Insurance
Communications
Operations
ELVA Brain
Login to Workspace
Book A Demo
Login to Workspace
Book A Demo

Privacy Policy

Last updated November 13, 2025

A Note on This Policy & HIPAA

Elva Health Technologies ("Elva," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we handle your Personal Information—that is, information we collect from you when you visit our website or when you sign up for and manage your Elva account.

This Privacy Policy does not apply to Protected Health Information ("PHI").

When Elva provides Services to a dental practice (our "Customer"), we are acting as a "Business Associate" under HIPAA. All PHI processed through our Services (e.g., patient names, treatment data, communications) is governed strictly by the Business Associate Agreement (BAA) between Elva and that Customer, not by this Privacy Policy.

If you are a patient of one of our Customers, please review your dental provider's "Notice of Privacy Practices" to understand how your PHI is used and protected.

1. Information We Collect

We collect "Personal Information" about our Customers and website visitors in the following ways:

a) Information You Provide to Us:

  • Marketing & Demo Information: When you request a demo, subscribe to our newsletter, or contact us, you provide your name, email address, phone number, and practice name.
  • Account & Profile Information: When you become a Customer and create an account, we collect your name, email, phone number, username, password, and practice billing information.
  • Payment Information: We use third-party payment processors (e.g., Stripe) to collect and manage your payment card information. We do not store this information on our servers.

b) Information We Collect Automatically:

  • Usage Data: When you use the Services, we automatically collect information about your interactions, such as features used, clicks, time spent, and other user activity.
  • Log and Device Data: We collect log files and device information when you access our Site or Services, including your IP address, browser type, operating system, device identifiers, and pages visited.
  • Cookies and Trackers: We use cookies and similar tracking technologies to analyze trends, administer the Site, track users' movements, and gather demographic information. You can control the use of cookies at the individual browser level.

2. How We Use Your Information

We use the Personal Information we collect for the following purposes:

  • To Provide and Maintain the Services: To set up your account, provide the Services, process payments, and provide customer support.
  • To Communicate with You: To send you service-related and administrative emails (e.g., billing, maintenance, security alerts) and, with your consent, to send you marketing communications (you may opt-out at any time).
  • To Secure and Protect Our Services: To monitor for and prevent fraudulent, illegal, or harmful activity and to ensure the security of our Site and Services.
  • To Improve Our Services and AI: To analyze usage data and trends to understand how our Services are used, to make improvements, and to train our artificial intelligence models. For clarity: We will only use Customer Data (including PHI) for AI training in a de-identified and aggregated form, as permitted by our BAA and HIPAA. We do not use your identifiable data to train models for other customers.

3. How We Share Your Information

We do not sell, rent, or trade your Personal Information. We may share your information in the following limited circumstances:

  • With Service Providers (Sub-processors): We may share your information with third-party vendors who perform services on our behalf, such as cloud hosting (e.g., AWS), payment processing (e.g., Stripe), and communications (e.g., Twilio for SMS). We have agreements in place requiring them to protect your information.
  • With Third-Party Integrations: When you choose to connect your Elva account to a third-party service (e.g., your Practice Management System), we will share your data with that service as instructed by you.
  • For Legal Reasons: We may disclose your information if required by law, subpoena, or other legal process, or if we have a good-faith belief that such disclosure is necessary to protect our rights, your safety, or the safety of others.
  • During a Business Transfer: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

4. Data Security

We implement and maintain reasonable administrative, technical, and physical safeguards to protect the Personal Information we control. We use measures such as encryption, access controls, and secure data storage. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee its absolute security.

5. Data Retention

We will retain your Personal Information for as long as your account is active or as needed to provide you with the Services. We will also retain and use your information as necessary to comply with our legal obligations (including HIPAA retention requirements), resolve disputes, and enforce our agreements.

6. Your Data Privacy Rights

Depending on your location, you may have certain rights regarding your Personal Information:

  • Opt-Out of Marketing: You may opt-out of receiving marketing emails from us at any time by clicking the "unsubscribe" link in the email.
  • Access, Correction, and Deletion: You may have the right to request access to, correct, or delete your Personal Information. Please submit such requests to [privacy@yourcompany.com].
  • Notice to California Residents (CCPA): If you are a California resident, you have the right to know what personal information we collect, use, and disclose. You also have the right to request deletion of your information. We do not "sell" or "share" your personal information as defined by the CCPA. To exercise your rights, please contact us.

7. Children's Privacy

Our Site and Services are not intended for or directed at children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect Personal Information from children. If we learn that we have, we will take steps to delete such information promptly.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

[Your Company Name, Inc.][Your Company Address]Email: [privacy@yourcompany.com]Attn: Privacy Officer