Eye2Automation (“we,” “us,” or “our”) builds healthcare workflow software, including multiple Chrome browser extensions and related web services. Protecting the confidentiality, integrity, and availability of information—especially data processed in clinical and practice environments—is central to how we design, operate, and support our products.
This Privacy Policy comprehensively describes what information we collect, how we collect and use it, where it is stored, who we share it with, and what security measures we apply. It applies to all Eye2Automation websites, Chrome Web Store listings, browser extensions, APIs, and customer support channels. It is intended to satisfy the Chrome Web Store User Data Policy, Disclosure Requirements, Handling Requirements, and Limited Use policies.
This policy applies to all products and services offered under the Eye2Automation brand, including:
Each extension’s Chrome Web Store listing and in-product interface describe the specific features that extension provides. This policy describes data practices common across our platform and the categories of data any extension may process when you use its features.
Our services are intended for authorized staff of healthcare practices and related organizations. Accounts are typically provisioned by your practice administrator. If you use our extensions on behalf of your employer, your practice’s policies and agreements with us may also apply.
For website inquiries and direct relationships with Eye2Automation, we act as a data controller for the information you provide to us. For patient and clinical workflow data processed through extensions on behalf of a healthcare practice, we generally act as a data processor (or “service provider” under U.S. state privacy laws), processing data only on the practice’s instructions and as described in our customer agreements and, where applicable, Business Associate Agreements (BAAs).
Our approach to user data is guided by the following commitments:
The categories below describe information that may be collected depending on which Eye2Automation products your practice uses and which actions you take. Not every category applies to every extension or every user session.
| Category | Examples | Typical source |
|---|---|---|
| Identity & account data | Practice-assigned username; password (transmitted for authentication, not stored in plain text in extensions); internal user ID; display name; role or location assignments; session tokens and expiry | You (login); our authentication services |
| Practice configuration | Enabled features; allowed office locations; integration endpoints; feature flags; license or entitlement metadata | Our servers; your administrator |
| Patient & clinical workflow data | Patient identifiers; names; dates of birth or age where shown; appointment or encounter context; insurance or eligibility fields; workflow selections (status codes, technician assignments, document types) | EHR or practice system pages in your active, authenticated session (DOM/content you are viewing) |
| Documents & media | PDF or image content; filenames; document categories; rendered pages captured when you trigger send, fax, download, or automation actions | Your explicit action in the browser |
| Communications metadata | Recipient email or fax numbers you enter; subject lines; message body text you type; delivery status; timestamps; audit logs of sends | You; transmission services you route through |
| Contacts & directories | Saved recipient emails, display names, or contact lists you store for convenience within a product | You; our servers (if sync enabled) |
| Device & technical data | Extension version; browser type; error diagnostics; API request metadata; IP address and TLS logs on our infrastructure | Automatic (operational necessity) |
| Website & support data | Name, email, phone, practice name, inquiry content, chat messages, support ticket history | You (forms, email, chat) |
Because our products integrate with healthcare workflows, information processed may include protected health information (PHI) under HIPAA (U.S.) and comparable protected categories in other jurisdictions. We treat such data with heightened safeguards as described in Sections 10 and 11.
Information you type or select: login credentials, recipient addresses, message content, settings, contact forms, and support correspondence.
Content scripts may read elements visible on web pages you have opened in an authenticated EHR or practice system session—only on host domains declared in that extension’s permissions and only to power user-facing features (e.g., pre-filling a recipient, identifying the active patient context, rendering an action button). We do not operate hidden background scraping of unrelated sites.
Extensions use Chrome extension APIs such as chrome.storage (local or sync, as declared), messaging between extension components, and—where permitted—tab, scripting, download, or notification APIs strictly for the workflows described in each listing.
When you authenticate or invoke a server-backed feature, data is sent to Eye2Automation-operated or contracted infrastructure over encrypted connections, as described in Sections 7–10.
Limited technical metadata is processed by hosting, email, analytics, or communication vendors supporting our websites and infrastructure, under contractual confidentiality and security obligations.
We use collected information exclusively for the following purposes:
We will never: sell personal information; use extension-derived data for targeted advertising; share data with data brokers; or use PHI for purposes unrelated to providing our services to your practice.
Depending on jurisdiction, our processing may rely on:
Healthcare practices remain responsible for establishing a lawful basis for clinical data they control and for providing any required notices to patients under applicable healthcare privacy rules.
Eye2Automation uses a controlled ecosystem of third-party services. The table below describes categories of recipients—not an exhaustive list of every vendor—because specific providers may vary by feature, practice configuration, and product version.
| Category | Types of data involved | Why they receive it | Safeguards |
|---|---|---|---|
| Cloud infrastructure & API hosting | Authentication payloads, workflow records, logs, configuration, metadata from API calls | Operate secure backends, authentication, and extension APIs | Contractual DPAs/BAAs where required; TLS; access logging; vendor security review |
| Practice-configured delivery systems | Documents, recipient addresses, subjects, message bodies, patient names or IDs as included in sends | Deliver email, fax, or messages through systems your practice controls (e.g., workspace email automation, fax APIs) | Transmission only on user action; governed by your practice’s agreements with those providers |
| EHR & practice software platforms | Data already present in your session; no sale of data to the EHR vendor by Eye2Automation | Extensions interact with pages you open while logged into your EHR | Host permissions limited to declared domains; no collection outside user-facing features |
| Integration & eligibility partners | Patient demographics or insurance identifiers when a practice enables a specific integration | Optional features such as benefits lookup or quoting, only when enabled | Feature-gated; minimum necessary fields; contractual restrictions on use |
| Website & support tools | Contact form fields, chat content, support emails | Respond to sales and support inquiries on our public website | Separate from clinical extension backends where feasible; vendor confidentiality terms |
| Content delivery & fonts | IP address, browser metadata when loading static assets on our website | Deliver CSS, fonts, and scripts for marketing pages | No access to extension clinical payloads; standard CDN logging |
A detailed subprocessor list for enterprise customers is available upon request at support@eye2automation.com. We notify customers of material subprocessor changes as provided in applicable agreements.
| Data type | Typical retention |
|---|---|
| Browser session / local extension state | Until logout, session timeout (as configured per product), uninstall, or manual clear |
| Authentication & account records | Duration of active subscription plus period required for audit, tax, or legal hold |
| Transactional logs (sends, workflow events) | As required for practice operations and contractual audit periods, then deleted or archived |
| Support & sales inquiries | Typically up to 24 months unless longer retention is required by law or ongoing relationship |
| Security & infrastructure logs | Limited retention aligned to security monitoring needs (often 30–90 days for raw logs, longer for aggregated metrics) |
Practice administrators or authorized users may request deletion of server-side account data by contacting support@eye2automation.com. Local extension data can be removed immediately via logout, clearing extension/site data in Chrome settings, or uninstalling the extension. Deletion may be delayed where law requires retention or where data exists in practice-controlled systems outside our direct control.
Security is a design requirement, not an afterthought. We implement layered administrative, technical, and physical safeguards appropriate to the sensitivity of healthcare and personal data processed through our platform.
Our security and privacy practices are designed to support healthcare customers, including alignment with HIPAA requirements where we act as a Business Associate, and with SOC 2–style control objectives for security, availability, and confidentiality. Specific certifications and BAAs are provided under commercial agreements.
No security program eliminates all risk. If you believe your account or device has been compromised, contact us immediately and rotate credentials per your practice’s security policy.
