Privacy Policy

1. Introduction

VETRIQ ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website at vetriq.com (the "Website"), use our healthcare revenue cycle automation platform (the "Platform"), or otherwise interact with us.

VETRIQ provides healthcare lockbox automation services, including EOB processing, correspondence routing, and bank reconciliation. We understand the sensitive nature of healthcare and financial data and are committed to maintaining the highest standards of privacy and security.

By accessing or using our Website or Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Scope of This Policy

This Privacy Policy applies to:

• Visitors to our Website
• Individuals who request information about our services
• Individuals who schedule demos or communicate with us
• Business contacts and prospective customers
• Job applicants

Important: This Privacy Policy does NOT apply to Protected Health Information (PHI) that we process on behalf of our healthcare customers. PHI is governed by our Business Associate Agreements (BAAs) with our customers and applicable healthcare privacy laws, including HIPAA. See Section 3 below for more information.

3. Protected Health Information & HIPAA

3.1 Our Role as a Business Associate

VETRIQ processes Protected Health Information (PHI) solely as a "Business Associate" under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). When we handle PHI on behalf of our customers (healthcare providers, health systems, physician groups, and RCM companies), we do so under the terms of Business Associate Agreements (BAAs) that we execute with each customer.

3.2 How We Handle PHI

PHI processed through our Platform may include:

• Patient names and demographic information
• Claim numbers and dates of service
• Service line details and amounts
• Explanation of Benefits (EOB) documents
• Medical records requests and correspondence
• Denial letters and appeal documentation
• Payment and remittance information

3.3 PHI is Not Governed by This Policy

The handling of PHI is governed by:

• Our Business Associate Agreements with customers
• HIPAA Privacy Rule
• HIPAA Security Rule
• HIPAA Breach Notification Rule
• The HITECH Act
• Applicable state healthcare privacy laws

For questions about PHI: If you are a patient with questions about how your health information is handled, please contact your healthcare provider directly. Your provider's Notice of Privacy Practices will explain how your PHI may be used and disclosed.

3.4 HIPAA Compliance

VETRIQ maintains comprehensive HIPAA compliance, including:

• Execution of Business Associate Agreements with all customers
• Administrative, physical, and technical safeguards for PHI
• Workforce training on HIPAA requirements
• Incident response procedures with breach notification within required timeframes
• Regular risk assessments and security audits

4. Information We Collect

4.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, company name, job title
• Account Information: Username, password, and account preferences
• Communication Data: Information you provide when you contact us, request a demo, or respond to surveys
• Business Information: Company details, role, and information about your healthcare organization
• Job Application Data: Resume, employment history, education, and other information submitted through our careers page

4.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information, including:

• Device Information: Browser type, operating system, device type, screen resolution
• Usage Data: Pages viewed, time spent on pages, click patterns, referring URLs
• Network Information: IP address, internet service provider, general geographic location
• Technical Data: Cookies, pixel tags, and similar tracking technologies (see Section 7)

4.3 Information from Third-Party Sources

We may receive information about you from third parties, including:

• Business partners and referral sources
• Marketing and lead generation partners
• Publicly available sources (LinkedIn, company websites)
• Analytics providers

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Service Delivery

• Provide, maintain, and improve our Platform and services
• Process and respond to your inquiries and demo requests
• Create and manage your account
• Provide customer support and technical assistance

5.2 Communication

• Send you service-related communications and updates
• Respond to your comments, questions, and requests
• Send marketing communications (with your consent where required)
• Provide newsletters and educational content

5.3 Analytics and Improvement

• Analyze usage patterns to improve our Website and Platform
• Conduct research and development
• Monitor and analyze trends, usage, and activities
• Personalize your experience

5.4 Security and Compliance

• Protect against unauthorized access and fraud
• Enforce our terms of service and other policies
• Comply with legal obligations and regulatory requirements
• Respond to lawful requests from public authorities

5.5 Business Operations

• Process job applications and manage recruitment
• Manage business relationships and contracts
• Conduct business planning and forecasting

6. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

6.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

• Cloud infrastructure providers (Microsoft Azure)
• Analytics and monitoring services
• Customer relationship management tools
• Email and communication services
• Security and fraud prevention services

These service providers are contractually obligated to use your information only for the purposes of providing services to us and to maintain appropriate security measures.

6.2 Business Transfers

In connection with any merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to a successor entity. We will notify you of any such change in ownership or control.

6.3 Legal Requirements

We may disclose your information when required by law or in response to:

• Court orders, subpoenas, or other legal processes
• Requests from law enforcement or government agencies
• To protect our rights, property, or safety
• To prevent fraud or other illegal activities

6.4 With Your Consent

We may share your information for other purposes with your explicit consent.

