For 1 — 4 location healthcare practices

Compliant tracking for independent healthcare practices.

The same architecture hospital systems and specialty pharma use — sized for independent practice. Your site, forms, and tools don't change. The data flow to Meta and Google does. $5,000 setup. $1,000–$2,500 a month.

Book a 15-min demo See pricing 7-day deployment · BAA included · cancel anytime

You're HIPAA-compliant. Your website isn't covered.

HIPAA covers what's inside your EHR, your patient records, and your BAA-covered vendors. It does not cover the tracking pixels on your public-facing website.

Those pixels capture every visitor — patient or not. Service-page visits, condition-page clicks, form interactions — all forwarded to Meta and Google with the visitor's IP and the URL they're on.

Visitor IP plus a health-intent URL is consumer health data under state law. State wiretap statutes treat the forwarding as an interception. State consumer-health-privacy laws treat it as an unauthorized sale. None of these are preempted by HIPAA.

Prove it to yourself.

Free. Instant. No signup. See what your site is sending to Meta, Google, and ad platforms right now.

Finally see what Meta and Google never gave you

The headline outcome isn't compliance. It's that you finally see your patients' full journey on your site.

Every step. Unsampled.

Every visitor's full path. Every page. Every action. By user. No sampling, ever.

Click into individual visits.

Open any visit. See the exact page sequence. Time on each. Referrer in. Exit out. GA4 doesn't expose this.

First-party. Perpetual. Yours.

Data lives inside your perimeter. You own it. Unlimited retention. No 14-month wall like GA4. Not training data for someone else's algorithm.

Better than what Meta showed you anyway.

Meta Ads Manager shows ad performance. Not on-site behavior. You were already flying half-blind. Matomo is the other half — without sending health data to Facebook.

What's actually broken on your website

If your practice runs Google Ads or Meta Ads, your site is sending health-related data to Google and Meta every time a visitor lands on a service page or fills out a form. That's the problem.

Google Analytics on a service page

Every visit to a procedure, condition, or symptom page goes to Google with the visitor's IP and browser fingerprint. Plaintiff firms have a litigation pipeline built on this pattern.

Meta Pixel on a form submit

Patient submits an appointment form. Meta Pixel forwards the form context to Facebook. State wiretap statutes and state consumer-health-privacy laws — across multiple states — treat this as unauthorized disclosure of patient data.

Google Ads conversion tag

Increasingly treated as a "sale" of consumer health data under state privacy laws. Google provides valuable consideration (retargeting, optimization, lookalikes) in exchange for the identifying signal. Cookie banners don't cure this.

Cyber insurance renewals in 2026

Carriers condition cyber-liability renewals on tracking-technology controls. Questionnaires explicitly ask about pixel inventory. "No controls" either drops you or premium-shocks you.

What you get

The sanitization proxy plus everything around it to keep your marketing running.

Apex Vault sanitization proxy

The compliance layer between your site and every downstream destination. Strips identifying signal at the perimeter.

Private Matomo analytics

First-party analytics that replaces Google Analytics. Your dashboards. Your data. Inside your perimeter.

Sanitized Conversion APIs

Server-side conversion events to Meta, Google, Bing, LinkedIn. Each event: per-event identifier, conversion value, timestamp. Nothing else. Ad accounts keep receiving conversion signal to model against.

BAA included

Business Associate Agreement covering the proxy and analytics. Standard terms. One-click signature. No legal back-and-forth.

7-day deployment

Signed BAA to live infrastructure in a week. You don't need to be technical. We install on your existing site, CMS, and hosting.

Annual security review

Annual third-party security review of the shared infrastructure. Summary findings on the trust subdomain. Renewable cyber-liability documentation included.

What stays the same

Apex Vault sits in front of your marketing stack. It doesn't replace your tools.

Your website (no visual changes)
Your CMS (WordPress, Squarespace, Wix, custom)
Your appointment forms and intake forms
Your email marketing (Mailchimp, Constant Contact, etc.)
Your patient-reviews platform
Your scheduling platform
Your EHR, PMS, and clinical systems (untouched)
Your Google Ads and Meta Ads accounts (still active)

Pricing

Setup fee covers installation, configuration, and BAA execution. Monthly fee scales with location count.

1 location

$5,000 + $1,000/mo

$17,000

2 locations

$5,000 + $1,500/mo

$23,000

3 locations

$5,000 + $2,000/mo

$29,000

4 locations

$5,000 + $2,500/mo

$35,000

Annual prepay available with discount. Cancel anytime after the first 90 days. No long-term lock-in.

Included at every tier

Sanitization proxy installation
Private Matomo analytics
Conversion API setup
BAA execution
7-day deployment
Quarterly security review

Not included

Marketing strategy / campaign management
Website redesign or rebuild
Email-marketing platform fees
EHR / PMS integration
Paid media budget
Patient acquisition consulting

Deployment

A typical 1-location install. Multi-location adds 1–2 days per additional location.

Days 1 — 2

Signed BAA & site survey

BAA executed. We audit your existing site for current tracking deployments and confirm your ad accounts. No site changes yet.

Days 3 — 5

Proxy + Matomo deployed

Sanitization proxy provisioned. Private Matomo instance stood up. Conversion APIs wired to Meta and Google. Test conversions verified end-to-end.

Days 6 — 7

Live cutover

Tracking pixels removed from your site. Sanitized data flow goes live. Your ad accounts continue receiving conversion signal from day 7 onward.

What this isn't for

A few things worth saying directly.

5+ locations or hospital-system scale

This tier is for solo and small-group practices. 5+ locations, hospital systems, or specialty pharma need the same architecture in a different deployment shape — single-tenant, pre-go-live pen testing, custom integrations. See use cases for MSO Platform and Enterprise.

Common questions

Will this break my Google Ads or Meta Ads?

No. Campaigns continue running. The conversion signal changes — instead of per-user matched events, Meta and Google receive aggregate events they model against. Most accounts recalibrate in 2–4 weeks, then stabilize. You lose Lookalikes from conversion events and per-user retargeting from conversion events. You keep prospecting, Smart Bidding, Advantage+, and aggregate conversion reporting. For most independent practices, that's an even trade.

Do I need to be technical?

No. We handle the install. You don't touch your site's code. No developer on staff required. Apex Vault engineers run the deployment on your existing infrastructure.

What about my email marketing platform?

Untouched. Mailchimp, Constant Contact, Klaviyo, Active Campaign — different data path. Apex Vault doesn't sit in front of them. Lists, sends, automations all continue as-is.

What about my EHR or patient-records system?

Untouched. Apex Vault is a perimeter proxy for marketing and analytics on your public-facing website. EHR, EMR, patient portals, and clinical workflows are on entirely separate data paths.

Is the BAA negotiable?

For Independent Practice tier, the BAA is a standard template with one-click signature. Custom BAA negotiation is available at MSO Platform and Enterprise tiers.

Can I cancel?

Yes, after the first 90 days. The 90-day initial period covers installation and break-even on setup work. After that, cancel any time with 30 days' notice.