HITRUST Privacy Notice

HITRUST cares about you and your privacy. This Notice provides you information on how we collect your information, how we use it, how we store it, and how and when we delete it.

Information is provided below on third parties we use as service providers. Any links from downloads or other documents that take you to non-HITRUST or non-HITRUST affiliated websites may have their own independent privacy policy.

This policy applies to any Personal Information collected about you by HITRUST, either electronic, written, or oral. Please note that HITRUST is a business-to-business entity and anticipates that information provided by you will be business contact information. HITRUST’s services are meant for adults, and HITRUST should not receive Personal Information of any individual under the age of 18.

Residents of California or countries outside the United States may have different privacy rights. California residents can find their specific rights not otherwise covered in the Notice below. Residents of the EEA can find information on their specific rights not otherwise covered in the Notice below.

Our Notice includes the following information:

  • The type of information covered by this Notice
  • The collection and use of your Personal Information
  • Means to manage your Personal Information and communication preferences
  • Sharing of your Personal Information by us
  • Protection and security of your Personal Information
  • Use of cookies
  • Changes to this Notice
  • Our Contact information


This Notice applies to Personal Information collected by us. Personal Information is any information that can be used to identify you directly or indirectly. This includes but is not limited to your name, address, phone number, email address, payment card information, and/or certain additional categories of information that identify you personally.


We collect the information you provide directly to us, such as when you create or modify your account or user preferences, sign up for a newsletter, contact us, respond to a survey, use online content, or otherwise communicate with us. This information may include your name, email address, phone number, postal address, company, title or roll, survey responses, user content stored or entered into the forms found in our online platforms, scores on exams and completion dates of courses, and other information you choose to provide. We use this data to provide you services, products, and support. We also use your Personal Information to contact you about our news and updates as well as pertinent information regarding any certification you may have with us. For some data collection, we use customer management software provided by service providers and/or processors. All such companies have signed a Data Protection Addendum with HITRUST directing how they may use any Personal Information collected in connection with our website or entered into their system by HITRUST employees. We also allow our analytics provider or providers to collect usage information over the Internet to determine website traffic.

We and most of the third parties with which we may share your data are located in the United States. If you are visiting our website or otherwise communicating with us from outside the United States, please be aware that your information may be transferred to, stored or processed in the United States and maintained on computers or servers located outside your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. By providing us your Personal Information, you understand that you are choosing to transfer that information to the United States.


If you do not want to receive information about our products or services, please update your account preferences and/or utilize the “unsubscribe” mechanism within the communications that you receive from us.

If you need to change any of your information or wish to have it deleted, please contact us at


We may store and process your Personal Information in systems located outside of your home country. However, regardless of where storage and processing may occur, we take appropriate steps to ensure that your information is protected, consistent with the principles set forth under this Notice.


We will not sell, rent, or lease mailing lists of customer names or email addresses to others, and we will not make your Personal Information available to any unaffiliated parties, except our approved agents and contractors, or as otherwise described in this Privacy Notice. We may share your information as needed among our affiliates and subsidiaries, who are subject to this Notice.

We will share your information as required by law, in a matter of public safety or policy, as needed in connection with the transfer of our business assets (for example, if we are acquired by another company), or if we believe in good faith that sharing the data is necessary to protect our rights or property.

Without your consent, we will not further disclose any Personal Information except as necessary to service the account, to enforce the terms of use, to meet our obligations to content and technology providers, or as required by law.


The security of your information is important to us. We take precautions to protect your information by implementing safeguards to protect the information we collect. However, you should keep in mind that no website, internet transmission, or software product is ever completely secure or error-free.

PLEASE NOTE: The safety and security of your information also depends on you. We urge you to take steps to keep your Personal Information safe, such as choosing strong passwords and never sharing your password with anyone else. If you create or receive a password in connection with our services or website, please notify us promptly if you believe your password security has been breached and remember to log off the service before you leave your computer or mobile device.

You may communicate with us through email. However, because normal email is not encrypted, the possibility exists that unauthorized individuals may intercept email messages. We and our subsidiaries and affiliates are not responsible for the privacy of email messages except those stored in our system.


A cookie is a small text file that a website saves on your computer or mobile device when you visit its site. It enables the website to remember your actions and preferences over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. Cookies also help us understand which sections of our websites are the most popular as they help show which pages are being visited and for how long. This helps us adapt our websites to provide more relevant and accessible information. Cookies can be deleted or blocked by changing browser settings.

