top of page

Privacy Policy

ER COURIER PRIVACY POLICY
Effective Date: June 11, 2026

1. INTRODUCTION & SCOPE ER COURIER ("Company," "we," "us," or "our") provides secure medical courier, logistics, and chain-of-custody delivery services to hospitals, medical laboratories, and healthcare providers. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information and operational data in strict compliance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and AICPA SOC 2 Trust Services Criteria (Privacy, Confidentiality, and Security).

This policy applies to data collected via our website (www.ercourier.com), corporate communications, client account management, and logistics platforms. This policy DOES NOT apply to Protected Health Information (PHI) managed on behalf of our healthcare clients; all such data is strictly governed by federal HIPAA regulations and individual Business Associate Agreements (BAAs).

2. INFORMATION WE COLLECT
In the preceding 12 months, we have collected the following categories of Personal Information from corporate clients, website visitors, and prospective contractors:
* Identifiers: Full names, business addresses, corporate email addresses, phone numbers, and IP addresses.
* Commercial Information: Delivery manifests, service histories, billing records, and payment information.
* Geolocation Data: Real-time precise geolocation of active deliveries, utilized strictly for security and chain-of-custody tracking.
* Professional/Employment History: Background checks, commercial driver's license numbers, and auto insurance verifications (for independent contractor vetting).

3. HOW WE USE YOUR INFORMATION
We utilize collected data solely for the following operational and compliance purposes:
* Fulfilling medical logistics and courier contracts.
* Maintaining immutable digital chain-of-custody logs required for SOC 2 Type II compliance.
* Managing client accounts, billing, and processing payments.
* Ensuring the physical and digital security of our network.
* Verifying regulatory compliance and independent contractor onboarding criteria.

We do not sell personal information or share it with third parties for cross-context behavioral advertising.

4. DATA SECURITY & SOC 2 SAFEGUARDS
In alignment with SOC 2 Type II security requirements, ER COURIER maintains rigorous administrative, physical, and technical safeguards. These include:
* End-to-end encryption of all digital data in transit and at rest.
* Mandatory multi-factor authentication (MFA) for all system access.
* Role-based access controls ensuring data is restricted only to authorized personnel.
* Use of locked compartments, lockboxes, and tamper-evident transit bags for all physical medical cargo.

5. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
California residents have specific legal rights regarding their data. Subject to certain legal exceptions, you have the right to:
* Know & Access: Request the categories and specific pieces of personal data we have collected about you.
* Delete: Request the deletion of your personal data.
* Correct: Request the correction of inaccurate personal data.
To exercise any of these rights, please submit a verifiable request via email at info@ercourier.com.

 

HIPAA COMPLIANCE & BUSINESS ASSOCIATE DISCLAIMER ER COURIER operates as a Business Associate to its covered entity hospital and healthcare clients under the Health Insurance Portability and Accountability Act (HIPAA). ER COURIER does not operate under the "Conduit Exception," as it maintains electronic records, signatures, and digital logs of tracking history.

INDEPENDENT CONTRACTOR DATA & CONFIDENTIALITY AGREEMENT

1. INDEPENDENT CONTRACTOR STATUS & DATA LIMITS
The Business (ER COURIER) and the Contractor explicitly agree that Contractor operates an independently established business entity. In accordance with California Labor Code § 2775 (AB 5), Contractor retains absolute control over the time, manner, and means of executing accepted courier routes. The data practices outlined herein are strictly for operational verification, client-mandated security, and regulatory compliance, and are not intended to exert employer-like control.

2. NOTICE AT COLLECTION FOR CONTRACTORS (CCPA/CPRA)
Business collects limited operational and personal data from Contractor solely to execute logistics contracts, including background checks, MVR records, valid commercial auto insurance, and precise geolocation data. Geolocation data is captured via the dispatch application ONLY while the Contractor is actively performing an accepted medical delivery assignment, strictly to satisfy hospital chain-of-custody requirements.

3. DATA OWNERSHIP & PASSIVE PHI HANDLING
Contractor acknowledges that during the course of providing courier services, they may have passive, physical access to sealed packages containing Protected Health Information (PHI). 
* Data Ownership: All patient data, shipping labels, routing logs, and client manifests belong strictly to the Business or its hospital clients. Contractor shall not log, copy, photograph, or retain any personal data found on delivery packages.
* Independent Compliance: As a condition of accepting logistics contracts from the Business, Contractor represents that they independently maintain a valid HIPAA Medical Courier Certification and possess the necessary specialized equipment (e.g., locked vehicle storage) to safeguard medical cargo.



 

bottom of page