Privacy Policy
Last Updated: April 17, 2025
This Privacy Policy explains how Avelis, Inc. ("Avelis", "we", "us", or "our") collects, uses, stores, and protects personal and medical billing information ("Personal Information") when you engage with our services. This Privacy Policy applies to our websites, the Avelis platform, and any related services, including our medical bill review and negotiation services ("Services"). By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Information We Collect
A. Information You Provide Directly
Account Information: When you create an account or update your profile, we collect information such as your name, email address, contact details, and other identifying information.
Medical and Billing Information: In connection with our Services, you may provide medical billing data, including details from your medical bills that are necessary for us to review and negotiate charges on your behalf.
Communication Information: We collect the contents of your communications with us, including emails, support inquiries, and other correspondence.
Payment information – cardholder name, last four digits, expiration date, and billing address.
B. Automatically Collected Information
Usage Data: We automatically collect information regarding your use of our Services, such as device type, browser type, IP address, access times, and pages viewed.
Technical Data: Information about your device and operating system is collected to ensure proper delivery and operation of our Services.
2. How We Use Your Information
We use your Personal Information for the following purposes:
Provision and Improvement of Services: To review, analyze, and negotiate your medical bills, including identifying billing errors and disputing overcharges.
Communication: To respond to your inquiries, provide support, and send you service-related communications.
Billing and Payment Processing: To process payments for any fee-based features of our Services.
Data Analysis and Research: To analyze user behavior and improve the functionality, performance, and security of our Services.
Compliance: To comply with applicable laws and regulations, including those governing the protection of health information, such as HIPAA.
3. Data Sharing and Disclosure
We do not sell or rent your Personal Information. We may share your information under the following circumstances:
Service Providers: With third-party vendors and contractors who assist in the operation and improvement of our Services, provided that they are bound by confidentiality obligations.
Payment processors (Stripe): We share limited financial data—card type, last four digits, expiration date, billing address, transaction amount, and related metadata—with Stripe, Inc. solely to process payments, prevent fraud, and satisfy legal or regulatory requirements. Stripe’s use of your data is governed by its own privacy policy.
Legal Requirements: When required by law, regulation, or legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the relevant third party under terms that protect your privacy.
Health Information: When handling medical billing data and Protected Health Information (PHI), any disclosure is subject to applicable privacy and security regulations.
4. Data Security
Avelis, Inc. employs appropriate technical, administrative, and physical safeguards to protect your Personal Information from unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to:
Encryption: Data is encrypted during transmission and, where applicable, at rest.
Access Controls: Access to Personal Information is restricted to authorized personnel who require the information to perform their duties.
Regular Monitoring: Our systems are continuously monitored for potential security breaches.
Incident Response: In the event of a data breach involving unsecured PHI, we will notify affected individuals and relevant authorities as required by law.
5. Data Retention
We retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, to comply with legal obligations, or as otherwise permitted by law. When your information is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies.
6. Your Rights and Choices
You have the following rights regarding your Personal Information:
Access and Correction: You may request access to or correction of your Personal Information by contacting us.
Data Deletion: You may request deletion of your Personal Information, subject to any legal or contractual obligations that require us to retain certain information.
Opt-Out: Where applicable, you may opt out of receiving promotional communications from us by following the instructions in those communications.
Data Portability: Upon request, and where technically feasible, we may provide you with your Personal Information in a structured, commonly used, and machine-readable format.
7. Compliance with Health Information Regulations
Avelis, Inc. is committed to complying with all applicable laws and regulations regarding the protection of health information, including HIPAA. When processing PHI as part of our Services, we adhere to strict policies and procedures designed to protect such information and ensure its confidentiality, integrity, and availability.
8. Changes to This Privacy Policy
Avelis, Inc. may update this Privacy Policy from time to time. We will post the updated Privacy Policy on our website with the new effective date. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
9. Contact Information
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: privacy@avelis.co
