RevenueVitals

Privacy Policy

Effective date: March 10, 2026

RevenueVitals ("we," "us," or "our") operates the revenuevitals.ai platform (the "Service"). This Privacy Policy describes how we collect, use, share, and protect information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, practice name, role, and authentication credentials. If you sign in via Google SSO, we receive your name, email, and profile picture from Google.

Revenue and Billing Data

When you connect your EMR or upload data files, we receive revenue cycle data including charges, payments, adjustments, collections, payer information, provider identifiers, CPT codes, facility identifiers, and related billing metadata. This data may include protected health information ("PHI") such as patient names, dates of service, and diagnosis codes that appear on billing records.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, queries submitted to our AI assistant, timestamps, browser type, device information, and IP address.

Cookies and Tracking

We use cookies, local storage, and similar technologies to maintain your session, remember preferences, and understand how the Service is used. We may use third-party analytics services (such as Google Analytics) that set their own cookies.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service — process your data, generate dashboards, respond to AI-powered queries, and deliver analytics.
  • Improve and develop the Service — analyze usage patterns, identify trends, train and improve our AI models, develop new features, and optimize performance. This includes using aggregated or de-identified data derived from your use of the Service.
  • Generate benchmarks and insights — create anonymized, aggregated benchmarks and industry analytics from data across our customer base. Individual customer data is never identifiable in benchmarks.
  • Communicate with you — send service announcements, respond to support requests, and provide product updates.
  • Ensure security and compliance — detect fraud, enforce our terms, and comply with legal obligations.
  • Process data with AI and machine learning — your queries and associated data context are processed by large language models (LLMs) provided by third-party AI providers (currently Anthropic and OpenAI) to power our AI Q&A features. We send only the minimum data context necessary to answer your query. See Section 6 for more details.

3. Legal Basis for Processing

We process your information based on: (a) your consent when you create an account and use the Service; (b) the necessity of processing to perform our contract with you; (c) our legitimate business interests in improving and securing the Service; and (d) compliance with legal obligations.

4. How We Share Your Information

We may share your information with:

  • Service providers — cloud hosting (Supabase, Vercel), AI model providers (Anthropic, OpenAI), analytics providers, and other vendors who process data on our behalf under contractual obligations.
  • Aggregated or de-identified data — we may share anonymized, aggregated analytics and benchmarks that cannot reasonably be used to identify you or your patients.
  • Legal requirements — we may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers — in connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.
  • With your consent — we may share information for purposes not described here with your explicit consent.

We do not sell your personal information or your practice's revenue data to third parties.

5. HIPAA and Healthcare Data

We understand that some data you provide may constitute protected health information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA"). For customers who are HIPAA-covered entities or business associates, we offer a Business Associate Agreement ("BAA"). Please contact us at privacy@revenuevitals.ai to execute a BAA before uploading data that contains PHI.

We implement administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of any PHI we process, consistent with HIPAA requirements.

6. AI and Large Language Model Processing

Our Service uses third-party large language models (LLMs) to power AI-driven analytics and natural language Q&A features. When you submit a query, we may transmit relevant portions of your data to our AI providers for processing. Key points:

  • We use API-based access to AI models. Our AI providers' API terms generally provide that customer data submitted via API is not used to train their models.
  • We transmit only the data context necessary to answer your specific query — not your entire dataset.
  • We may use your queries and interaction patterns (with data de-identified) to improve our own query classification and response systems.
  • You can review our current AI sub-processors by contacting us.

7. Data Security

We employ industry-standard security measures including encryption in transit (TLS 1.2+) and at rest, access controls, audit logging, and regular security assessments. While no system is 100% secure, we are committed to protecting your data using commercially reasonable safeguards appropriate for healthcare-adjacent financial data.

8. Data Retention

We retain your account information and uploaded data for as long as your account is active or as needed to provide the Service. After account termination, we may retain data for up to 12 months for operational purposes (e.g., backups, compliance, dispute resolution) before deletion. Aggregated, de-identified data derived from your use may be retained indefinitely.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information (subject to legal and contractual retention requirements)
  • Export your data in a portable format
  • Opt out of marketing communications
  • Withdraw consent (where processing is based on consent)

To exercise any of these rights, contact us at privacy@revenuevitals.ai.

10. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: