HIPAA Compliance Posture

This page describes Tallyfy, Inc.'s general HIPAA posture. The Tallyfy SaaS workflow product, by default, does not process Protected Health Information (PHI) and is not operated under any customer-facing Business Associate Agreement. Any engagement that would involve PHI is scoped separately - please contact us to discuss before onboarding.

This page is provided for general information only. It does not form part of any contract and does not create any representation, warranty, or commitment.

Our HIPAA posture

Tallyfy, Inc. maintains an internal HIPAA compliance programme with policies aligned to the HIPAA Security Rule, Privacy Rule, and Breach Notification Rule. The programme is operated alongside Tallyfy's SOC 2 control environment, which shares many of the same safeguards, including access management, encryption, audit logging, incident response, and vendor management.

When Tallyfy acts as a Business Associate

Tallyfy, Inc. acts as a HIPAA Business Associate only where a covered entity and Tallyfy have entered into a separate written agreement covering PHI. In the absence of such an agreement, Tallyfy does not create, receive, maintain, or transmit PHI. If your organization needs to discuss HIPAA scope or documentation, please contact us.

What Tallyfy does not claim

Tallyfy, Inc. does not hold HITRUST CSF certification, ISO 27001 certification, FedRAMP authorisation, or CMMC authorisation. HIPAA itself does not offer or require government-issued certification. Tallyfy's HIPAA posture is derived from its internal programme and its SOC 2 control environment, not from a HIPAA-specific third-party attestation.

Contact

• HIPAA Security Officer: Amit Kothari, Chief Executive Officer - amit@tallyfy.com
• HIPAA Privacy Officer: Pravina Pindoria, Chief Operating Officer - pravina@tallyfy.com
• Entity: Tallyfy, Inc. - 911 Washington Avenue, Suite 500, St. Louis, MO 63101