Legal

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last updated: January 7, 2025

Introduction

Aliva Health, Inc. ("Aliva," "we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our clinical intelligence platform and related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

Information We Collect

Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, phone number, organization name, job title, and professional credentials when you create an account or request a demo.
  • Billing Information: Payment card details, billing address, and transaction history (processed securely through our payment processors).
  • Communications: Information you provide when you contact us for support, send us feedback, or participate in surveys.
  • Professional Information: Medical license numbers, NPI numbers, and other professional identifiers for verification purposes.

Protected Health Information (PHI)

When you use our clinical intelligence platform, we may process Protected Health Information on behalf of healthcare organizations ("Covered Entities") in accordance with the Health Insurance Portability and Accountability Act (HIPAA). Our handling of PHI is governed by Business Associate Agreements with our customers.

Automatically Collected Information

When you access our Services, we automatically collect:

  • Device Information: Device type, operating system, browser type, and unique device identifiers.
  • Usage Information: Pages viewed, features used, time spent on the platform, and interaction patterns.
  • Log Data: IP address, access times, referring URLs, and system activity logs.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related information
  • Send technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Communicate about products, services, and events offered by Aliva
  • Monitor and analyze trends, usage, and activities in connection with our Services
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Personalize and improve your experience
  • Comply with legal obligations and enforce our terms

Data Sharing & Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share information with third-party vendors who perform services on our behalf, such as cloud hosting, payment processing, analytics, and customer support. These providers are contractually obligated to protect your information.

Business Transfers

If Aliva is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Aliva, our users, or others.

With Your Consent

We may share your information with your consent or at your direction.

Data Security

We implement robust security measures to protect your information:

  • Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3.
  • Access Controls: Role-based access controls and multi-factor authentication protect system access.
  • Monitoring: Continuous security monitoring and intrusion detection systems.
  • Auditing: Comprehensive audit logs track all data access and system changes.
  • Training: Regular security awareness training for all employees.
  • Assessments: Annual third-party security assessments and penetration testing.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

HIPAA Compliance

Aliva is committed to maintaining the confidentiality, integrity, and availability of Protected Health Information (PHI) in accordance with HIPAA requirements.

Business Associate Agreement

We enter into Business Associate Agreements (BAAs) with all Covered Entity customers before processing any PHI. These agreements outline our responsibilities for safeguarding PHI.

Security Safeguards

We maintain administrative, physical, and technical safeguards as required by the HIPAA Security Rule, including:

  • Designated Privacy and Security Officers
  • Documented policies and procedures
  • Workforce training and access management
  • Incident response and breach notification procedures
  • Regular risk assessments and audits

SOC 2 Type II Certification

Aliva maintains SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality controls.

Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request a copy of your data in a portable format.
  • Opt-Out: Opt out of marketing communications at any time.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise these rights, please contact us at privacy@aliva.health.

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. These technologies help us:

  • Remember your preferences and settings
  • Understand how you use our Services
  • Improve our Services and user experience
  • Deliver relevant content and advertisements

Types of Cookies We Use

  • Essential Cookies: Required for the Services to function properly.
  • Analytics Cookies: Help us understand how visitors interact with our Services.
  • Functional Cookies: Remember your preferences and personalize your experience.
  • Marketing Cookies: Used to deliver relevant advertisements.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Meet regulatory requirements for healthcare data

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

  • Posting the updated policy on our website
  • Updating the "Last updated" date at the top of this policy
  • Sending you an email notification (for material changes)

We encourage you to review this Privacy Policy periodically to stay informed about our practices.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Aliva Health, Inc.

Privacy Team

Email: privacy@aliva.health

Phone: 1-800-555-1234

Address: 100 Healthcare Way, Suite 500
San Francisco, CA 94105

For HIPAA-related inquiries, please contact our Privacy Officer at hipaa@aliva.health.