Skip to content

HITRUST® Privacy Policy

HITRUST® (“we,” “us,” or “our”) cares about you and your privacy. The HITRUST Privacy Policy (“Notice”) provides information on how we collect your information, how we use it, how we store it, and how and when we delete it. 
Any links from downloads or other documents that take you to non-HITRUST or non-HITRUST affiliated websites may have their own independent privacy policy.
We collect personal data that you voluntarily provide us, such as name, address, email, telephone number, place of business, and any other information that could be used to personally identify you (collectively, “personal information”). This policy applies to any personal information collected about you by HITRUST, either electronic, written, or oral. Please note that HITRUST is a business-to-business entity and anticipates that the information provided by you will be business contact information. The services HITRUST provides are meant for adults, and HITRUST should not receive personal information of any individual under the age of 18. 
Residents of California or countries outside the U.S. may have different privacy rights. California residents can find their specific rights not otherwise covered in the Notice below. Residents of the EEA can find information on their specific rights not otherwise covered in the Notice below.

Our Notice Includes the
Following Information:

  • The type of information covered by this Notice  
  • The collection and use of your personal information 
  • Means to manage your personal information and communication preferences 
  • Sharing of your personal information by us 
  • Protection and security of your personal information 
  • Use of cookies 
  • Changes to this Notice 
  • Our contact information 
Type of Information

This Notice applies to personal information collected by us. Personal information is any information that can be used to identify you directly or indirectly. This includes, but is not limited to, your name, address, phone number, email address, payment card information, and/or certain additional categories of information that can identify you.

Collection and Use of Your Personal Information

We collect the information you provide directly to us, such as when you create or modify your account or user preferences, sign up for a newsletter, contact us, respond to a survey, use online content, or otherwise communicate with us. This information may include your name, email address, phone number, postal address, company, title or role, survey responses, user content stored or entered on to the forms found in our online platforms, scores on exams and completion dates of courses, and other information you choose to provide. We use this data to provide services, products, and support. We also use your personal information to contact you about our news and updates as well as pertinent information regarding any certification you may have with us. For some data collection, we use customer management software provided by service providers and/or processors. All such companies have signed a Data Protection Addendum with HITRUST directing how they may use any personal information collected in connection with our website or entered in to our system by HITRUST employees. We also allow our analytics provider or providers to collect usage information over the internet to determine website traffic.


We and most of the third parties with which we may share your data with are located in the U.S. If you are visiting our website or otherwise communicating with us from outside the U.S., please be aware that your information may be transferred to, stored, or processed in the U.S. and maintained on computers or servers located outside your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. By providing us your personal information, you understand that you are choosing to transfer that information within the U.S. 

Means to Manage Your Personal Information and Communication Preferences

If you do not want to receive information about our products or services, please update your account preferences and/or utilize the “unsubscribe” mechanism within the communications that you receive from us. 

If you need to change any of your information or wish to have it deleted, please contact us at 

Storage of Your Personal Information by Us

We may store and process your personal information in systems located outside of your home country. Consistent with the principles set forth under this Notice, HITRUST takes appropriate steps to ensure your information is protected and secured.

Sharing of Your Personal Information by Us

We will not sell, rent, or lease mailing lists of customer names or email addresses to others, and we will not make your personal information available to any unaffiliated parties except our approved agents and contractors or as otherwise described in this Privacy Policy. We may share your information as needed among our affiliates and subsidiaries, who are subject to this Notice.

We will share your information as required by law, in a matter of public safety or policy, as needed in connection with the transfer of our business assets (for example, if we are acquired by another company), or if we believe in good faith that sharing the data is necessary to protect our rights or property.

Without your consent, we will not further disclose any personal information except as necessary to service the account, to enforce the terms of use, to meet our obligations to content and technology providers, or as required by law.

Protection and Security of Your Personal Information

The security of your information is important to us. We take precautions to protect your information by implementing safeguards to protect the information we collect. However, you should keep in mind that no website, internet transmission, or software product is ever completely secure or error-free.


PLEASE NOTE:  The safety and security of your information also depends on you. We urge you to take steps to keep your personal information safe, such as choosing strong passwords and never sharing your password with anyone else. If you create or receive a password in connection with our services or website, please notify us promptly if you believe your password security has been breached. Also, remember to always log off the service before you leave your computer or mobile device.


You may communicate with us through email. However, because normal email is not encrypted, the possibility exists that unauthorized individuals may intercept email messages. We and our subsidiaries and affiliates are not responsible for the privacy of email messages except those stored in our system. 

