Effective date: 6/23/2026
Controller: Threshold Health Incorporated d/b/a Beeline Health ("Beeline," "we," "us," "our") Scope: This policy covers perfectreferral.com, api.perfectreferral.com, developer.perfectreferral.com and docs.perfectreferral.com (collectively, the "Service")
Perfect Referral is a developer API that returns scope-of-practice estimates about healthcare providers. This policy explains the limited information we collect from the people and organizations who use the Service, and separately addresses the information about providers that the Service produces.
The Service does not collect, receive, or process Protected Health Information (PHI) or any patient or beneficiary data. You submit provider identifiers (such as NPIs) and receive provider-level estimates in return. No patient-level information is required, requested, or invited, and you are contractually prohibited from sending it. Accordingly, for the standard Service, Beeline is not a HIPAA Business Associate and no Business Associate Agreement is required. (Any future arrangement involving PHI would be governed by a separate written agreement, including a BAA — see the Terms of Service.)
We collect the following about the developers and organizations that use the Service:
We do not collect payment card information; the Service does not currently process payments.
We use the information above to: provide, maintain, secure, and improve the Service; authenticate users and enforce rate limits and these terms; communicate with you about your account and the Service; send product or marketing communications subject to your choices (Section 8); detect and prevent fraud, abuse, and security incidents; and comply with legal obligations.
We share user information only with vendors that process it on our behalf under appropriate contractual protections, including:
About AI and language-model processing. In providing the Service, Beeline does not send your API queries, the identifiers you submit, or your personal information to any language model or third-party AI service.
We may in the future introduce features that use language models or other AI systems in connection with the Service. Before enabling any such processing of your personal information or user-submitted content, we will update this policy to identify any third-party AI providers as service providers, describe the data involved and the purpose, and obtain consent where required by law. We will not retroactively apply new AI processing to information collected under a prior version of this policy in a manner inconsistent with that version.
We may also disclose information to comply with law, enforce our Terms, or protect the rights and safety of Beeline, our users, or others, and in connection with a merger, acquisition, or sale of assets (with notice as required by law).
We do not sell, rent, or "share" (as defined under the California Consumer Privacy Act, as amended) the personal information of users of the Service for cross-context behavioral advertising.
The marketing and documentation sites use cookies and similar technologies for functionality and analytics. You can control cookies through your browser and, where applicable, through any consent banner we provide.
We send transactional messages about your account, security, and the Service that you cannot opt out of while you use the Service. We may also send marketing communications, which you can decline at any time via the unsubscribe link in each message or by contacting privacy@threshold.health. We honor opt-outs promptly and comply with the CAN-SPAM Act.
The Service produces estimates about identified healthcare providers, derived from publicly available U.S. government records (including federal claims datasets published in de-identified, aggregated form) and from Beeline's statistical modeling. These estimates concern providers in their professional capacity and do not contain patient information.
Provider review and corrections. Beeline maintains a process for reviewing and correcting information about providers:
We retain account, usage, and log data for as long as needed to provide the Service and for legitimate business and legal purposes, after which it is deleted or de-identified.
We use reasonable administrative, technical, and organizational safeguards designed to protect information we hold. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.
Depending on where you live, you may have rights to access, correct, delete, or port your personal information, and to opt out of certain processing. California residents have rights under the CCPA/CPRA, including to know, delete, correct, and limit, and to be free from discrimination for exercising them. To exercise rights, contact privacy@threshold.health; we will verify and respond as required by law.
The Service is intended for developers and organizations and is not directed to children, and we do not knowingly collect personal information from children.
The Service is operated in the United States. If you access it from outside the U.S., you understand your information will be processed in the U.S.
We may update this policy from time to time. Material changes will be posted with an updated effective date and, where appropriate, communicated to account holders.
privacy@threshold.health
Threshold Health Incorporated
1223 Cleveland Ave #200-225
San Diego, CA 92103
References to government data sources are for provenance only and do not imply endorsement by or affiliation with any government agency.