Let’s Talk
Let’s Talk

Privacy Policy

October 25, 2024

Privacy Policy

(Latest update: 11 June 2025)

Owner and Data Controller

Recoup Revenue Solutions LLC
390 Vista Oak Dr., Longwood, Florida 32779, USA

Recoup Revenue Solutions (“Recoup Revenue,” “we,” “our,” or “us”) provides revenue-cycle and utilization-management consulting services to hospitals and other healthcare organizations. When service delivery involves access to protected health information (PHI), we operate under a HIPAA Business Associate Agreement.

Types of Data Collected

  • Contact information – name, business e-mail, phone number, organization.
  • Business profile – job title, facility details supplied through inquiry forms.
  • Usage data – IP address, browser type, operating system, pages visited, session duration, referrer URLs.
  • Device identifiers – cookies, pixel tags, advertising IDs, session recordings, heat-map interactions.
  • Firmographic data from ZoomInfo WebSights – company name, industry, employee-count band, revenue band, and other attributes inferred from the visitor’s IP address. (See “Analytics” below.)

Unless otherwise stated, all requested Data is mandatory. Failure to provide it may make it impossible for us to respond to inquiries or deliver services. Users are responsible for any third-party Personal Data they supply through this Website.

Mode and Place of Processing the Data

Methods of processing

Data is processed by authorized employees and trusted service providers who follow technical and organizational procedures that safeguard confidentiality, integrity, and availability.

Security measures

We use TLS 1.2 (or higher) encryption in transit; encryption at rest on hardened servers; role-based access controls; routine vulnerability scanning; and an incident-response plan.

Place of processing

All primary processing occurs in the United States. If you reside in the European Economic Area or the United Kingdom, your Data may be transferred to the U.S. via Standard Contractual Clauses or the EU-US Data Privacy Framework. ZoomInfo LLC participates in the same framework and provides SCCs in its Data-Processing Addendum.

Retention Time

  • Inquiry and CRM records: three (3) years after last contact.
  • Analytics logs: twenty-six (26) months (Google Analytics default).
  • ZoomInfo WebSights logs: raw event data ≤ 30 days; hashed device/IP-based identifiers and associated firmographics up to twelve (12) months.
  • Contract files and PHI: six (6) years to meet HIPAA record-keeping rules.

Data may be retained longer where required by law or contract.

Purposes of Processing

  • Responding to inquiries and providing consulting services (contractual necessity).
  • Operating, securing, and improving the Website (legitimate interest).
  • Performing analytics and A/B testing to enhance user experience.
  • Conducting B2B marketing communications where consent or an existing business relationship exists.
  • Fulfilling legal obligations (HIPAA, state privacy laws, fraud prevention).

Where the General Data Protection Regulation (GDPR) applies, our legal bases are consent, contract, legitimate interest, or legal obligation.

Detailed Information on the Processing of Personal Data

Advertising

We may run limited remarketing campaigns through Google Ads. Google’s “DoubleClick” cookie tracks ad impressions and can be disabled at adssettings.google.com.
ZoomInfo WebSights is implemented strictly as a service-provider analytics tool. We do not allow ZoomInfo to repurpose the data for third-party advertising unless you opt in to that use via our cookie banner. Consequently, we do not “sell” Personal Data and do not “share” it for cross-context behavioural advertising under the California Privacy Rights Act (CPRA) unless you enable such sharing in our consent manager.

Analytics

  • Google Analytics 4 – tracks aggregate site usage; IP addresses are truncated before storage.
  • Microsoft Clarity – records click and scroll heat maps to identify usability issues.
  • ZoomInfo WebSights – matches visitor IP/device identifiers to ZoomInfo’s B2B database and returns company-level firmographics (no individual names or e-mail addresses). Cookies last up to 365 days. ZoomInfo acts under a Data-Processing Addendum incorporating SCCs.

Tag Management

Google Tag Manager deploys scripts and pixels. It collects only aggregated diagnostic data, which is deleted within 14 days.

Traffic Optimization

Cloudflare acts as our content-delivery and security layer. All site traffic passes through Cloudflare’s network, which processes IP addresses and routing metadata to mitigate DDoS attacks.

Opting Out of Interest-Based Advertising

  • Google Ads settings: adssettings.google.com
  • Microsoft Advertising opt-out: choice.microsoft.com
  • ZoomInfo opt-out: https://privacyrequest.zoominfo.com/remove/verify (sets an opt-out cookie).
  • Broad preference tools: YourOnlineChoices (EU), Digital Advertising Alliance AppChoices (US & Canada).
  • US state residents may invoke CPRA, VCDPA, CPA, CTDPA, or similar rights through our “Do Not Sell/Share My Personal Information” link, which also signals gpc (Global Privacy Control) in supported browsers.

Cookies classified as “Analytics & B2B Marketing” (including ZoomInfo) load only after you grant consent via our banner for visitors from jurisdictions requiring opt-in.

User Rights

European Economic Area and United Kingdom

You may request access, rectification, erasure, restriction, portability, or object to processing. You may also lodge a complaint with your supervisory authority.

California

You may request disclosure, deletion, correction, or limitation of certain Personal Data under the CCPA/CPRA.

Children’s Privacy

Our services are intended for adult healthcare professionals and are not directed to children under 13. We do not knowingly collect data from minors and comply with the Children’s Online Privacy Protection Act (COPPA).

Legal Action

Personal Data may be used in court or in stages leading to legal action arising from misuse of this Website. Users acknowledge that we may be required to reveal Personal Data upon lawful request of public authorities.

System Logs and Maintenance

For operational and maintenance purposes, this Website and its third-party services may collect system logs (IP addresses and other technical details).

Information Not Contained in This Policy

Additional details about data collection or processing can be requested at any time using the contact information above.

Changes to This Privacy Policy

We reserve the right to amend this notice. Material changes will be posted here and, when feasible, communicated via e-mail. Continued use of the Website after an update signifies acceptance.

Definitions and Legal References

  • Personal Data (Data) – information that can directly or indirectly identify a natural person.
  • Usage Data – information collected automatically (e.g., IP address, browser characteristics, visit duration).
  • Firmographic Data – business attributes (e.g., company size, industry) linked to, but separate from, individual identities.
  • Data Controller / Owner – the party that determines the purposes and means of processing Personal Data.
  • Processor – a party that processes Personal Data on behalf of the Controller.
  • Cookie / Tracker – a small file or technology that stores information in the User’s browser.