Privacy Policy

Last Updated: [December 14, 2024]

Welcome to Evva Health Inc. (“Evva,” “we,” “us,” or “our”). This Privacy Policy describes how we collect, use, disclose, and protect your personal information (including certain health-related data) in connection with your use of our healthcare and wellness application, evva360 (the “App”), and our website, evva360.com (together with the App, our “Services”). Evva Health Inc. is headquartered in Atlanta, Georgia. Our goal is to deliver a secure and helpful platform to enhance your health and wellness journey, with due consideration for HIPAA (Health Insurance Portability and Accountability Act) requirements.

By using our Services, you acknowledge and agree to the collection and use of your personal information as described in this Privacy Policy. If you do not agree with these practices or this Policy, please do not use our Services.

Summary

  • What We Collect: We gather info like your name, contact details, and health data if you choose to share it.
  • How We Use It: We use this info to provide our wellness services, improve our features, and communicate with you.
  • Your Data Safety: We use safeguards like encryption and secure servers, but no system is 100% safe.
  • No Selling Data: We do not sell your personal or health data to third parties for marketing.
  • Your Choices: You can access, correct, or request deletion of your data, and opt out of certain communications.

1. Scope of This Policy

  1. Applicability. This Privacy Policy applies to the personal information collected through evva360.com, our mobile App, or any related websites, SMS, APIs, email, or other online products and services that link to this Policy.
  2. Third-Party Integrations. Our Services may contain links to third-party services or websites that we do not own or control. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of those external websites and services.
  3. HIPAA Notice. If you choose to provide health-related information through the App or our website, we strive to maintain compliance with HIPAA where applicable. However, you understand and accept the inherent risks of transmitting sensitive health information online, including but not limited to the risk of data breaches or unauthorized access. While Evva implements reasonable security measures, no platform is entirely infallible.

2. Information We Collect

We may collect several types of information from and about you, including:

2.1 Information You Provide Directly

  1. Registration/Account Information. When you sign up for an Evva360 account, we may collect personal identifiers such as your name, email address, phone number, mailing address, and any additional optional information you choose to provide.
  2. Health & Wellness Data. Our Services focus on health and wellness. You may voluntarily provide us with information about your health conditions, dietary habits, exercise routines, or other information related to your physical or mental well-being (“Protected Health Information” or “PHI” under HIPAA). Sharing such data is optional; however, certain features of the Services may only be available if you provide this type of information.
  3. User Communications. If you contact us (e.g., via email at info@evva360.com, or through the App’s messaging features), we may retain the content of your messages, your email address, and our responses.
  4. Payment Information. If there are paid components to our Services (e.g., premium features), we may collect your payment details, billing address, and other necessary financial data. Please note that we typically use a third-party payment processor and do not store full payment card details.

2.2 Information Collected Automatically

  1. Device and Usage Data. We automatically collect certain information about your device and usage of the Services, such as:
    • IP address, browser type, operating system, device type, unique device identifiers, App version, and the date/time of your visits.
    • Referring URLs, pages viewed, links clicked, and other navigation details.
    • Mobile-specific data if you access our Services from a mobile device.
  2. Cookies and Similar Technologies. We may use cookies, web beacons, local storage, and other technologies to:
    • Remember user preferences and session data.
    • Keep you logged into your account.
    • Analyze site performance and usage trends.
    • Serve necessary functionality on our Services.

You can manage your cookie preferences via your browser settings, though disabling cookies may affect the functionality of certain features.

2.3 Information from Third Parties

  1. Service Providers and Partners. We may receive limited information about you from analytics providers, hosting providers, or other third-party vendors who assist us in delivering and improving our Services.
  2. Healthcare Providers (if Integrated). If you choose to integrate our Services with healthcare providers or other wellness services under HIPAA-compliant frameworks, we may receive additional health data about you, subject to a valid authorization or BAA (Business Associate Agreement).

3. HIPAA Compliance and Disclaimer

  1. Covered Entity / Business Associate. Evva may act as a “Business Associate” under HIPAA if we receive PHI from a Covered Entity (e.g., healthcare provider or insurer) under a valid BAA. In these scenarios, we will handle PHI in accordance with HIPAA standards.
  2. Not a Medical Provider. Evva is not a healthcare provider. Our Services do not constitute medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional for any medical questions or emergencies.
  3. User Acceptance of Risk. While we strive to maintain HIPAA compliance and adopt reasonable security safeguards, you acknowledge that no system is 100% secure. By using our Services to share or store PHI, you expressly assume the risk of unauthorized disclosure or data breaches beyond our reasonable control.

4. How We Use Your Information

We use your information (including PHI where applicable) for the following purposes:

  1. To Provide and Maintain Our Services.
    • Create and manage your user account.
    • Facilitate secure chat, personalized recommendations, or goal tracking within the App.
    • Monitor the technical functionality and quality of our Services.
  2. To Improve Our Services.
    • Conduct analytics to understand how you interact with our Services.
    • Develop new features, products, or services based on user feedback.
    • Evaluate and optimize our algorithms for health and wellness insights.
  3. To Communicate with You.
    • Respond to your inquiries or customer support requests.
    • Send service-related announcements, updates, security alerts, or administrative messages.
    • Provide information about changes to our Terms or Privacy Policy.
  4. Legal Compliance and Protection.
    • Comply with legal requirements, regulatory obligations, and law enforcement requests.
    • Investigate suspicious activity, security incidents, or violations of our Terms of Service.
    • Defend our legal rights or enforce our agreements.