Eye2Automation publishes multiple Chrome extensions. Each declares only the permissions required for its documented features. Permissions may differ between products. The authoritative list for any installed extension appears in the Chrome Web Store listing and Chrome’s extension management UI (chrome://extensions). Below we explain permission categories that may appear across our product line.
| Permission | Why it may be requested | Data impact |
|---|---|---|
storage |
Persist login session, user preferences, feature toggles, and short-lived workflow state on your device | Local only until cleared or expired; may include encrypted session blobs |
activeTab |
Interact with the tab you are currently using when you click the extension or an in-page action button | Access limited to user gesture–associated tab; narrower than broad host access where used |
tabs |
Open, focus, or coordinate auxiliary tabs (e.g., launching a linked clinical application window) | Tab URLs and IDs for workflow coordination only |
scripting |
Inject approved scripts to render UI, capture documents, or trigger print/export helpers you request | Page content on permitted hosts during active workflows |
downloads |
Save generated PDFs or exports to your device when you use download features | Files you choose to download; filename metadata |
notifications |
Display completion or error notices for long-running tasks you start | Minimal metadata in notification text; no unrelated tracking |
sidePanel |
Provide a dedicated panel UI alongside permitted sites (e.g., telephony or messaging assistants) | Data you enter in the panel; context from coordinated tabs as disclosed |
cookies (where declared) |
Maintain session compatibility with authenticated web applications you already use | Session cookies on declared hosts only; not used for cross-site ad tracking |
Host permissions restrict which websites an extension may access. Across our products, host access is limited to domains such as:
file:// access supports offline document workflows explicitly described in the listing.We follow Chrome’s minimum permission principle: extensions must not request access broader than necessary for existing features. Optional permissions, when used, are requested at runtime only when you enable the related capability.
Content scripts may run on declared hosts to display buttons, modals, or helpers. Web-accessible resources (e.g., PDF workers, signing libraries) are exposed only to pages matching declared patterns and only to support documented features—not to track unrelated browsing.
If an update requires new permissions, Chrome prompts you to accept or disable the extension. We document material permission changes in release notes and store listings where practicable.
Our platform is built for healthcare and adjacent regulated environments. Information processed may constitute PHI under the U.S. Health Insurance Portability and Accountability Act (HIPAA) and similar laws globally.
Your practice remains the custodian of patient records in your EHR and mail systems. You are responsible for patient notices, consents, and use policies required under applicable healthcare and privacy laws.
Limited Use compliance: Eye2Automation’s use and transfer of information received from Google APIs and Chrome extension user data adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.
Depending on your location and role, you may have the following rights regarding personal information:
Submit requests to support@eye2automation.com. We may verify identity and coordinate with your practice administrator for workforce accounts. We respond within applicable legal timeframes (typically within 30 days).
Residents of California, Colorado, Virginia, and other states with comprehensive privacy laws may have additional rights. We do not sell personal information as defined by the CCPA/CPRA. You may use an authorized agent where permitted by law.
Where GDPR applies, you may lodge a complaint with your supervisory authority. Our legal bases are described in Section 6. International transfers use appropriate safeguards as described in Section 15.
Our services are not directed to individuals under 13 (or 16 where applicable). We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us and we will delete it promptly.
Eye2Automation is based in the United States. Data may be processed in the U.S. and other countries where we or our subprocessors operate. We implement appropriate safeguards for cross-border transfers as required by applicable law, including standard contractual clauses or equivalent mechanisms where relevant.
Our marketing websites may use:
Website form submissions are used to respond to your inquiry—not sold to marketers. You can control cookies through browser settings. We do not respond to “Do Not Track” signals in a uniform way across all browsers because no industry standard is universally adopted.
Our extensions do not make solely automated decisions with legal or similarly significant effects on individuals. Workflow suggestions or validations operate under user control and practice policy.
We may update this Privacy Policy to reflect product, legal, or security changes. The “Last updated” date at the top will change when we publish revisions. Material changes affecting extension data practices may be communicated via email to practice contacts, in-product notice, or Chrome Web Store update notes. Continued use after the effective date constitutes acceptance where permitted by law.
For privacy questions, security reports, subprocessor lists, data subject requests, or Chrome Web Store compliance:
Eye2Automation — Privacy & Security
support@eye2automation.com (214) 509-8683Please include your practice name, product name (if known), and username (if applicable) so we can respond accurately. Security vulnerabilities should be reported responsibly to the same address with “Security” in the subject line.