

This policy applies to all users of our services, including
but not limited to:

Small business clients and their customers Healthcare providers and covered entities under HIPAA Individuals receiving communications via SMS, email, or calls through the ICR+M platform

2. Information We Collect

We may collect the following types of information:

a. Personally Identifiable Information (PII)

Full name, email address, phone number, job title, business name Billing and payment information Login credentials and IP addresses

b. Protected Health Information (PHI)

When serving clients subject to HIPAA (e.g., healthcare
providers or administrators), we may process PHI such as:

Medical records Health insurance details Diagnosis and treatment information

c. Communications Data

SMS and voice recordings (with consent) Email interactions Marketing response behavior

d. Technical & Usage Data

Browser type, device identifiers Access times and usage patterns

3. How We Use Your Information

We use the information we collect for the following
purposes:

To provide and manage CRM and marketing services To comply with HIPAA when handling PHI To facilitate communication through SMS, voice, and email per FCC rules To ensure data security, prevent fraud, and meet legal obligations To analyze service usage and improve system performance

4. HIPAA Compliance

We comply with HIPAA and act as a

Business Associate (BA)

when handling PHI on behalf of Covered Entities. We implement:

Signed Business Associate Agreements (BAAs) Data encryption at rest and in transit Role-based access control and audit logging Breach notification procedures in accordance with HIPAA rules

We do not use PHI for marketing purposes without prior
authorization.

5. FCC Compliance

We comply with all FCC regulations related to telemarketing,
robocalls, and SMS messaging under the Telephone Consumer Protection Act (TCPA)
and A2P 10DLC requirements:

All SMS and call communications require prior express written consent Opt-out instructions are included in all marketing messages Communication logs are maintained in accordance with FCC regulations

6. Data Sharing and Disclosure

We do not sell your personal information. We may share
information only:

With third-party service providers bound by confidentiality and compliance agreements With Covered Entities under HIPAA where required As required by law, subpoena, or regulatory mandate In case of a merger, acquisition, or asset transfer (with notice)

7. Data Retention

We retain your data only for as long as necessary to fulfill
the purposes outlined in this Policy or as required by law (e.g., HIPAA
mandates a 6-year retention of certain data).

8. Your Rights

Depending on your jurisdiction and role, you may have rights
to:

Access, correct, or delete your data Withdraw consent for marketing File a complaint with the U.S. Department of Health and Human Services (HHS)

HIPAA-covered individuals can request an accounting of
disclosures and restrictions on PHI usage.

9. Security Measures

We use industry-standard safeguards to protect your data:

End-to-end encryption (AES-256) Multi-factor authentication (MFA) Network monitoring and intrusion detection Staff training on HIPAA and FCC compliance

10. Children’s Privacy

Our services are not intended for use by children under 13.
We do not knowingly collect information from minors without verifiable parental
consent.

11. Changes to This Policy

We may update this Privacy Policy periodically. Any changes
will be posted with the updated date at the top of this document. Material
changes will be communicated via email or through our platform.

12. Contact Us

If you have questions or requests regarding this policy or
your data:

ICRM LLC

Email: [email protected]

Phone: +1 317-893-3775

HIPAA Complaints: Contact Above