1. Who we are
PracticeLien is a software service operated by Seven Seas LLC ("PracticeLien", "we", "us"). We provide a case-and-lien management application for personal-injury medical practices that sits on top of their existing electronic health record (EHR) system.
2. What this policy covers
This policy describes how we handle information on the practicelien.com marketing website and how we handle protected health information (PHI) inside the PracticeLien application.
- On the marketing site, we are the data controller for a small amount of visitor data described below.
- Inside the application, the medical practice (our customer) is the HIPAA covered entity. PracticeLien is the business associate and processes PHI only as directed by a signed Business Associate Agreement (BAA).
3. Information we collect on the marketing site
We aim to collect as little as possible.
- Server logs. Vercel (our hosting provider) records standard HTTP request metadata - IP address, user agent, requested URL, timestamp - for security and operational purposes. These logs are retained for a limited period and are not used to build advertising profiles.
- Contact email. If you email samir@sevenseasstrategies.com we will see whatever you send us. We use it only to reply.
- No tracking cookies. The marketing site does not set advertising cookies and does not run third-party analytics that profile you across sites.
4. Information processed inside the application
The PracticeLien application processes patient, case, billing, and lien data on behalf of the medical practice. This may include PHI as defined by HIPAA. We act strictly as a business associate.
- We process PHI only to provide the services described in the customer's subscription agreement and BAA.
- We do not sell PHI. We do not use PHI to train third-party AI models.
- We isolate each customer's data at the database level using row-level security so one practice cannot read another practice's records.
5. Subprocessors
We use a small set of vendors to operate the service. Where PHI is involved, we maintain a BAA with the vendor.
| Vendor | Purpose | BAA |
|---|---|---|
| Google Cloud Platform | Application hosting, database, storage | Yes |
| Clerk | Authentication, multi-factor login | Yes |
| Stripe | Subscription billing | Yes |
| Postmark / Resend | Transactional email | Yes |
| Sentry | Error monitoring (PHI scrubbed) | Yes |
| DocuSeal | Document e-signature | Yes |
| Vercel | Marketing site only (no PHI) | N/A |
We update this list when our subprocessors change. Customers can request the current list at any time.
6. Your rights
If you are a patient of a practice that uses PracticeLien, your rights to access, correct, or restrict use of your health information come from HIPAA and apply to the medical practice that treats you. Please contact that practice directly. We will support the practice in fulfilling your request.
If you are a visitor to practicelien.com in a jurisdiction with general privacy rights (e.g., California's CCPA/CPRA, the EU/UK GDPR), you can ask us to confirm what information we hold about you, correct it, or delete it. Email info@sevenseasstrategies.com.
7. Security
We follow industry-standard administrative, technical, and physical safeguards. A more detailed description of our security program is on the Security page.
8. Children
The marketing site is not directed to children under 13. Patient data inside the application may include minors and is handled under HIPAA, governed by the customer's BAA.
9. Changes to this policy
We will post material changes to this page and update the "Last updated" date above. Continued use of the service after a change constitutes acceptance of the revised policy.
10. Contact
Questions about this policy or our handling of your information:
Seven Seas LLC · info@sevenseasstrategies.com