OMD Back to site

CCE Platform, Inc.

Privacy Policy

Last updated: June 27, 2026 · CCE Platform, Inc., 12747 Olive Blvd, Suite 300, St. Louis, MO 63141 · Contact: privacy@cce-platform.com · general: hello@cce-platform.com

Read the part that applies to you. CCE operates two surfaces with two distinct privacy regimes. Beacon (the patient/caregiver app) is governed by this consumer Privacy Policy. The OMD clinician platform handles Protected Health Information under HIPAA and your agency's notices — not this policy (see §10). Beacon consumer health data is also covered by the separate Consumer Health Data Privacy Policy.

1. Scope — who this policy covers (and who it doesn't)

CCE Platform, Inc. ("CCE," "we") operates two distinct surfaces with two distinct privacy regimes. Read the part that applies to you.

SurfaceWho you areWhat governs your data
Beacon (beacon.cce-platform.com, Beacon apps)A patient / caregiver using your own emergency health profileThis Privacy Policy plus the separate Consumer Health Data Privacy Policy. CCE is the data controller.
OMD / CCE platform (field app, OMD Admin, Builder Lab)An EMS clinician/administrator of a contracting agencyHIPAA + your agency's Notice of Privacy Practices, not this policy. CCE is a HIPAA Business Associate processing PHI on behalf of your agency under a Business Associate Agreement. See §10.
Marketing site (cce-platform.com)A visitor§§3–9 (limited — contact + minimal analytics).

The critical boundary: Protected Health Information (PHI) that EMS agencies process through OMD is not governed by this consumer Privacy Policy. It is governed by HIPAA, the BAA between CCE and the agency, and the agency's own privacy notices. This policy governs the consumer (Beacon) relationship and ordinary website/account data.

2. Quick summary (not a substitute for the full text)

3. Information we collect (Beacon / consumer)

You provide:

From connected sources, only with your authorization:

Collected automatically:

4. How we use information

We use Beacon information solely to:

We do not use your data for advertising or sell it (§5).

5. No sale; no advertising; no data-sharing for ads

CCE does not sell your personal or health information, does not sell access to it, and does not sell de-identified data. We do not "share" personal information for cross-context behavioral advertising. We do not use Beacon health data to serve ads.

6. How information is shared / disclosed

We do not disclose Beacon data to your EMS agency's OMD records except through the audited, patient-authorized snapshot egress. (By design, OMD never queries Beacon patient tables.)

7. Sub-processors

We use a maintained list of sub-processors (available on request). Any sub-processor on a PHI path is covered by a Business Associate Agreement and operates under a zero-retention / no-model-training posture for that data (clinical reasoning is routed only to BAA-covered providers). Hosting and core infrastructure are provided by Google Cloud (United States).

8. Data retention and deletion

9. Your rights and choices

Depending on your residency, you may have rights to access, correct, delete, export (portability), and restrict certain processing of your information, and to be free from discrimination for exercising them.

We verify requests against the account email before acting. Do not include urgent medical information in support email — Beacon is not an emergency service; call 911 for emergencies.

10. EMS clinician / agency users (HIPAA path) — not governed here

If you use OMD/CCE as a clinician or administrator of a contracting EMS agency, the patient information you handle is PHI processed by CCE as a Business Associate on behalf of your agency. That processing is governed by HIPAA, the BAA, and your agency's Notice of Privacy Practices — not this consumer Privacy Policy. Patients seeking their EMS records should contact the treating agency. Recording-consent practices follow state law (Missouri one-party / Illinois all-party) as configured by the agency.

11. Children

Beacon is not directed to children under 13. A parent/guardian may maintain a dependent's emergency profile as caregiver; that data is treated as the dependent's health information under this policy.

12. Security

We use administrative, physical, and technical safeguards including per-tenant row-level security, encryption in transit and at rest, envelope encryption of sensitive fields, signed-URL object access, server-side-only third-party tokens, and access/audit logging. No method of transmission or storage is 100% secure.

13. International users

The service is operated from and stores data in the United States. If you access it from outside the US, you consent to processing in the US.

14. Changes to this policy

We will post updates here with a new "Last updated" date and, for material changes affecting health data, provide a more prominent notice.

15. Contact

Privacy questions or requests: privacy@cce-platform.com. General: hello@cce-platform.com. Mailing: CCE Platform, Inc., 12747 Olive Blvd, Suite 300, St. Louis, MO 63141.