Privacy Notice

This privacy notice discloses the privacy practices for It applies solely to information collected by this website. It will notify you of the following:

  1. What personally identifiable information is collected from you through the website and how it is used.
  2. What choices are available to you regarding the use of your data.
  3. The security procedures in place to protect the misuse of your information.
  4. How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to collect information that you voluntarily give us via data entry into the site, email, or other direct contact from you. The only information you are required to give us to be able to use the SRA+ application is the information requested on the Registration Page. The information you provide in the SRA+ application is used for the sole purpose of documenting your security risk assessment analysis, and risk remediation activities. We will not sell or share this information to anyone. We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill a specific request from you. Unless you ask us not to, we may contact you via email in the future to tell you about updates or changes to the SRA+ website, new products or services, or changes to this privacy policy. The information you enter into the website will be stored on our secure servers and will be subject to removal after a period of five years from the date your last subscription expires, unless you ask us to remove it sooner. SRA+ does not make use of any automated decision-making or profiling system.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. Contact us if you want to:

  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.


We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline. Wherever we collect sensitive information that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for "https" at the beginning of the address of the Web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, technical support or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.


In order to use this website, a user must first complete the registration form on the website. During registration a user is required to give certain information (such as name and email address). This information is used to contact you about the products/services on our site in which you have expressed interest. To buy from us, you must provide PayPal financial information (like credit card number, expiration date) or log in using your own PayPal account. This information is used for billing purposes and to fill your orders. The financial information you provide to PayPal when purchasing a SRA+ license is not provided to us. We do not see or collect your credit card or PayPal account information.


We use "cookies" on this site. A cookie is a piece of data stored on a site visitor's hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site. The site uses authentication cookies and session cookies. The authentication cookies are signed and encrypted by default. The session cookies are stored in memory only for the duration of your browsing session and they collect user specific information only after a user is signed in. We have a security certificate for the site, so all communication is encrypted. Currently, the website does not respond to “Do Not Track” requests.

Aggregated Data

From time to time, we may aggregate the data you provide us on the site with that of other users. This aggregated data would not be linked to any personal information that can identify any individual person or entity. We may aggregate this data to discover common issues among healthcare practices and their business associates, such as insufficient security safeguards, missing policies, or risk remediation stumbling blocks, to further design our services to meet the needs of our clients. We will not share or sell this information to anyone.


This site contains links to other sites. We are not responsible for the content or privacy practices of other sites. We encourage you to be aware when you leave our site and to read the privacy statements of any other site that collects personally identifiable information.

Contact Information & Surveys

From time-to-time our site may request information via surveys. Participation is completely voluntary, and you may choose whether to participate and therefore disclose this information. Information requested may include contact and demographic information. Contact information will be used to contact you to address any concerns you ask us to. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site. Again, we will not share or sell this information to anyone.

If you feel that we are not abiding by this privacy policy, please contact us immediately via email at, or via post to:
800 SW Jackson, Ste 700
Topeka, KS 66612

You have a right to lodge a complaint with a supervisory authority.