Legal
Privacy Policy
This Policy explains how Timeout Supply handles information when you visit our website or use our product-comparison, order-preparation, inventory, and document-processing services.
Last updated: July 10, 2026
1. Scope
This Privacy Policy applies to Timeout Supply’s website, applications, pilots, and related services (the “Service”). It does not apply to supplier websites or other third-party services, which publish their own privacy policies.
2. Information we collect
Depending on how you use Timeout, we may collect:
- Account information, such as your name, work email, authentication identifiers, role, and settings.
- Practice information, such as practice name, business and shipping addresses, phone number, specialty, NPI, professional license information, tax status, and purchasing contacts.
- Supplier and purchasing data,such as supplier names, customer or account identifiers, catalogs, product selections, quantities, price observations, shipping terms, carts, order handoffs, confirmation numbers, and purchase history.
- Documents and extracted data,including invoices, order histories, descriptions, SKUs, units of measure, prices, dates, and supplier details in files you upload.
- Inventory and workflow data,such as stock levels, reorder points, procedure supply lists, alerts, and receiving activity.
- Technical and usage data, such as IP address, browser and device information, pages viewed, feature interactions, diagnostics, timestamps, and security events.
- Communications, including questions, feedback, pilot notes, and support correspondence.
Supplier and purchasing data comes from you or other authorized users, including information entered in Timeout, provided in uploaded files, or deliberately shared through an optional paired browser connection. After you sign in directly on a supplier's website, that connection may collect selected business fields such as account identifiers, catalogs, prices, shipping terms, order or invoice history, and representative details. Timeout does not request or store supplier usernames, passwords, multi-factor codes, cookies, or access tokens, and the connection does not sign in or submit orders for you.
3. How we use information
We use information to:
- provide, personalize, and maintain the Service;
- compare item prices, normalize units, group items by vendor, and prepare manual order handoffs;
- parse documents, normalize products and units, and present matches for user review;
- support inventory, receiving, reporting, and purchasing records;
- authenticate users and protect accounts and the Service;
- respond to requests and administer pilots;
- diagnose problems, measure performance, and improve Timeout;
- comply with law and enforce our agreements; and
- create aggregated or de-identified information that does not reasonably identify you or your practice.
4. AI-assisted document processing
Timeout may use third-party artificial-intelligence services to extract and structure information from invoices, order histories, and similar files. This may involve sending an uploaded file or relevant portions to an AI processing provider. We use the results to suggest suppliers, products, quantities, units, and prices for review.
Automated extraction can be inaccurate. Review results before using them for comparisons, inventory, or orders. AI providers process data under their applicable business terms, privacy commitments, and the configurations we select. Do not upload PHI or information you are not authorized to disclose.
5. How we disclose information
We may disclose information:
- Within your organization, to authorized account members and administrators.
- To service providers, such as identity, hosting, database, security, document-processing, AI, and communications providers that help operate Timeout.
- At your direction, through an optional supplier connection you activate. The connection may send selected post-login business data to Timeout, but it does not send login credentials or automatically submit orders.
- For legal and safety reasons,when reasonably necessary to comply with law, enforce agreements, or protect users, Timeout, suppliers, or others.
- In a business transaction, in connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality protections.
- At your direction or with your consent.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising or use invoice and order data to advertise third-party products to you.
6. Supplier sites and links
Timeout may link to supplier websites, prepare vendor-specific order information, and offer a paired browser connection for selected post-login business data. You sign in and submit order details directly on the supplier's website. Timeout does not request or store supplier portal credentials, cookies, or access tokens and does not transfer or submit a cart. You can disconnect the paired browser at any time. The supplier controls its checkout and its use of order and account data. Review the supplier's privacy policy and terms before continuing. Timeout is not responsible for a third party's privacy or security practices.
7. No protected health information
Timeout is designed for business purchasing and inventory data, not patient records or protected health information (“PHI”). Do not upload patient names, medical record numbers, diagnoses, treatment details, or other PHI. Review and redact documents before upload. If PHI is submitted inadvertently, notify us through the support channel provided for your account so we can evaluate deletion and containment.
8. Retention and deletion
We retain information while your account or pilot is active and as reasonably necessary to provide the Service, maintain business and security records, comply with law, resolve disputes, and enforce agreements. Retention varies by data type and context. Account and transaction records may be retained longer than temporary processing files or diagnostic logs.
You may request account or uploaded-data deletion through the support process provided with your account or pilot. We will evaluate requests subject to legal, security, fraud-prevention, backup, and contractual requirements. Deleted information may remain in encrypted backups until those backups cycle out. We may retain aggregated or de-identified information that no longer reasonably identifies you.
9. Security
We use administrative, technical, and organizational safeguards intended to protect information, including access controls and encryption in transit and at rest where appropriate. No system is completely secure, and we cannot guarantee that unauthorized access, loss, or misuse will never occur. You are responsible for protecting your account and using approved methods when transferring data.
10. Your choices and rights
You may update certain account and practice information in the Service. Depending on where you live, you may have rights to request access, correction, deletion, or a copy of personal information, or to appeal a denied request. Submit requests through the support process provided with your account or pilot. We may verify your identity and authority before acting.
11. Cookies and similar technologies
Timeout and its service providers may use cookies, local storage, and similar technologies for authentication, security, preferences, diagnostics, and core product functionality. Browser settings may allow you to limit cookies, but disabling necessary storage can prevent parts of the Service from working.
12. Children
Timeout is a business service and is not directed to children under 13. We do not knowingly collect personal information from children under 13.
13. United States processing
Timeout is currently offered from the United States. Information may be processed in the United States and other locations where our service providers operate, subject to applicable law and contractual safeguards.
14. Changes to this Policy
We may update this Privacy Policy as the Service and our practices change. We will post the revised date and provide additional notice when required by law. Material changes apply prospectively unless otherwise permitted by law.