We do not sell or lease your personal information—including PHI—to third parties for marketing purposes.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law. Factors influencing our retention periods include:

  • Nature of the Data. The type of personal information and sensitivity of the data.
  • Business Needs. Ongoing business relationships, potential disputes, and enforcement of our agreements.
  • Legal Obligations. Compliance with record-keeping requirements and applicable regulations.

When we no longer need your information for legitimate business or legal reasons, we will securely dispose of or de-identify the information.

6. Data Security

  1. Security Measures. We employ reasonable administrative, technical, and physical safeguards (including encryption in transit and at rest where feasible, access controls, and auditing) designed to protect personal information and PHI from unauthorized access, use, or disclosure.
  2. No Absolute Guarantee. Despite our efforts, no method of electronic storage or transmission is completely secure. By using our Services, you acknowledge and accept the inherent security risks, including the risk of hacking, data breaches, or other unauthorized access events. Evva is not liable for damages arising out of any such incidents beyond our reasonable control.
  3. User Responsibilities. You are responsible for maintaining the confidentiality of your account login credentials and for restricting access to your devices. We recommend that you choose a strong, unique password and keep your login information secure at all times.

7. Sharing and Disclosing Your Information

We may share or disclose your personal information in the following circumstances and in compliance with applicable HIPAA regulations where applicable:

  1. With Service Providers. We may share personal information with trusted third-party vendors who perform services on our behalf, such as:

    • Cloud hosting providers
    • Analytics services
    • Customer support platforms
    • Payment processors (if applicable)

    These vendors are contractually obligated to protect personal information and use it only for the services requested.

  2. Business Transfers. If Evva engages in or is subject to a merger, acquisition, restructuring, or sale of all or a portion of its assets, your personal information may be transferred. We will notify you via email or prominent notice on our website if any such transaction occurs.

  3. Legal Obligations. We may disclose personal information if required by law, subpoena, court order, or governmental regulation. We may also disclose information if we believe in good faith that such disclosure is necessary to:

    • Protect our rights, property, or safety or the rights, property, or safety of others.
    • Detect or prevent fraudulent, malicious, or illegal activity.
    • Enforce our Terms of Service or other agreements.

  4. Aggregated or De-Identified Data. We reserve the right to create aggregate or de-identified data from personal information by removing identifiable components. We may use and share this aggregated, de-identified data for lawful business purposes, such as research, analytics, product improvements, or marketing. This data does not identify you personally.

Important: We do not sell your data to third parties for advertising or marketing.

8. International Data Transfers

  1. Location of Servers. Our servers or those of our third-party service providers may be located in the United States or other jurisdictions. By using our Services, you consent to the transfer, storage, and processing of your information in the United States or other countries where our service providers operate.
  2. Data Protection Standards. Different countries may have data protection laws that differ from the laws in your jurisdiction. We take steps to ensure your data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed.

9. Children’s Privacy

  1. Minimum Age. Our Services are not intended for individuals under the age of 18. If you are under 18, please do not submit any personal information to us.
  2. No Intentional Collection. We do not knowingly collect personal information from minors under 18. If you become aware that a child under 18 has provided us with personal information, please contact us at info@evva360.com. We will work to delete the information and terminate any associated accounts.

10. Your Choices and Rights

  1. Access and Correction. You may request access to or corrections of your personal information by contacting us at info@evva360.com. Depending on your jurisdiction, you may have certain legal rights regarding your personal data.
  2. Deletion. You can request that we delete your personal information. We will comply with your request to the extent required by law, subject to any legal obligations to retain data. Note that deleting your data may affect your ability to use certain features of our Services.
  3. Opt-Out of Communications. You may opt out of promotional email communications from us by following the unsubscribe link in those emails. You will continue to receive transactional or administrative messages related to our Services (e.g., changes to this Privacy Policy, security alerts, or account-related communications).
  4. Cookies. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Disabling cookies may affect the functionality of our Services.

Please note that if you request the deletion or restriction of your personal information, certain aspects of our Services may no longer be available to you.

11. Data Breach Response

  1. Incident Response. We maintain a data breach response plan designed to promptly investigate and respond to potential security incidents. This plan includes procedures to:
    • Identify and assess the severity of a breach.
    • Contain or mitigate the incident.
    • Notify affected individuals and relevant authorities if required by law.
  2. Notification. In the event of a data breach involving your personal information, we will notify you and the appropriate authorities as mandated by applicable law.

12. Do Not Track Signals

Our Services do not respond to “Do Not Track” (DNT) browser signals at this time. You can typically configure your web browser to send a DNT signal, but many websites may not respond to it. To learn more about DNT, visit http://www.allaboutdnt.com/.

13. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time. If we make material changes, we will provide notice (e.g., by email or through a prominent notice on our Services) before the changes become effective. The date at the top indicates when this Privacy Policy was last revised. Your continued use of our Services after any changes or revisions to this Privacy Policy indicates your agreement with the terms of the revised Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us via:

We strive to respond to your inquiries and address your concerns promptly.

Disclaimer: This Privacy Policy is intended to provide a general outline of our practices and is not legal advice. For specific legal advice or if you have questions regarding compliance with HIPAA or other laws, you should consult with an attorney or compliance expert. By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.