Enterprise-Grade Security

Trust, Security, Privacy & Compliance at SPRY

Healthcare software is built on trust.

At SPRY, we prioritize protecting patient data, supporting regulatory requirements, and ensuring clinics retain control over their information — not only during active use of our platform, but throughout the full lifecycle of their relationship with us. This page outlines how we approach security, privacy, compliance, data ownership, and responsible platform transitions.

Book a Demo

Data Ownership & Customer Control

Clinics retain ownership of their data at all times. SPRY acts as a technology partner and data processor, providing tools that support clinical, billing, and operational workflows while ensuring customers maintain full control over their records.

Core principles

Clinics own all patient and operational data
Access is role-based and permission-controlled
Data is never sold or shared with third parties
Customers may request data access or exports in accordance with applicable regulations

Security & Platform Safeguards

SPRY is designed with security embedded across infrastructure, product design, and operational processes. SPRY aligns its practices with healthcare security standards and continuously enhances safeguards as the platform evolves.

Our approach includes:

Encryption of data at rest and in transit
Role-based access controls and audit logging
Secure, monitored infrastructure environments
Ongoing internal security reviews and controls

Privacy & HIPAA Alignment

SPRY supports clinics in meeting HIPAA and patient privacy requirements. Privacy at SPRY is treated as an operational discipline — not a one-time compliance exercise.

Our privacy approach includes:

HIPAA-aligned workflows and access safeguards
Business Associate Agreements (BAAs) available for covered entities
Separation of clinical, billing, and operational user permissions
Ongoing internal review of privacy and access practices

Compliance & Record Retention

Healthcare compliance extends beyond active software usage. SPRY maintains alignment with applicable healthcare data retention and regulatory expectations.

SPRY supports clinics through:

Secure preservation of historical clinical and billing records
Access for audits, payer requests, and compliance reviews
Documented internal processes for data requests and record retrieval

Platform Exit & Ongoing Data Access

SPRY believes transitions between software platforms should be transparent, predictable, and professionally supported.

When a clinic discontinues its SPRY subscription:

  • Active billing stops
  • No penalties or lock-in fees apply
  • Historical data remains securely preserved

Read-Only Access After Exit

As part of SPRY’s lifecycle data stewardship policy:

  • Clinics receive 7 years of read-only platform access
  • Access is provided to one designated user
  • Read-only access is provided at no additional cost

This access enables clinics to:

  • View historical patient records
  • Reference consent forms and clinical documentation
  • Access billing and operational history
  • Support audit, compliance, and record-keeping requirements

Read-only access allows data visibility only. No transactional updates or record changes can be made during this period. Additional export or compliance-related requests can be coordinated through SPRY support.

This policy reflects SPRY’s commitment to continuity, transparency, and responsible patient record stewardship — regardless of whether a clinic continues using the platform.

Support & Questions

For questions related to security, compliance, data access, or transitions:

trust@spryhealth.care

Or contact your Customer Success Manager

SPRY is committed to supporting customers across every stage of their platform lifecycle.