Skip to main content

Privacy Policy

Effective Date: August 15, 2025
Last Updated: June 15, 2026

1. Introduction

Sevana Health (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website sevanahealth.com and when organizations use our healthcare compliance automation platform.

This policy distinguishes between two very different groups:

  • Website visitors — anyone who browses our public marketing website, fills out a form, or contacts us. The information we collect from website visitors is ordinary business and analytics data. It is not Protected Health Information and is not governed by HIPAA.
  • Platform customers — health plans and their authorized users who license our software. Data processed inside the platform on a customer’s behalf, including any Protected Health Information (PHI), is handled under our customer agreements and Business Associate Agreements (see Section 10).

2. Information We Collect

From Website Visitors

When you interact with our website, we may collect:

  • Identifiers and contact details you submit through forms (name, email, phone, company, job title)
  • Professional information such as your organization and role
  • Communications you send to us
  • Internet and device activity collected automatically, such as IP address, browser and operating system, pages visited, time on page, and referring website
  • Approximate location derived from your IP address

From Platform Customers

When a customer uses the platform, we process the data their authorized users upload or generate (for example, CMS universe files and compliance records), along with account credentials and billing information. We process this data under the direction of the customer and in accordance with our agreements with them.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our website and services
  • Respond to inquiries, demo requests, and support requests
  • Send technical notices, updates, security alerts, and administrative messages
  • Communicate about products, services, and events you have asked about
  • Measure and analyze website usage (only with your consent for analytics cookies)
  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Comply with legal obligations

4. Cookies and Analytics

On a first visit we set no analytics cookies. We use Google Analytics only after you choose “Accept all” in our cookie banner. If you choose “Reject all,” dismiss the banner, or never respond, no analytics cookies are set. You can change your choice at any time using the link in the footer of every page. Strictly necessary cookies required for the site to function are always permitted.

5. How We Share Information

We do not sell your personal information for money. We may share it with:

  • Service providers that perform services on our behalf (for example, hosting and analytics), under contracts that limit their use of the data
  • Legal authorities when required by law or to protect our rights
  • A successor in connection with a merger, acquisition, or sale of assets
  • Others with your consent or at your direction

Some US state laws define the use of analytics and advertising cookies as a “sale” or “sharing” of personal information. To the extent our use of Google Analytics qualifies, you can opt out as described in Section 6.

6. Do Not Sell or Share My Personal Information

We do not sell your personal information for money, and we do not share it for cross-context behavioral advertising. The only sharing that may fall under state “sale/share” definitions is our use of analytics cookies, which are off by default. To opt out, simply do not accept analytics cookies, or withdraw a prior acceptance, using the link in the site footer. You may also submit a request using the methods in Section 7.

7. Your US State Privacy Rights

Depending on your state of residence, you may have rights under laws such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and the comprehensive privacy laws of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Texas (TDPSA), among others.

Categories of personal information

In the past 12 months we have collected the following categories from website visitors: identifiers and contact details; professional or employment-related information; internet and electronic network activity (such as pages viewed); and approximate geolocation derived from IP address. We disclose these categories to our hosting and analytics service providers for the business purposes described in Section 3. We do not collect sensitive personal information from website visitors, and we do not knowingly sell or share personal information beyond the analytics use described in Section 6.

Your rights

Subject to your state’s law and verification, you may have the right to:

  • Know and access the personal information we hold about you
  • Correct inaccurate personal information
  • Delete personal information we collected from you
  • Opt out of any “sale” or “sharing” of personal information and of targeted advertising (see Section 6)
  • Data portability — receive a copy of your information in a portable format
  • Non-discrimination — we will not deny services, charge a different price, or provide a different level of service because you exercised your rights

How to exercise your rights

You can submit a request using either of these two methods:

You may use an authorized agent to submit a request on your behalf. We will verify your identity before acting on a request, and we will respond within the timeframe required by your state’s law.

Right to appeal

If we decline your request, you may appeal our decision by replying to our written response or by contacting us again using either method above and noting that you are submitting an appeal. We will respond to your appeal within the period required by applicable law. If your appeal is denied, you may contact your state attorney general.

8. Data Retention

We keep personal information only for as long as needed for the purposes described in this policy, then delete or de-identify it. In general:

  • Form submissions and inquiries (demo, contact, application leads) are retained for up to 24 months after our last interaction with you, unless a longer period is needed to meet a legal or contractual obligation.
  • Website analytics data is retained according to our Google Analytics configuration and then automatically expired.
  • Customer platform data is retained for the term of the customer agreement and deleted or returned afterward as set out in that agreement.

Where we cannot state an exact period, we determine retention based on the sensitivity of the data, the purpose for which it was collected, and applicable legal, tax, and recordkeeping requirements.

9. Data Security

We implement technical and organizational safeguards, including encryption, access controls, secure storage, and regular assessments. However, no method of transmission or storage is 100% secure.

10. HIPAA and Protected Health Information

HIPAA applies to the data our customers process through the platform, not to ordinary website visitors. When we handle Protected Health Information (PHI) on behalf of a covered entity, we act as a Business Associate and enter into a Business Associate Agreement (BAA) that governs how that PHI may be used and disclosed. Browsing this website, requesting a demo, or contacting us does not create a HIPAA relationship and does not make your contact information PHI.

11. Confidentiality

We treat non-public information you provide to us as confidential and use it only to deliver and support our services. We protect such information with reasonable safeguards consistent with industry standards. Confidential information does not include information that is publicly available, lawfully obtained from another source without restriction, or independently developed by us.

12. Data Storage and Processing Location

Sevana Health is a US company, and our website and platform are hosted in the United States on Microsoft Azure. We process and store data in the United States. We do not direct our website or services to individuals in the European Union, the United Kingdom, or other regions whose laws require additional cross-border transfer mechanisms. If our practices change, we will update this section to describe the safeguards we use.

13. Children’s Privacy

Our services are not directed to individuals under 18, and we do not knowingly collect their information.

14. Changes to This Privacy Policy

We may update this Policy from time to time. Changes will be posted with an updated “Last Updated” date.

15. Contact Us

Sevana Health
Fort Lauderdale, FL
Phone: (954) 698-4703
Email: support@sevanahealth.com
Contact form: sevanahealth.com/contact

16. Security and Incident Reporting

Sevana Health takes the security and confidentiality of information seriously. If you believe you have identified a security vulnerability, incident, or privacy concern affecting Sevana Health systems, data, or services, please notify our security team at:

This inbox is monitored by our security team, and all reports are investigated in accordance with our Security Incident Response Plan.