← Back to home

Privacy Policy

Last updated: 8/14/2025

1. Introduction

Welcome to Rivendell Health ('we,' 'our,' or 'us'). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health insurance disclosure form management service. Given the sensitive nature of health information, we take data protection seriously and implement appropriate measures to ensure your information is secure.

2. Information We Collect

Account Information

When you register for an account, we collect:

  • Name
  • Email address
  • Google account information (when using Google Sign-In)
  • Organization details
  • Professional credentials and broker information

Disclosure Form Information

When you create and manage disclosure forms, we collect:

  • Group legal names and Employer Identification Numbers (EIN)
  • Employee health disclosure information
  • High-risk diagnosis information
  • Signer information (names, titles, email addresses)
  • Electronic signature data and timestamps
  • Form status and completion data

Health Information

Through disclosure forms, we may collect limited health information about employees, including:

  • Presence of specific health conditions
  • High-cost medication usage
  • Hospitalization information
  • Case management participation
  • Other health-related disclosures required for insurance underwriting

Automatically Collected Information

We automatically collect certain information when you use our service:

  • IP address
  • Browser type and version
  • Device information
  • Usage data and analytics
  • Session information

3. How We Use Your Information

We use your information to:

  • Provide and maintain our disclosure form management service
  • Create and manage your account
  • Generate and process disclosure forms
  • Facilitate electronic signatures
  • Send you important updates and notifications about forms
  • Respond to your inquiries and support requests
  • Monitor and analyze usage patterns to improve our service
  • Comply with legal obligations and industry regulations
  • Prevent fraud and ensure platform security

4. Data Sharing and Disclosure

We may share your information in the following situations:

  • With authorized signers: We share disclosure forms with designated signers for review and signature
  • With your consent: We may share your information for any purpose with your explicit consent
  • Service providers: We share data with third-party vendors who assist in providing our services, including Anvil for e-signatures and Cloudflare for document storage
  • Legal requirements: We may disclose information if required by law or valid legal process
  • Business transfers: In connection with any merger, sale, or acquisition
  • Protection of rights: To protect our rights, privacy, safety, or property

We do not sell, rent, or trade your personal health information to third parties for marketing purposes.

5. Third-Party Services

We use the following third-party services that may collect information:

  • Google Sign-In: For authentication services
  • Anvil: For electronic signature processing
  • Cloudflare R2: For secure document storage
  • Payment processors: For handling subscription payments
  • Analytics services: To understand service usage and improve functionality

These services have their own privacy policies governing the use of your information.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal and health information. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and updates
  • Employee training on data protection
  • Secure data storage and backup procedures

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Healthcare Privacy Compliance

While we implement strong security measures, we want to clarify our role in healthcare privacy:

  • We act as a service provider to health insurance brokers
  • Brokers using our service are responsible for compliance with applicable healthcare privacy laws
  • We provide tools to help brokers manage disclosure forms in a secure manner
  • We limit access to health information to authorized users only

8. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specifically:

  • Account information is retained while your account is active
  • Disclosure forms and related data are retained according to industry standards and legal requirements
  • We may retain certain information to comply with legal obligations, resolve disputes, and enforce agreements

9. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain processing of your information
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, please contact us using the information provided below.

10. Children's Privacy

Our service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate measures to ensure your information remains protected in accordance with this Privacy Policy.

12. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the 'Last updated' date. For material changes, we will provide additional notice through email or the service itself.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: hey@rivendell.health

Address: 895 Broadway, 5th Floor, New York, NY 10003

You may also contact us to request access to, correct, or delete any personal information that you have provided to us.