Path4ABA

Privacy Policy

Path4ABA — Operated by Marlon FM Services Corp · Sunrise, Florida

Effective Date: May 24, 2026  ·  Last Updated: May 24, 2026

1. Introduction

Marlon FM Services Corp ("Company," "we," "us," or "our") operates Path4ABA, a clinical intelligence platform accessible at path4aba.app ("Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Platform.

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform.

2. Who We Are and What We Do

Path4ABA is a software-as-a-service (SaaS) platform designed for Applied Behavior Analysis (ABA) professionals, including Registered Behavior Technicians (RBTs), Board Certified Behavior Analysts (BCBAs), and Board Certified Assistant Behavior Analysts (BCaBAs). The Platform provides tools for clinical documentation, session note generation, scheduling, and supervision management.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Professional role (RBT, BCBA, BCaBA)
  • Password (encrypted)
  • Billing information (processed by Stripe — we do not store payment card data)

3.2 Clinical Data

Users may upload assessment documents and enter clinical information related to their clients. We collect:

  • Behavioral assessment data (behaviors, interventions, replacement skills)
  • Session notes and supervision notes
  • Scheduling and attendance records
  • Clinical profiles

Important: We are designed to minimize the collection of Protected Health Information (PHI) as defined under HIPAA. Users are responsible for ensuring they do not enter unnecessary PHI into the Platform beyond what is required for clinical documentation purposes.

3.3 Automatically Collected Information

When you use the Platform, we automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Time and date of access
  • Referring URLs

3.4 Communications

If you contact us for support, we collect the content of your communications.

4. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Platform
  • Generate AI-assisted clinical documentation using your session inputs
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmation, billing receipts)
  • Respond to customer support inquiries
  • Monitor and analyze usage to improve the Platform
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Enforce our Terms of Service

5. HIPAA Compliance and Protected Health Information

Path4ABA is designed to support HIPAA-compliant workflows. As a Business Associate under HIPAA, Marlon FM Services Corp:

  • Implements administrative, physical, and technical safeguards to protect PHI
  • Does not use or disclose PHI except as permitted by our Business Associate Agreement (BAA) and applicable law
  • Maintains audit logs of access to clinical data
  • Encrypts data at rest and in transit

If you are a Covered Entity under HIPAA, you must execute a Business Associate Agreement (BAA) with us before using the Platform to process PHI. Please contact us at privacy@path4aba.app to request a BAA.

Users are solely responsible for obtaining appropriate patient/client authorizations and consents required under HIPAA and applicable state law before entering any PHI into the Platform.

6. AI-Generated Content

Path4ABA uses OpenAI's GPT-4o to generate clinical documentation. When you submit session data to generate notes:

  • Session inputs are transmitted to OpenAI's API for processing
  • OpenAI processes this data pursuant to their API data usage policies
  • We have configured our OpenAI account to opt out of training data usage
  • Generated notes are returned to you and stored in your account

Users should not include unnecessary PHI in session inputs beyond what is required for note generation.

7. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

Service Providers:

  • Supabase (database and authentication)
  • Vercel (hosting and infrastructure)
  • OpenAI (AI note generation)
  • Stripe (payment processing)

Each service provider is bound by data processing agreements and is prohibited from using your data for their own purposes.

Legal Requirements: We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of our Company, users, or the public.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Platform.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Upon account termination:

  • Account data is deleted within 30 days
  • Clinical documentation may be retained for up to 7 years as required by applicable healthcare regulations
  • You may request earlier deletion subject to our legal retention obligations

9. Security

We implement industry-standard security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.2+ encryption for data in transit
  • Role-based access controls
  • Audit logging
  • Regular security assessments

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your information
  • Object to or restrict processing
  • Data portability
  • Withdraw consent

To exercise these rights, contact us at privacy@path4aba.app. We will respond within 30 days.

California Residents: You have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt-out of the sale of personal information. We do not sell personal information.

Florida Residents: You have rights under the Florida Digital Bill of Rights applicable to certain controllers.

11. Cookies and Tracking

We use essential cookies necessary for Platform operation, including authentication session cookies. We do not use third-party advertising cookies or tracking pixels.

12. Children's Privacy

The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us personal information, contact us immediately at privacy@path4aba.app.

13. Third-Party Links

The Platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Platform at least 30 days before the changes take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, requests, or to execute a Business Associate Agreement:

Marlon FM Services Corp

d/b/a Path4ABA · Sunrise, Florida

Email: privacy@path4abaapp.com

Website: path4aba.app

© 2026 Marlon FM Services Corp. All rights reserved.

Privacy PolicyTerms of Service