Privacy Policy

1. Who we are

SecurelyFax (“SecurelyFax”, “we”, “us”) is an online fax service operated at securelyfax.com. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and your choices.

2. Information we collect

• Account information: email, password hash (Argon2), name (if provided), and billing tier.
• Fax content: the documents you send and receive, and the metadata around them (sender/recipient numbers, timestamps, page counts, delivery status).
• Payment information: handled by Stripe (web), Apple App Store (iOS), or Google Play (Android). We never see your full card number; we receive only the last four digits, brand, and a tokenized customer ID (web), or a store transaction ID (mobile).
• Telephony metadata: provided by our carrier (Telnyx) — call disposition, duration, error codes.
• Technical data: IP address, user-agent, request timestamps. Used for security, abuse prevention, and audit logs.
• Mobile device data: when you install our iOS or Android app we receive your device push token (used to deliver push notifications when a fax arrives) and a RevenueCat customer identifier of the form mobile-<your user id> used to map App Store / Google Play purchases back to your SecurelyFax account. We do not collect your location, contacts, HealthKit data, advertising identifier, or any analytics/tracking signals on mobile.
• Cookies: a single first-party session cookie (sid) plus a CSRF cookie. See our Cookie Policy.

3. How we use information

• To deliver the fax service you requested.
• To bill, prevent fraud, and meet our tax / accounting obligations.
• To respond to support requests and operate the platform (rate limiting, abuse mitigation).
• To meet legal, regulatory, and HIPAA obligations where applicable.
• To send transactional emails required to deliver the service: fax delivery confirmations, failed-send notices, password resets, two-factor codes, billing receipts, support ticket replies, and security notifications. You cannot opt out of transactional emails while your account is active — they are part of the service.
• To send marketing emails (product updates, offers, and occasional cross-promotion of other apps developed by SecurelyFax) — but only if you opted in. Marketing emails are off by default and require an explicit checkbox at signup or in Settings → Email preferences.

We do not sell your personal information. We do not share your personal information with third parties for their marketing or advertising. We do not use the contents of your faxes for advertising, model training, or any purpose other than delivering and storing them on your behalf.

3b. Marketing email choices (CAN-SPAM, GDPR, CASL)

• Opt-in is express. We never pre-check the marketing checkbox; you must affirmatively select it at signup or toggle it on in Settings → Email preferences.
• We record consent. When you opt in we stamp the timestamp and the IP address you opted in from so we can prove consent if a regulator asks.
• One-click unsubscribe. Every marketing email contains a one-click https://securelyfax.com/unsubscribe/<token> link in the footer. Clicking it revokes consent immediately and works without signing in.
• Granular control. Settings → Email preferences lets you turn marketing off (and back on) without touching your transactional email delivery.
• What "marketing" means here. Product updates, pricing announcements, new feature notices, occasional promotional offers for SecurelyFax and other applications developed by the same SecurelyFax team. Marketing emails are sent by SecurelyFax to SecurelyFax customers. We do not share your email with any other developer, advertiser, broker, or third party.
• What "marketing" does not mean. Fax delivery confirmations, fax failure notices, billing receipts, password resets, 2FA codes, security alerts, and support replies are transactional, not marketing — they continue regardless of your marketing preference because they're part of operating your account.
• Other apps. If we cross-promote another mobile or web app developed by the SecurelyFax team, the email is still sent by us, with our return address and our unsubscribe link. Your contact data is not shared with the other app; you remain a SecurelyFax customer and the cross-promo is just a marketing message about our own portfolio.
• EU / UK / Canada users. Where GDPR or CASL applies, marketing emails are sent only on the legal basis of your express, freely-given, specific, informed consent. Withdrawing consent does not affect the lawfulness of processing performed before the withdrawal.

