← Back to Pricing
Legal
Effective: April 17, 2026Pro & Enterprise Plans

Business Associate Agreement

This BAA is entered into between ReCapture and the customer upon acceptance during the Pro or Enterprise signup process. It governs the handling of Protected Health Information in compliance with HIPAA.

Effective Date
April 17, 2026
Applies To
Pro & Enterprise
Status
Active
Governing Law
State of Texas
Standard
HIPAA / HITECH
Data Retention
Deleted on cancel
Amendment Notice
30 days written
Breach Notification
Within 60 days
Subcontractors
BAA required
PHI Sales
Never

1. Definitions

Protected Health Information (PHI) means any individually identifiable health information transmitted or maintained in any form that is created, received, maintained, or transmitted by ReCapture on behalf of the Covered Entity, as defined under HIPAA (45 C.F.R. § 160.103). HIPAA means the Health Insurance Portability and Accountability Act of 1996, as amended by the HITECH Act, and all implementing regulations.

2. Obligations of ReCapture

ReCapture agrees to the following:

2.1 Use Limitations. Not use or disclose PHI other than as permitted by this BAA or as required by law.

2.2 Safeguards. Use appropriate administrative, physical, and technical safeguards to prevent unauthorized use or disclosure of PHI in compliance with the HIPAA Security Rule.

2.3 Subcontractors. Ensure subcontractors that handle PHI agree to the same restrictions under this BAA.

2.4 Breach Notification. Report any breach of unsecured PHI without unreasonable delay and no later than 60 days after discovery.

2.5 Government Access. Make its practices and records available to the Secretary of HHS for HIPAA compliance determination.

3. Permitted Uses and Disclosures

ReCapture may use and disclose PHI only as necessary to perform its services — including form abandonment tracking, lead capture, lead recovery, and related analytics and reporting — or as required by law. ReCapture will not use PHI for marketing purposes or sell PHI under any circumstances.

4. Obligations of Covered Entity

The customer agrees to notify ReCapture of any limitations in their Notice of Privacy Practices that may affect PHI handling, obtain all necessary consents and authorizations before ReCapture processes PHI, and not request that ReCapture use or disclose PHI in any manner that would violate HIPAA.

5. Term and Termination

This BAA is effective upon acceptance during the ReCapture signup process and remains in effect for the duration of the subscription. Upon termination, ReCapture will destroy or return all PHI received from or created on behalf of the Covered Entity. If destruction is not feasible, ReCapture will extend BAA protections to such PHI and limit further use or disclosure.

6. Miscellaneous

This BAA is governed by the laws of the State of Texas. ReCapture may amend this BAA with 30 days written notice — continued use of the service after the effective date constitutes acceptance. This BAA, together with the ReCapture Terms of Service, constitutes the entire agreement between parties regarding HIPAA compliance.

7. Contact

For questions regarding this BAA or HIPAA compliance, contact ReCapture at hello@userecapture.com before signing.

Questions before signing?

Contact our compliance team if you require custom BAA terms or have any questions about HIPAA data handling.

hello@userecapture.com →
Start Pro TrialBack to Pricing
Business Associate Agreement — ReCapture