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

We use the following categories of cookies and similar technologies:

7.2 Third-Party Analytics

We use third-party analytics services, including Google Analytics, to collect and analyze information about how visitors use our Website. These services may use cookies and similar technologies to collect information about your online activities.

7.3 Your Cookie Choices

You can manage your cookie preferences through:

• Browser Settings: Most browsers allow you to refuse or delete cookies
• Opt-Out Tools: Google Analytics Opt-Out
• Industry Opt-Out: Network Advertising Initiative and Digital Advertising Alliance

7.4 Do Not Track Signals

Our Website does not currently respond to "Do Not Track" (DNT) browser signals. However, we honor Global Privacy Control (GPC) signals where required by applicable law.

8. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

• Account Information: Retained while your account is active and for a reasonable period thereafter
• Communication Records: Up to 3 years after last interaction
• Marketing Data: Until you opt out or request deletion
• Analytics Data: Up to 24 months
• Legal and Compliance Records: As required by applicable law (typically 5-7 years)

8.2 PHI Retention

Retention of Protected Health Information processed on behalf of our customers is governed by our Business Associate Agreements, HIPAA requirements, and customer instructions. We do not retain PHI longer than necessary for the purposes for which it was provided.

9. Data Security

We implement robust administrative, technical, and physical safeguards to protect your information. Our security measures include:

9.1 Technical Safeguards

• Encryption: AES-256 encryption for data at rest; TLS 1.2+ for data in transit
• Zero-Trust Architecture: Identity-based access controls with continuous verification
• Network Security: Firewalls, intrusion detection, and network segmentation
• Monitoring: 24/7 security monitoring and automated threat detection

9.2 Administrative Safeguards

• Access Controls: Role-based access with least-privilege principles
• Background Checks: All operations team members undergo background verification
• Training: Regular security awareness training for all employees
• Incident Response: Documented procedures with response time under 60 minutes

9.3 Physical Safeguards

• Infrastructure: SOC 2 certified data centers (Azure)
• Access Control: Physical access restrictions to facilities

9.4 Third-Party Certifications

• SOC 2 Type II: Annual third-party audits verify our security controls across Security, Availability, Processing Integrity, and Confidentiality
• HIPAA Compliance: Full compliance with HIPAA Security Rule requirements

9.5 Service Level Commitments

• 99.9% uptime SLA
• Less than 15 minute incident response time
• 30-day point-in-time disaster recovery

Important: While we implement commercially reasonable security measures, no system is completely secure. We cannot guarantee absolute security of your information.

10. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information:

10.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to certain exceptions
• Portability: Request your data in a portable format
• Opt-Out: Unsubscribe from marketing communications at any time

10.2 Marketing Communications

You can opt out of marketing communications by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at privacy@vetriq.com

Note: You will continue to receive transactional and service-related communications.

10.3 Exercising Your Rights

To exercise any of these rights, please contact us using the information in Section 15. We will respond to your request within the timeframe required by applicable law (typically 45 days). We may need to verify your identity before processing your request.

11. State-Specific Privacy Rights

11.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request information about the categories and specific pieces of personal information we have collected
• Right to Delete: Request deletion of personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Categories of Information Collected: In the preceding 12 months, we have collected the categories of information described in Section 4 of this Policy.

California "Shine the Light" Law: California residents may request information about disclosures to third parties for direct marketing purposes. Contact us at privacy@vetriq.com.

11.2 Virginia, Colorado, Connecticut, and Other State Privacy Laws

Residents of states with comprehensive privacy laws may have similar rights to access, correct, delete, and opt out. Please contact us to exercise your rights under applicable state law.

11.3 Nevada Residents

Nevada residents may opt out of the sale of certain personal information. We do not currently sell personal information as defined by Nevada law, but you may submit an opt-out request to privacy@vetriq.com.

12. Children's Privacy

Our Website and Platform are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you believe we have inadvertently collected information from a child under 16, please contact us immediately at privacy@vetriq.com.

13. International Users

VETRIQ is based in the United States, and our services are primarily directed to users in the United States. If you access our Website or Platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

By using our services, you consent to the transfer of your information to the United States and acknowledge that data protection laws in the United States may differ from those in your country of residence.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Policy
• Provide notice through our Website or by other means as appropriate
• Obtain consent where required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices. Your continued use of our Website or Platform after any changes indicates your acceptance of the updated Policy.

15. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our privacy practices, please contact us:

For general inquiries, you may also contact:

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.