Privacy Policy

Last updated: November 14, 2025

At VProGo, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our insurance verification platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Facility name and NPI number
  • Business address
  • Phone number (optional)

1.2 Payment Information

Payment processing is handled by Stripe. We store:

  • Stripe customer ID
  • Subscription status
  • Credit balance
  • Transaction history

We do NOT store your full credit card numbers. Stripe maintains all payment card details in compliance with PCI-DSS standards.

1.3 Verification Data

When you perform insurance verifications, we collect and store:

  • Patient first name, last name, date of birth
  • Insurance member ID
  • Insurance payer information
  • Verification results (deductibles, co-insurance, eligibility)
  • Date and time of verification
  • User who performed the verification

1.4 Usage Data

We automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Actions taken within the platform
  • Error logs and diagnostic data

2. How We Use Your Information

We use collected information for:

  • Service Delivery: To provide insurance verification services
  • Account Management: To manage your account, subscriptions, and credits
  • Communication: To send service updates, billing notifications, and support responses
  • Improvement: To analyze usage patterns and improve our platform
  • Compliance: To comply with legal obligations and prevent fraud
  • Security: To detect and prevent security threats

3. How We Share Your Information

3.1 Service Providers

We share data with trusted third-party service providers:

  • Stripe: Payment processing
  • Supabase: Database hosting and authentication
  • Vercel: Application hosting
  • Insurance Payers: To perform real-time benefit verifications

3.2 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal process or government requests
  • Enforce our Terms of Service
  • Protect the rights, property, or safety of VProGo, our users, or others
  • Detect, prevent, or address fraud or security issues

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email of any such change.

3.4 With Your Consent

We will share your information with third parties only when you have given us explicit consent to do so.

4. Data Security

We implement industry-standard security measures:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Audit Logs: Comprehensive logging of all data access and changes
  • Regular Backups: Automated daily backups with 30-day retention
  • Security Monitoring: 24/7 monitoring for suspicious activity
  • Penetration Testing: Annual security assessments by third-party experts

5. HIPAA Compliance

While VProGo is not a HIPAA-covered entity, we understand the sensitivity of healthcare data:

  • We implement HIPAA-level security standards
  • We limit PHI storage to only what's necessary for verification
  • We provide Business Associate Agreements for enterprise customers
  • We train staff on healthcare data privacy
  • We conduct regular compliance audits

6. Data Retention

  • Verification Records: 7 years (to comply with healthcare record-keeping requirements)
  • Account Data: Duration of active account plus 2 years
  • Billing Data: 7 years (for tax and accounting purposes)
  • Usage Logs: 90 days

You may request earlier deletion of your data, subject to our legal obligations.

7. Your Privacy Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Data Portability: Receive your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Object: Object to processing of your data for certain purposes

To exercise these rights, contact us at privacy@vprovob.com

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and security
  • Functionality Cookies: Remember your preferences and settings
  • Analytics Cookies: Understand how you use our platform (anonymized)

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

9. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

10. Children's Privacy

VProGo is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us immediately.

11. California Privacy Rights (CCPA)

California residents have additional rights:

  • Know what personal information is collected and how it's used
  • Delete personal information (subject to exceptions)
  • Opt-out of sale of personal information (we do not sell your data)
  • Non-discrimination for exercising privacy rights

12. European Privacy Rights (GDPR)

If you are in the EU/EEA, you have additional protections:

  • Lawful basis for processing (contract, legal obligation, legitimate interest)
  • Right to lodge a complaint with supervisory authority
  • Right to restrict processing
  • Data protection officer contact information available upon request

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via:

  • Email to your registered address
  • Prominent notice on our platform
  • Updated "Last Modified" date at the top of this policy

Continued use of the Service after changes constitutes acceptance of the updated policy.

14. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard contractual clauses approved by EU Commission
  • Adequacy decisions for certain jurisdictions
  • Your explicit consent where required

15. Contact Us

For questions about this Privacy Policy or our privacy practices:

  • Email: privacy@vprovob.com
  • Data Protection Officer: dpo@vprovob.com
  • Mail: East Point Behavioral Health, ATTN: Privacy Officer, Groveland, MA

Your Privacy Matters: We are committed to protecting your privacy and being transparent about our data practices. If you have concerns about how your data is handled, please contact us immediately at privacy@vprovob.com