INVIAH – Privacy Policy - Patients

Last Updated: March 13, 2026

1. INTRODUCTION

INVIAH (“we,” “our,” “the platform”), as a business associate of your medical provider, is committed to protecting the privacy, confidentiality, and security of all users of the INVIAH Platform.

This Privacy Policy explains:

  • What information we collect
  • How we use and store it
  • When we may share it
  • Patient rights and choices
  • HIPAA, federal, and state compliance

This policy applies to all use of the INVIAH app, website, and related services.

2. INFORMATION WE COLLECT

INVIAH collects only the minimum information necessary to coordinate your medical visits safely.

2.1 Personal Information

Includes:

  • Full name
  • Date of birth
  • Phone number
  • Email address
  • Residential address
  • Emergency contact information

2.2 Personal Health Information (PHI)

Collected to coordinate medical visits:

  • Medical history
  • Symptoms and chief complaints
  • Vital signs
  • Medication lists
  • Images or documents uploaded for clinical evaluation
  • Provider visit notes
  • Pre-operative or consultation materials

PHI is protected under HIPAA.

2.3 Device & Technical Information

Collected automatically:

  • IP address
  • Device type
  • Operating system
  • Browser information
  • App version
  • Diagnostic and crash data

2.4 Location Information – as determined by Patient

Used for:

  • Routing providers to Patient’s desired location
  • Safety verification
  • Emergency 911 redirection

Users may disable location sharing, but certain features will not function.

Location information is not stored by INVIAH.

2.5 Payment Information

Processed securely by third-party, PCI-compliant payment processors:

  • Billing name
  • Last 4 digits of card
  • Transaction timestamps

INVIAH does not store or process full credit card numbers.

3. HOW WE USE INFORMATION

3.1 To Provide Medical Visit Coordination

Including:

  • Matching Patient with providers
  • Facilitating communication
  • Dispatching providers to a verified Patient-selected location
  • Managing scheduling and visit logistics

3.2 For Safety and Compliance

Including:

  • Fraud prevention
  • Threat or abuse monitoring
  • Mandatory reporting (when legally required)
  • Identifying unsafe home environments

3.3 Platform Functionality & Improvement

  • Fixing bugs
  • Enhancing app performance
  • Improving provider routing
  • Developing new features

3.4 Legal Requirements

INVIAH may use information to:

  • Enforce Terms of Service
  • Comply with HIPAA
  • Comply with federal mandatory reporting laws

4. HOW WE PROTECT INFORMATION

INVIAH follows strict HIPAA security standards:

4.1 Technical Safeguards

  • Encryption of PHI in transit (TLS 1.2+)
  • Encryption at rest (AES-256)
  • Secure authentication and access controls
  • Automatic logoff and session security

4.2 Administrative Safeguards

  • HIPAA training for all authorized personnel
  • Role-based access (minimum necessary rule)
  • Background checks for employees with PHI access
  • HIPAA-compliant Business Associate Agreement in effect between INVIAH and your Provider

4.3 Physical Safeguards

  • Secure server environments
  • Redundant data backup
  • Restricted access to PHI storage systems

5. HOW WE SHARE INFORMATION

INVIAH never sells PHI or personal data.

5.1 Sharing With Healthcare Providers

We share only the information necessary for:

  • Medical evaluation
  • Diagnosis
  • Treatment recommendations

5.2 Sharing With Third-Party Vendors

Only vendors who support platform functions:

  • Payment processors
  • Cloud hosting services
  • SMS/email communication services
  • ID verification partners

Vendors handling PHI must sign a HIPAA Business Associate Agreement (BAA).

5.3 Legal & Safety Disclosures

INVIAH may share information when legally required, including:

  • Suspected child abuse or neglect
  • Imminent threats to life or safety
  • Court orders or legal investigations
  • Reports of illegal activity
  • Mandatory CSAM reporting (18 U.S.C. §2258A)

5.4 Emergency Situations

In life-threatening cases, INVIAH may:

  • Provide information to emergency responders
  • Assist 911 services with accurate location

6. USER RIGHTS

Users have the right to:

6.1 Access Records

Request a copy of your PHI.

6.2 Correct Information

Request corrections to inaccurate data.

6.3 Request Deletion

We honor deletion requests except:

  • Where medical record retention laws apply
  • Where information is required for safety or legal compliance
  • Where data forms part of a medical chart

6.4 Limit Use

Patients may limit certain types of data sharing unless required for treatment or safety.

7. CHILDREN’S PRIVACY (COPPA Compliance)

INVIAH provides non-emergency pediatric services only with a parent or legal guardian present.

We strictly prohibit:

  • Child exploitation
  • Inappropriate images of minors
  • Unauthorized accounts created by minors

Violation triggers law enforcement reporting.

8. DATA RETENTION

Medical records are retained in accordance with state medical retention laws, typically 7–10 years, or longer for pediatric patients.

Diagnostic logs and app data may be retained up to 24 months per Google and Apple requirements.

Location information is not retained by INVIAH.

9. INTERNATIONAL USERS

INVIAH operates within the United States.

All data is stored on U.S.-based HIPAA-compliant servers.

10. THIRD-PARTY LINKS

The app or website may contain links to external services.

INVIAH is not responsible for their privacy practices.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically to reflect:

  • Legal changes
  • HIPAA updates
  • App Store/Google Play requirements
  • New services or features

Continued use of INVIAH indicates acceptance of updated policies.

12. CONTACT

Questions or concerns regarding privacy:

📧 [email protected]

📧 [email protected]

4916-0829-1734