Privacy Policy

Effective Date: March 19, 2026

SDP Works ("we," "us," or "our") operates the sdpworks.com platform, an Electronic Visit Verification system for California Department of Developmental Services (DDS) providers. This Privacy Policy describes how we collect, use, and protect your information when you use our services.

1. Information We Collect

We collect the following categories of information:

• Account Information: Name, email address, phone number, and role within your organization.
• Visit Verification Data: Clock-in/out timestamps, GPS coordinates at time of service, service type codes, and session notes as required by the 21st Century Cures Act.
• Client Information: Names, service authorizations, and scheduling data for individuals receiving services.
• Device Information: Device type, operating system, and mobile application version.
• Usage Data: Application interaction patterns, feature usage, and error logs.
• Phone Number: Mobile phone number provided for SMS notifications (opt-in only). See our SMS Terms for details.

2. How We Use Your Information

• Provide and operate the sdpworks.com platform.
• Submit Electronic Visit Verification data to the Sandata CalEVV Aggregator on behalf of your provider organization.
• Authenticate users and enforce role-based access controls.
• Ensure compliance with California DDS requirements and federal EVV mandates.
• Improve platform reliability, performance, and user experience.
• Communicate service updates and account notifications.

3. HIPAA and Protected Health Information

Certain data processed through sdpworks.com may constitute Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). We implement administrative, technical, and physical safeguards to protect PHI in accordance with applicable regulations. Provider organizations using sdpworks.com enter into a Business Associate Agreement (BAA) governing our handling of PHI.

4. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

• Sandata CalEVV: Visit verification data is submitted to the state-designated EVV aggregator as required by law.
• Your Provider Organization: Data is accessible to authorized users within your provider organization based on role permissions.
• Service Providers: We use trusted infrastructure providers (hosting, authentication, database services) who process data on our behalf under contractual obligations.
• Legal Requirements: We may disclose information when required by law, subpoena, or government request.

5. Data Security

We protect your data using industry-standard measures including:

• Encryption in transit (TLS) and at rest.
• Row-level security ensuring multi-tenant data isolation.
• Role-based access controls at the application and database levels.
• Regular security assessments and monitoring.

6. Data Retention

We retain visit verification records and associated data for the period required by California DDS regulations and applicable federal requirements. Account information is retained while your organization maintains an active subscription and for a reasonable period thereafter for legal and compliance purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your information, subject to legal retention requirements.
• Opt out of non-essential communications.

California residents may have additional rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact us at the address below.

8. SMS and Text Messaging

If you opt in to SMS notifications, your phone number is used solely for delivering sdpworks.com operational messages (visit alerts, schedule notifications, account security). We do not sell, rent, or share your phone number with third parties for marketing purposes. You may opt out at any time by replying STOP. For full SMS program details, see our SMS Terms & Conditions.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification. Continued use of the platform after changes constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

SDP Works
Email: privacy@sdpworks.com