Advantages of cookies are:

  • Remembering the details as provided by the user
  • Remembering user preferences
  • Helping improve the site


You can manage or delete cookies using our Cookie Preference Center or manage them directly on your browser or on a mobile device, please visit the official webpage of the browser or device manufacturer and the documentation provided by them and follow their instructions. Please note, however, that disabling cookies might affect your online experience and/or prevent you from taking full advantage of our site and some of its functionality.


California and Delaware law require us to indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. At this time, there is no worldwide uniform or consistent industry standard or definition for responding to, processing, or communicating Do Not Track signals. Thus, like many other websites and online services, we do not currently respond to any Do Not Track browser requests.


Under California law, California residents have the right to request in writing from businesses with whom they have an established business relationship certain information about the business’s collection and use of their data, the right to request deletion of their personal information, and information about whether the business sells their Personal Information.

As stated above, HITRUST does not sell any Personal Information. We disclose it to our service providers, including Salesforce and Pardot, and to our analytics provider Google Analytics.

We collect name, email and mailing address, company affiliations, your title or role with your company, your phone number, or any other contact information. This information is used to reply to any requests or inquiries you make to HITRUST, to track any such requests. The information is collected when you enter it into any website forms or contact HITRUST directly.

HITRUST does not, to its knowledge, collect information from anyone 16 years of age or younger and requests that no one 16 years of age or younger enter their Personal Information into our systems. If you are in this age group and would like access to certain HITRUST information, please call us at 214-618-9300.

Additionally, you have the right to request what Personal Information HITRUST collected, used, or sold about you. To request more specific information regarding your data than that provided herein, please contact us through the means mentioned below and reference to California Disclosure Information. Please note that we are required to verify that the request is from you and are only required to respond to each customer twice per calendar year. Your information may be verified by asking your name, phone number, email address, other information previously provided to HITRUST, or what services or products you requested from HITRUST.

You also have the right to request that we delete your data. Unless HITRUST needs the data to comply with applicable law, perform contracted for services for you and/or your company, or if other limited circumstances reply, HITRUST does not need to delete your information. If you request deletion and any of these situations apply, HITRUST will inform you that it will not be deleting the data and on what basis that decision was made.

You have the right to opt-out of any communications from HITRUST using the methods described above. You also have the right to not face discrimination should you chose not to provide us personal information. Failure to do so, however, may prohibit HITRUST from responding to a request from you or otherwise doing business with you.

If you have/are an authorized agent requesting to exercise such rights, please contact HITRUST by the methods discussed below and provide documentation regarding the agent’s right to make such requests.


Under the General Data Protection Regulation (GDPR), data subjects have certain rights.

HITRUST collects your information in order to provide products and services, inform you of products, services, and other offerings, and to respond to any specific queries from you.

Information is processed based on the legitimate interests of HITRUST, which include responding to customer or potential customer inquiries, informing such individuals of our services and offerings, and tracking responses to customer requests. Given the limited information collected – typically professional contact information – HITRUST has found that these legitimate interests are not overridden the fundamental rights and freedoms of data subjects. You may opt-out of such communications at any time pursuant to the means discussed above. If you choose not to provide your personal information, HITRUST will not be able to respond to any queries or requests sent by you.

Your information is shared with our service providers or processors in order to collect and coordinate our communications with you as well as with our website analytics providers.

You have the right to have access to your information and to delete or rectify any of your information. You also have the right to lodge a complaint with a supervisory authority regarding this Notice or any of your related rights.

For more information, please contact HITRUST through the means listed below.

As of the time of this update, UK residents have the same privacy rights as residents of EEA countries.


If you reside in a country outside the EEA other than the US, please contact HITRUST at through the means listed below with any questions regarding this Notice or your privacy rights.


Because we are committed to your privacy and laws and technologies change, this Notice may change from time to time. Updates will be posted here. This Notice was last updated on June 15, 2021.


We hope that this information is useful to you and reflects our commitment to your privacy. Please contact us via email at, via phone at 469-269-1100, or via regular mail at 6175 Main St, Suite 400, Frisco, Texas 75034 if you have any questions or concerns.

We thank you for your trust in us.

Chat Now

This is where you can start a live chat with a member of our team