3a. AI and automated processing

When the AI-assist features are enabled on your account, the first few pages of an inbound fax (and, for the cover-sheet suggestion feature, the first pages of an outbound document) are sent to Amazon Bedrock (operated by AWS in our existing sub-processor relationship) for automated classification, short-summary generation, and field extraction. The output is stored on the fax record so you can see it on the fax detail screen.

• We only invoke the model on faxes you have already chosen to send or receive through the service — never on data outside that scope.
• Prompts and outputs are not retained by Amazon Bedrock under the AWS terms we operate under, and are not used to train Bedrock or any foundation model.
• We do not send fax content to OpenAI, Google, Anthropic, or any other third party. Bedrock is the only AI sub-processor.
• AI output is informational. It is not medical, legal, or financial advice and is not a substitute for professional judgement. Healthcare workflows that handle PHI should only run AI features on the HIPAA tier under our BAA.
• You can disable AI features for your account by contacting privacy@securelyfax.com. When disabled, no fax content is sent to Bedrock and previously stored AI-derived fields can be deleted on request.

4. Sub-processors

• Amazon Web Services (AWS) — encrypted storage (S3 + KMS), email delivery (SES), AI inference (Amazon Bedrock). Region: us-east-1. AWS holds a Business Associate Addendum executed by SecurelyFax for HIPAA-tier workloads.
• Telnyx — PSTN / T.38 fax transmission carrier. Telnyx operates under the HIPAA conduit exception recognized by HHS at 78 FR 5571-72 (acting "merely as a conduit" for the transmission) and does not sign Business Associate Agreements. Telnyx does not retain fax content beyond what is incidental to the transmission. SecurelyFax accepts and relies on that position.
• Stripe — web billing and payment processing. Stripe receives only billing data — never fax content or patient information — and is therefore not a Business Associate.
• Apple — iOS in-app purchases (StoreKit). For purchases made in the iOS app, Apple is the merchant of record; we receive only the entitlement, the StoreKit transaction id, and the product id. No PHI flows to Apple.
• Google — Android in-app purchases (Google Play Billing). Same scope as above on Android. No PHI flows to Google.
• RevenueCat — receipt validation and subscription-event delivery for the mobile apps. We send your mobile-<your user id> identifier and the StoreKit / Play transaction id; RevenueCat returns entitlement state. No PHI flows to RevenueCat.
• Expo Application Services (EAS) — push-notification delivery via the Expo push service for the iOS and Android apps. We send your device push token and the notification payload. Push payloads never include fax content or patient details, so no PHI flows to Expo.

Sub-processors that may have persistent access to PHI (AWS only) are bound by a Business Associate Addendum equivalent to or stronger than our obligations to you. Sub-processors that act only as conduits (Telnyx) or that never receive PHI (Stripe, Apple, Google, RevenueCat, Expo) are governed by their standard data-processing terms.

5. Retention

Default retention for fax PDFs is 30 days, configurable on paid plans. Audit logs are retained for at least 1 year (longer on the HIPAA tier). Account records are retained for the lifetime of the account plus a reasonable period for legal and tax obligations.

6. Security

Documents at rest are AES-256 encrypted via AWS KMS. Connections are TLS 1.2+. Passwords are hashed with Argon2id. Detailed security measures are described on our Security page.

7. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to withdraw consent. You can exercise most of these rights directly from your account settings or by contacting us at privacy@securelyfax.com. We respond within 30 days.

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising.

EU/UK residents have rights under the GDPR/UK GDPR. The lawful bases for our processing are: performance of a contract (delivering the service), legitimate interests (security, fraud prevention), legal obligation (tax, HIPAA), and consent (where applicable).

8. Children

SecurelyFax is not directed to children under 16 and we do not knowingly collect their personal information.

9. International transfers

SecurelyFax is operated from the United States. If you access the service from outside the US, you understand that your data is processed in the US under safeguards consistent with applicable law.

10. Changes

We will post material changes to this policy on this page and update the “Last updated” date.

11. Contact

Privacy questions: privacy@securelyfax.com. General contact: /contact.