Privacy Policy

This Privacy Policy ("Policy") describes how Cevi Inc ("Cevi," "we," "us," or "our"), located at 16192 Coastal Hwy, Lewes, DE 19958, United States, collects, uses, discloses, and protects personal information when you use our website (cevi.ai) and our AI-powered healthcare operations platform (the "Service"). This Policy applies when Cevi is the Controller of personal data. When Cevi processes data on behalf of customers as a Processor (Business Associate under HIPAA), that processing is governed by our Business Associate Agreement with the customer.

1. Information We Collect

Information you provide

We collect information you provide directly, including: account registration details (name, email address, organization name, phone number), billing information (processed by our payment processor; we do not store full payment card numbers), customer support communications, and any other information you choose to provide.

Information collected automatically

When you visit our website or use the Service, we automatically collect: device information (browser type, operating system, device identifiers), usage data (pages visited, features used, time spent, referring URLs), IP address and approximate location, and log data (access times, error logs, system activity).

Protected health information

In the course of providing the Service to healthcare practices, we process protected health information (PHI) on behalf of our customers as a Business Associate under HIPAA. PHI is governed by our Business Associate Agreement with each customer and is not used for marketing, advertising, or any purpose unrelated to providing the Service.

2. How We Use Information

We use personal information to: provide, maintain, and improve the Service; process transactions and send related information; respond to your requests, comments, and questions; send technical notices, updates, and security alerts; monitor and analyze usage trends to improve user experience; detect, investigate, and prevent fraudulent or unauthorized activity; and comply with legal obligations.

We do not sell your personal information. We do not use personal information for targeted advertising. We do not use PHI for any purpose other than providing the Service under our BAA.

3. How We Share Information

We share personal information only in the following circumstances: with service providers who perform services on our behalf (hosting, analytics, payment processing, customer support) under contracts that restrict their use of the information; with your consent or at your direction; to comply with legal obligations, court orders, or legal process; to protect the rights, property, and safety of Cevi, our users, or the public; and in connection with a merger, acquisition, or sale of assets.

4. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. When Customer Data is no longer needed, we delete or anonymize it within 90 days, unless a longer retention period is required by law.

5. Data Security

We implement administrative, technical, and physical security measures designed to protect personal information, including: encryption of data in transit (TLS 1.2+) and at rest (AES-256), access controls and authentication requirements, regular security assessments and penetration testing, employee training on data protection, and incident response procedures.

6. Your Rights and Choices

All users

You may: update or correct your account information at any time; opt out of marketing communications by following the unsubscribe link in our emails; request deletion of your account by contacting us.

California residents (CCPA/CPRA)

If you are a California resident, you have the right to: know what personal information we collect, use, and disclose; request deletion of your personal information; opt out of the sale or sharing of personal information (we do not sell or share personal information); correct inaccurate personal information; and not be discriminated against for exercising your rights. To exercise these rights, contact us at privacy@cevi.ai.

EU/EEA residents (GDPR)

If you are located in the EU or EEA, you have the right to: access your personal data; rectify inaccurate personal data; erase your personal data; restrict processing; data portability; object to processing; and withdraw consent at any time. Our legal bases for processing are: performance of a contract, legitimate interests, consent, and legal obligations. To exercise these rights, contact us at privacy@cevi.ai.

7. International Data Transfers

Cevi is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US. We rely on Standard Contractual Clauses and other lawful transfer mechanisms for transfers from the EU/EEA. We participate in the EU-US Data Privacy Framework where applicable.

8. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected personal information from a child under 18, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on our website with a revised "Last Updated" date. If we make material changes, we will notify you by email or through the Service.

10. Contact Us

For questions about this Privacy Policy, contact us at: Cevi Inc, 16192 Coastal Hwy, Lewes, DE 19958, United States. Email: privacy@cevi.ai