Operating Authority is a content strategy agency operating under Amatoris Media LLC. We work with physician clients — primarily orthopedic, spine, and neurosurgeons — to develop practice leadership content delivered in their voice. Our website is theoperatingauthority.com.
This policy explains how we collect, use, and protect information in connection with our services and messaging program.
We collect only what is necessary to deliver our services. This includes:
We do not collect sensitive personal health information (PHI) about your patients. If a client voluntarily references patient scenarios for illustrative purposes, that information is not stored, catalogued, or retained beyond the immediate working session.
Data is used exclusively to deliver content strategy services to the individual client who provided it. Specifically:
No client data is shared with any other client. Transcripts and content are stored in isolated, client-specific databases.
We use the following tools to operate the service. Each provider is bound by their own privacy policy and data processing terms.
| Tool | Purpose |
|---|---|
| Twilio | WhatsApp message delivery and receipt for the program's messaging channel |
| Airtable | Client-specific data storage for content banks, transcripts, and engagement records |
| Make.com (Integromat) | Workflow automation connecting messaging, transcription, and content storage |
| OpenAI (Whisper) | Audio transcription; audio files are passed to the API and not retained by us after processing |
| Anthropic (Claude) | Content categorization and draft generation from transcripts |
| Calendly | Scheduling calls; governed by Calendly's own privacy policy |
| Netlify | Website hosting; may collect standard server logs (IP address, browser, referring URL) |
We select tools that allow us to limit data retention and configure processing boundaries where possible. We do not authorize any third-party tool to use client data for purposes beyond operating our service.
We take reasonable technical and organizational measures to protect client data against unauthorized access, disclosure, or loss. These include:
No system is completely secure. If you have reason to believe a data incident has occurred, contact us immediately at ben@madewithpbj.com.
Clients may request deletion of their content data at any time by emailing ben@madewithpbj.com. Deletion requests will be fulfilled within 30 days.
Operating Authority is a content strategy service, not a covered entity or business associate under HIPAA. Our service does not require, request, or process Protected Health Information (PHI) about your patients. Do not share patient identifiers, diagnoses, or any information that could identify a specific patient in your communications with us.
Content we help you develop is intended for public distribution (LinkedIn posts, practice communications). By providing content for development, you confirm that it does not contain patient PHI.
Depending on your location, you may have the right to:
To exercise any of these rights, contact us at ben@madewithpbj.com.
Our services are directed exclusively at adult professionals (physicians and practice administrators). We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently received such information, we will delete it promptly.
We may update this policy to reflect changes in our services or applicable law. When we do, we will update the "Last updated" date at the top of this page. Active clients will be notified of material changes via the program's messaging channel or email.
Questions about this policy or your data: