Privacy Policy

ERRANDWORKS PRIVACY, DATA SECURITY, & HIPAA POLICIES

Effective Date: November 29, 2025
Last Updated: November 29, 2025

1. PRIVACY POLICY

1.1 Information We Collect

Personal Information:

  • Name, email address, phone number, and mailing address
  • Payment information (processed through secure third-party processors)
  • Government-issued identification for background verification
  • Emergency contact information
  • Service preferences and special instructions

Health Information:

  • Medical conditions or disabilities relevant to service provision
  • Prescription information when providing prescription pickup services
  • Mobility or assistance needs for senior care services
  • Dietary restrictions or allergies for grocery services

Usage Data:

  • Service requests and transaction history
  • Communication logs between customers and service providers
  • Website usage analytics and cookies
  • Location data for service delivery purposes

1.2 How We Use Information

We use collected information to:

  • Match customers with appropriate service providers
  • Process payments and manage accounts
  • Communicate about services, scheduling, and updates
  • Conduct background checks and verify provider credentials
  • Improve our platform and service offerings
  • Comply with legal obligations and regulatory requirements
  • Respond to customer support inquiries

1.3 Information Sharing

We may share information with:

  • Service Providers: Only information necessary to complete requested services
  • Payment Processors: Financial information required for transaction processing
  • Background Check Companies: Provider information for verification purposes
  • Legal Authorities: When required by law or court order
  • Business Partners: Aggregated, non-personal data for analytics

We DO NOT sell personal information to third parties for marketing purposes.

1.4 Data Retention

  • Customer account information: Retained while account is active plus 7 years
  • Transaction records: 7 years for financial compliance
  • Health information: 6 years from last service date
  • Marketing preferences: Until withdrawal of consent
  • Background check results: 5 years from verification date

2. DATA SECURITY POLICY

2.1 Security Measures

Technical Safeguards:

  • SSL/TLS encryption for data transmission
  • AES-256 encryption for stored sensitive data
  • Multi-factor authentication for administrative access
  • Regular security vulnerability assessments
  • Automated backup systems with encryption

Physical Safeguards:

  • Restricted access to servers and data centers
  • Locked filing cabinets for physical documents
  • Surveillance systems in sensitive areas
  • Visitor access controls and logging

Administrative Safeguards:

  • Mandatory security training for all employees
  • Role-based access controls to limit data exposure
  • Regular security policy updates and reviews
  • Incident response procedures and protocols

2.2 Employee Access Controls

  • Minimum necessary standard for data access
  • Regular access reviews and privilege audits
  • Confidentiality agreements for all staff
  • Immediate access revocation upon termination
  • Logging and monitoring of all data access

2.3 Vendor Management

  • Due diligence security assessments for all vendors
  • Business Associate Agreements (BAAs) where applicable
  • Regular security compliance reviews
  • Incident notification requirements
  • Data processing agreements compliant with applicable laws

3. HIPAA COMPLIANCE

3.1 Covered Services

ErrandWorks acknowledges that certain services may involve Protected Health Information (PHI):

  • Prescription pickup and delivery
  • Medical appointment transportation
  • Senior assistance services
  • Healthcare-related errands

3.2 Business Associate Relationships

When providing HIPAA-covered services, ErrandWorks acts as a Business Associate and:

  • Executes Business Associate Agreements with covered entities
  • Limits use of PHI to authorized purposes only
  • Implements appropriate safeguards for PHI
  • Reports any unauthorized uses or disclosures
  • Returns or destroys PHI upon contract termination

3.3 Patient Rights

Individuals have the right to:

  • Request restrictions on PHI use and disclosure
  • Access their PHI maintained by ErrandWorks
  • Request amendments to inaccurate PHI
  • Receive confidential communications
  • File complaints regarding PHI handling

3.4 HIPAA Security Requirements

  • Assigned HIPAA Security Officer
  • Conducted security risk assessments
  • Implemented workforce training programs
  • Established information access management procedures
  • Maintained audit logs of PHI access

4. DATA BREACH PROCEDURES

4.1 Incident Response Team

Team Members:

  • Chief Executive Officer (Incident Commander)
  • Legal Counsel
  • IT Security Officer
  • Customer Service Manager

4.2 Response Timeline

Immediate Response (0-24 hours):

  • Contain and assess the breach
  • Document all known facts
  • Notify law enforcement if criminal activity suspected

Short-term Response (24-72 hours):

  • Complete breach risk assessment
  • Notify affected individuals if high risk of harm
  • Report to relevant regulatory authorities
  • Implement remediation measures

Long-term Response (72 hours+):

  • Conduct thorough investigation
  • Implement additional security measures
  • Provide ongoing support to affected individuals
  • Review and update security policies

4.3 Notification Requirements

  • HIPAA Breaches: HHS notification within 60 days
  • General Data Breaches: State authorities per Georgia law
  • Customer Notification: Within 30 days of discovery
  • Vendor Notification: Immediately for Business Associates

5. COOKIES AND TRACKING

5.1 Types of Cookies Used

  • Essential Cookies: Required for platform functionality
  • Analytics Cookies: To understand user behavior and improve services
  • Preference Cookies: To remember user settings and preferences

5.2 Cookie Management

Users can control cookies through:

  • Browser settings to block or delete cookies
  • Opt-out links provided in our cookie banner
  • Third-party opt-out mechanisms for analytics cookies

6. THIRD-PARTY SERVICES

We use the following third-party services that may collect data:

  • Payment processors (Stripe, Square)
  • Analytics platforms (Google Analytics)
  • Communication tools (email and SMS services)
  • Background check providers
  • Cloud storage and hosting services

Each third party is required to maintain appropriate data protection measures.

7. INTERNATIONAL DATA TRANSFERS

ErrandWorks primarily operates within the United States. Any international data transfers comply with applicable data protection laws and include appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

8. CHILDREN’S PRIVACY

ErrandWorks does not knowingly collect personal information from children under 13. If we discover such information has been collected, we will delete it immediately and terminate the associated account.

9. YOUR RIGHTS AND CHOICES

9.1 Access and Correction

You may request to:

  • Access your personal information
  • Correct inaccurate information
  • Update your preferences and settings
  • Download your data in a portable format

9.2 Deletion and Opt-Out

You may request to:

  • Delete your account and associated data
  • Opt-out of marketing communications
  • Withdraw consent for optional data processing
  • Restrict certain uses of your information

9.3 How to Exercise Rights

Contact us at:

  • Main Support: 888-337-3139
  • Benefits Phone: 800-794-5510
  • Business SMS: 706-551-7301
  • General Email: support@errandworks.me
  • Mail: 713A Godfrey Rd, Eatonton GA 31024

We will respond to requests within 30 days.

10. COMPLIANCE AND LEGAL BASIS

This policy complies with:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Georgia Personal Identity Protection Act
  • Federal Trade Commission guidelines
  • Payment Card Industry Data Security Standard (PCI DSS)

11. POLICY UPDATES

We may update this policy periodically. Material changes will be communicated via:

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notifications for mobile users

Continued use of our services after policy updates constitutes acceptance of the revised terms.

12. CONTACT INFORMATION

ErrandWorks Privacy Office
713A Godfrey Rd
Eatonton GA 31024
Main Support: 888-337-3139
Benefits Phone: 800-794-5510
Business SMS: 706-551-7301
General Email: support@errandworks.me
Website: https://errandworks.me

HIPAA Privacy Officer:
Available at above contact information
Monday – Friday, 9:00 AM – 5:00 PM EST

Data Protection Officer:
For data protection inquiries: dpo@errandworks.me

13. GRIEVANCE PROCEDURES

If you believe your privacy rights have been violated, you may:

  1. Contact our Privacy Office directly
  2. File a complaint with the U.S. Department of Health and Human Services
  3. Contact your state’s Attorney General office
  4. Seek legal counsel regarding your rights

We will not retaliate against individuals who file complaints or exercise their privacy rights.

This policy is effective as of November 29, 2025, and supersedes all previous versions.