Use of Cookies

A cookie is a small text file that a website saves on your computer or mobile device when you visit its Site. It enables the website to remember your actions and preferences over a period, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. Cookies also help us understand which sections of our websites are the most popular; as they help show which pages are being visited and for how long. This helps us adapt our websites to provide more relevant and accessible information. Cookies can be deleted or blocked by changing browser settings.

The advantages of cookies are: 

  • Remembering the details as provided by the user
  • Remembering the user's preferences
  • Helping to improve the Site
Blocking/Restricting Cookies

You can manage or delete cookies using our Cookie Preference Center or manage them directly on your browser or mobile device. Please visit the official webpage of the browser or device manufacturer and the documentation provided by them and follow their instructions. Please note, however, that disabling cookies might affect your online experience and/or prevent you from taking full advantage of our site and some of its functionality.

Do Not Track

California and Delaware law require us to indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. At this time there is no worldwide uniform, consistent industry standard, or definition for responding to, processing, or communicating Do Not Track signals. Thus, like many other websites and online services, we do not currently respond to any Do Not Track browser requests. 

Specific Rights for California Residents

Under California law, California residents have the right to request in writing from businesses with whom they have an established business relationship certain information about the business’s collection and use of their data, the right to request deletion of their personal information and information about whether the business sells their personal information.


As stated above, HITRUST does not sell any personal information. We disclose it to our service providers, including Salesforce and Pardot, and to our analytics provider Google Analytics.


We collect name, email, mailing address, company affiliations, your title or role with your company, your phone number, or any other contact information. This information is used to reply to any requests or inquiries you make to HITRUST, to track any such requests. The information is collected when you enter it into any website forms or contact HITRUST directly.


HITRUST does not, to its knowledge, collect information from anyone 16 years of age or younger and requests that no one 16 years of age or younger enter their personal information into our systems. If you are in this age group and would like access to certain HITRUST information, please call us at 214-618-9300.


Additionally, you have the right to request what personal information HITRUST collected, used, or sold about you. To request more specific information regarding your data than that provided herein, please contact us through the means mentioned below and reference to California Disclosure Information. Please note that we are required to verify that the request is from you and are only required to respond to each customer twice per calendar year. Your information may be verified by asking for your name, phone number, email address, previous information provided to HITRUST or what services or products you requested from HITRUST.


You also have the right to request that we delete your data. Unless HITRUST needs the data to comply with applicable law, perform contracted services for you and/or your company, or if other limited circumstances apply, HITRUST does not need to delete your information. If you request deletion and any of these situations apply, HITRUST will inform you that it will not be deleting the data and on what basis that decision was made.


You have the right to opt out of any communications from HITRUST using the methods described above. You also have the right to not face discrimination should you choose not to provide us with personal information. Failure to do so, however, may prohibit HITRUST from responding to a request from you or otherwise doing business with you.


If you have/are an authorized agent requesting to exercise such rights, please contact HITRUST by the methods discussed below and provide documentation regarding the agent’s right to make such requests.

Specific Rights for EEA and U.K. Residents

Under the General Data Protection Regulation (GDPR), data subjects have certain rights.

HITRUST collects your information in order to provide products and services, inform you of products, services, and other offerings, and to respond to any specific queries from you. 

Information is processed based on the legitimate interests of HITRUST, which include responding to customer or potential customer inquiries, informing such individuals of our services and offerings, and tracking responses to customer requests. Given the limited information collected — typically professional contact information — HITRUST has found that these legitimate interests has not overridden the fundamental rights and freedoms of data subjects. You may opt out of such communications at any time pursuant to the means discussed above. If you choose not to provide your personal information, HITRUST will not be able to respond to any queries or requests sent by you.

Your information is shared with our service providers or processors to collect and coordinate our communications with you and our website analytics providers. You have the right to have access to your information and to delete or rectify any of your information. You also have the right to lodge a complaint with a supervisory authority regarding this Notice or any of your related rights.

For more information, please contact HITRUST through the means listed below.

As of the time of this update, U.K. residents have the same privacy rights as residents of EEA countries.

Specific Rights for Residents of Other Countries

If you reside in a country outside the EEA other than the U.S., please contact HITRUST through the means listed below with any questions regarding this Notice or your privacy rights.

Changes to This Notice

Because we are committed to your privacy, this Notice may change based on updates that will be posted here. This Notice was last updated on June 15, 2021.

Our Contact Information

We hope that this information is useful to you and reflects our commitment to your privacy. Please contact us via email at, via phone at 469-269-1100, or via postal mail at 6175 Main St., Suite 400, Frisco, Texas 75034 if you have any questions or concerns.

We thank you for your trust in us.


Chat Now

This is where you can start a live chat with a member of our team