Privacy Policy

1. Introduction

Acuvera ("we," "our," or "us") provides an AI-powered medical billing analysis platform that helps patients and healthcare providers detect billing errors, overcharges, and compliance issues. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, the "Service").

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account data: name, email address, password, and role (patient, provider, or administrator).
• Uploaded billing documents: medical bills, Explanation of Benefits (EOBs), itemized statements, and related healthcare billing files you choose to upload for analysis.
• Support inquiries: information you provide when contacting us for support.

2.2 Information Collected Automatically

• Usage data: pages visited, features used, timestamps, and interaction patterns.
• Device information: browser type, operating system, device identifiers, and screen resolution.
• Log data: IP address, access times, and referring URLs.

2.3 Information from Third Parties

We may receive information from authentication providers if you choose to sign in through a third-party service (e.g., Apple Sign-In, Google).

3. How We Use Your Information

• To provide, operate, and improve the Service, including AI-powered billing analysis.
• To create and manage your account.
• To process and analyze uploaded billing documents for errors, overcharges, and compliance issues.
• To communicate with you about your account, updates, and support requests.
• To monitor and analyze usage trends to improve user experience.
• To detect, prevent, and address security issues and fraud.
• To comply with legal obligations.

4. Protected Health Information (PHI) & HIPAA

Uploaded medical billing documents may contain Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). We take the following measures to protect PHI:

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access to PHI is strictly limited to authorized personnel and automated systems required for analysis.
• We do not sell, rent, or share PHI with third parties for marketing purposes.
• Uploaded documents are processed solely for the purpose of billing analysis and are not used to train AI models.
• We maintain administrative, technical, and physical safeguards consistent with HIPAA requirements.
• We will enter into Business Associate Agreements (BAAs) with covered entities as required by HIPAA.

5. Data Sharing & Disclosure

We may share your information only in the following cases:

• Service providers: trusted third-party vendors who assist in operating the Service (e.g., cloud hosting, AI processing), bound by confidentiality agreements.
• Legal compliance: when required by law, regulation, legal process, or governmental request.
• Business transfers: in connection with a merger, acquisition, or sale of assets, with continued protection of your data.
• With your consent: when you explicitly authorize sharing.

We do not sell your personal information or health data to third parties.

6. Data Retention

We retain your account information for as long as your account is active. Uploaded billing documents and analysis results are retained for a reasonable period to provide the Service and may be deleted upon your request. When data is no longer needed, it is securely deleted or anonymized.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data and uploaded documents.
• Data portability: receive your data in a structured, machine-readable format.
• Opt-out: opt out of non-essential communications at any time.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@acuvera.co.

8. Security

We implement industry-standard security measures, including encryption, access controls, secure infrastructure, and regular security assessments. While no system is 100% secure, we are committed to protecting your data to the highest practical standard.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Third-Party Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: