AdminDragon - Privacy Policy

Dragon LLC (“AdminDragon,” “we,” “our,” or “us”) is committed to protecting your privacy and safeguarding the confidentiality of information you share with us. This Privacy Policy explains how we collect, use, disclose, and protect information, including Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

By using AdminDragon's website, mobile apps, or services, you agree to the practices described in this Privacy Policy.


1. Information We Collect

We may collect the following categories of information:

  • Personal Information: Name, email address, phone number, organization, login credentials.
  • Protected Health Information (PHI): Information created, received, stored, or transmitted through AdminDragon related to services provided under EI, CPSE, CSE, Medicaid, or other special education programs.
  • Usage Information: Device type, IP address, browser type, app usage logs, session activity.
  • Payment and Billing Information: Information necessary to process transactions with agencies or providers.

2. How We Use Information

We use collected information to:

  • Provide, operate, and improve our platform and mobile applications.
  • Enable secure documentation, billing, and communication between agencies, providers, and parents.
  • Ensure compliance with regulatory frameworks (including HIPAA, Medicaid, and Department of Education requirements).
  • Protect system integrity, monitor for unauthorized access, and support audit readiness.
  • Communicate updates, service information, or required notices.

3. HIPAA Compliance

AdminDragon acts as a Business Associate (BA) under HIPAA when handling PHI on behalf of covered entities such as agencies and providers.

We have implemented administrative, technical, and physical safeguards in accordance with the HIPAA Security Rule and Breach Notification Rule, including:

  • Encryption of PHI in transit and at rest.
  • Role-based access controls and unique user authentication.
  • Audit logs to monitor system activity.
  • Workforce training on HIPAA policies and procedures.
  • Secure data backup, disaster recovery, and contingency planning.
  • Breach notification procedures consistent with HIPAA requirements.

Our most recent HIPAA Security and Breach Notification Rule Assessment concluded with a Satisfactory rating, confirming safeguards are in place to meet compliance requirements.


4. How We Share Information

We do not sell or rent your information. We may share information only as follows:

  • With authorized agencies, providers, and government departments (e.g., DOE, Medicaid) as required for services and compliance.
  • With trusted third-party service providers who assist in delivering our platform, subject to confidentiality and Business Associate Agreements (BAAs).
  • When required by law, regulation, or valid legal process.
  • To protect the rights, security, or safety of AdminDragon, our users, or others.

5. Data Retention and Disposal

  • PHI and related records are retained only as long as necessary to meet regulatory and contractual obligations.
  • Secure disposal methods (such as encryption wipe and media destruction) are used when data is no longer required.

6. User Rights

Depending on your role and applicable law, you may have the right to:

  • Request access to your PHI.
  • Request corrections or amendments to your PHI.
  • Request restrictions on certain uses or disclosures of your PHI.
  • Receive an accounting of disclosures of PHI as permitted under HIPAA.

To exercise these rights, please contact us at helpdesk@admindragon.com.


7. Security

We use industry-standard safeguards to protect all information within AdminDragon, including but not limited to:

  • End-to-end encryption
  • Automatic logoff for idle sessions
  • Secure hosting environments with access monitoring
  • Regular third-party security and compliance assessments

8. Children's Privacy

Our platform is designed to support services for children through agencies and providers. We do not knowingly collect information directly from children under 13 without appropriate parental or guardian consent.


9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in technology, legal requirements, or our services. The “Last Updated” date at the top of this page indicates when this policy was last revised.


10. Contact Us

For questions or concerns regarding this Privacy Policy or our HIPAA compliance, please contact:

AdminDragon LLC

Email: helpdesk@admindragon.com