Privacy Policy

1. Introduction

Vareo ("we," "our," or "us") is committed to protecting the privacy and security of your personal information and protected health information (PHI). This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website (vareo.ai) or use our services.

2. Information We Collect

We may collect the following types of information:

• Contact Information: Name, email address, phone number, and organization details provided when you request a demo, contact us, or create an account.
• Healthcare Claims Data: Remittance data (835/ERA files), claim information, payment records, and contracted rates provided by your organization for analysis. This data may contain PHI and is handled in accordance with HIPAA.
• Usage Data: Information about how you interact with our website, including IP address, browser type, pages visited, and referring URL.
• Cookies and Analytics: We use cookies and similar technologies to improve your experience and analyze website usage.

3. How We Use Your Information

• To provide and improve our underpayment detection and recovery services
• To analyze claims data and identify payment discrepancies
• To generate appeals and manage the recovery process
• To communicate with you about our services, including responding to inquiries
• To comply with legal obligations and enforce our agreements
• To improve our website and develop new features

4. HIPAA Compliance

Vareo is fully HIPAA compliant. We execute a Business Associate Agreement (BAA) with every client before any PHI is exchanged or processed. All PHI is handled in strict accordance with the Health Insurance Portability and Accountability Act (HIPAA) and the HITECH Act. We implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI.

5. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data at rest and in transit (AES-256 and TLS 1.2+)
• Access controls and role-based permissions
• Regular security assessments and vulnerability testing
• Full audit trails on all data access and system interactions
• SOC 2 Type II certification (in progress)

6. Cookies & Tracking

Our website uses cookies and analytics tools (including Vercel Analytics) to understand how visitors interact with our site. These tools collect anonymized usage data. You can control cookies through your browser settings. Disabling cookies may affect your experience on our website.

7. Third-Party Services

We may use third-party service providers to assist in operating our platform and delivering our services. These providers are contractually bound to protect your information and are only permitted to use it for the purposes we specify. We do not sell your personal information or PHI to third parties.

8. Data Retention

We retain your information for as long as necessary to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. Claims data and PHI are retained in accordance with applicable healthcare regulations and the terms of our BAA with your organization.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Opt out of marketing communications
• Request a copy of your data in a portable format

For rights related to PHI, please refer to your organization's Notice of Privacy Practices and the terms of our BAA.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website with a revised effective date. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Vareo
Email: privacy@vareo.ai
Web: Schedule a call