Privacy Policy

Last updated: April 1, 2026 ยท Resultez Consulting Group LLC (VaultForms)

๐Ÿ”’ VaultForms is a HIPAA-compliant platform. We maintain a Business Associate Agreement (BAA) with all healthcare agency subscribers. All Protected Health Information (PHI) is encrypted in transit and at rest.

1. Who We Are

VaultForms is operated by Resultez Consulting Group LLC, a Minnesota-based company located at 2219 Oakland Ave, Minneapolis MN 55404. We provide HIPAA-compliant digital forms software to licensed Minnesota healthcare agencies. Contact us at privacy@vaultforms.com.

2. Information We Collect

Agency account data: When a healthcare agency signs up, we collect the agency name, director name, email address, phone number, NPI number, Minnesota business registration number, and government-issued ID for verification.

Form submission data: When clients complete forms sent by agencies, that data is collected and stored on behalf of the agency. This may include Protected Health Information (PHI). VaultForms acts as a Business Associate under HIPAA.

Usage data: We collect anonymized usage analytics including page views, feature usage, and submission counts to improve our platform. We do not sell this data.

Technical data: IP addresses (hashed), browser type, and device information for security purposes including geographic access controls.

3. How We Use Your Information

We use collected information to: provide and improve the VaultForms platform; verify agency licensing and identity; enforce geographic access restrictions (Minnesota-based services only); send transactional emails (submission confirmations, staff invitations, billing notifications); comply with HIPAA and Minnesota state law; and detect and prevent fraud or unauthorized access.

4. HIPAA Compliance

VaultForms is designed for HIPAA compliance. We sign Business Associate Agreements (BAAs) with all healthcare agency subscribers before any PHI is processed. All PHI is encrypted using AES-256 at rest and TLS 1.3 in transit. Access to PHI is restricted by role-based access controls. We maintain audit logs of all PHI access. The Anthropic Claude API used for AI features never receives completed patient submissions โ€” only blank form template structures.

5. Data Sharing

We do not sell your data. We do not share PHI with third parties except as required to operate our platform (cloud infrastructure providers bound by BAAs) or as required by law. Our infrastructure partners include Supabase (database, BAA signed), AWS S3 (file storage, BAA signed), Vercel (hosting), Stripe (payment processing), and Resend (transactional email).

6. Geographic Restrictions

VaultForms services are restricted to users located in the state of Minnesota. Form submissions from outside Minnesota are automatically blocked at our edge network. This restriction exists because our form library is specific to Minnesota DHS regulations and provider licensing requirements.

7. Data Retention

Agency account data is retained for the duration of the subscription plus 7 years (Minnesota medical records requirement). Form submissions containing PHI are retained per the agency's own retention policy, with a minimum of 7 years. Agencies may request data export or deletion by contacting privacy@vaultforms.com.

8. Your Rights

Minnesota residents have the right to access, correct, or delete personal data we hold about them. Healthcare patients whose data was collected via agency forms should contact the agency directly โ€” they are the data controller. To exercise your rights, contact us at privacy@vaultforms.com.

9. Changes to This Policy

We will notify agency administrators by email of any material changes to this Privacy Policy at least 30 days before they take effect.

10. Contact

Privacy Officer: Farhan Ahmed ยท privacy@vaultforms.com ยท (612) 000-0000 ยท 2219 Oakland Ave, Minneapolis MN 55404