Privacy Policy

1. Overview

Taven Health, Inc. ("Taven Health," "we," "us") respects your privacy and is committed to protecting the information you share with us through the Waypoint Intelligence platform ("Platform"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

Healthcare Context

The Waypoint Intelligence platform provides healthcare pricing intelligence derived from publicly available price transparency data. We do not collect, store, process, or transmit protected health information (PHI) as defined under HIPAA through this platform. The data we provide relates to facility pricing — not individual patients.

While we are not a covered entity or business associate under HIPAA for the purpose of this Platform's standard operations, we maintain HIPAA-aligned security practices and are prepared to execute Business Associate Agreements (BAAs) where required by expanded partner engagements.

2. Information We Collect

2.1 Account Information

When you register for a Partner account, we collect:

• Contact details: name, email address, job title, organization name
• Authentication credentials: email and hashed password (stored via Supabase Auth)
• Organization profile: company type, size, use case description

2.2 Usage Analytics

We automatically collect information about how you interact with the Platform:

• Pages viewed, features used, and search queries
• API call patterns and frequency
• Session duration and navigation paths
• Browser type, device type, and operating system
• IP address and approximate geographic location

2.3 Data We Do NOT Collect

• Protected Health Information (PHI)
• Patient records or identifiers
• Insurance policy numbers or claims data
• Social Security numbers or financial account details

3. How We Use Your Information

We never sell your personal information. We do not use your data for advertising or share it with data brokers.

4. Third-Party Services

We use a limited set of third-party services to operate the Platform:

4.1 Supabase

Our backend infrastructure provider. Stores account data, authentication tokens, and application data. Data is hosted in AWS (US regions) with encryption at rest and in transit. Supabase Privacy Policy.

4.2 Google Analytics

We use Google Analytics to understand aggregate Platform usage patterns. IP anonymization is enabled. No personally identifiable information is intentionally transmitted. Google Privacy Policy.

4.3 Vercel

Our hosting provider for the Platform frontend. Vercel processes HTTP requests and may log IP addresses per their infrastructure standards. Vercel Privacy Policy.

We require all third-party service providers to maintain security standards consistent with industry best practices.

5. Cookies and Tracking

5.1 Essential Cookies

We use essential cookies to maintain your authenticated session and store Platform preferences. These are strictly necessary for the Platform to function and cannot be disabled.

5.2 Analytics Cookies

Google Analytics sets cookies to track aggregate usage patterns. These help us understand which features are most valuable and where to invest in improvements.

5.3 No Advertising Cookies

We do not use advertising cookies, retargeting pixels, or any form of ad tracking on the Platform.

5.4 Managing Cookies

You can manage cookies through your browser settings. Disabling essential cookies may prevent the Platform from functioning correctly.

6. Data Retention and Deletion

6.1 Active Accounts

We retain account information and usage data for the duration of your active subscription. Usage analytics are retained for up to 24 months for service improvement purposes, after which they are aggregated and de-identified.

6.2 Account Deletion

You may request account deletion at any time by contacting privacy@tavenhealth.com. Upon receiving a verified deletion request, we will:

• Delete your account and personal information within 30 days
• Remove your data from active systems and backups within 90 days
• Retain only anonymized, aggregate data that cannot be linked to you

6.3 Legal Holds

We may retain data longer if required by law, regulation, or legal proceedings.

7. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: TLS 1.2+ in transit; AES-256 at rest
• Authentication: Secure password hashing (bcrypt) via Supabase Auth
• Access controls: Role-based access with row-level security (RLS)
• Infrastructure: Hosted in SOC 2 Type II compliant environments
• Monitoring: Automated security scanning and anomaly detection

No system is 100% secure. If you discover a security vulnerability, please report it to security@tavenhealth.com.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request that we limit processing of your information
• Objection: Object to certain processing activities

To exercise any of these rights, contact privacy@tavenhealth.com. We will respond within 30 days.

9. Children's Privacy

The Platform is an enterprise B2B service not directed at individuals under 18. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform dashboard and via email. The "Effective Date" at the top of this page indicates when it was last revised.

11. Contact Us

For privacy-related questions, data requests, or concerns:

Taven Health, Inc.
Privacy Inquiries: privacy@tavenhealth.com
Security Issues: security@tavenhealth.com
General: hello@tavenhealth.com
Web: tavenhealth.com