Privacy Policy

1. Introduction

Aphenos ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare price transparency platform and services.

We process healthcare pricing data from over 786,000 procedures across 33 hospitals to help self-insured employers reduce healthcare costs. Your privacy and data security are our top priorities.

2. Information We Collect

Personal Information

• Contact information (name, email address, phone number, company name)
• Account credentials (username, encrypted password)
• Billing information (processed securely through third-party payment processors)
• Professional information (job title, department, company size)

Usage Information

• Search queries for medical procedures and costs
• Pages visited and features used
• Time spent on platform and engagement metrics
• IP address and device information

Healthcare Data

• Aggregated procedure cost searches (no personal health information)
• Savings calculations and ROI reports
• Hospital and provider comparisons

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide healthcare price transparency and cost comparison services
• Generate savings reports and ROI calculations for your organization
• Improve our platform features and user experience
• Communicate updates, new features, and industry insights
• Ensure platform security and prevent fraud
• Comply with legal obligations and regulatory requirements
• Process affiliate partnerships and referral commissions

4. HIPAA Compliance

While Aphenos handles healthcare pricing data, we are designed to avoid collecting Protected Health Information (PHI). We do not collect, store, or process individual patient health records, medical histories, or treatment information.

For enterprise clients requiring HIPAA compliance, we offer Business Associate Agreements (BAAs) and maintain appropriate administrative, physical, and technical safeguards.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information only in these circumstances:

• Service Providers: Third-party vendors who assist in platform operations (hosting, analytics, payment processing)
• Legal Requirements: When required by law, subpoena, or government request
• Business Transfers: In connection with merger, acquisition, or sale of assets
• Consent: With your explicit permission for specific purposes
• Affiliate Partners: Aggregated, non-identifiable data may be shared with partners

6. Data Security

We implement industry-standard security measures including:

• 256-bit SSL encryption for data transmission
• Encrypted database storage on AWS infrastructure
• Regular security audits and penetration testing
• Access controls and authentication protocols
• Employee training on data security best practices
• Incident response and breach notification procedures

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain user sessions and preferences
• Analyze platform usage and performance
• Personalize content and recommendations
• Track affiliate referrals and conversions
• Prevent fraud and enhance security

You can manage cookie preferences through your browser settings. Note that disabling cookies may limit platform functionality.

8. Your Privacy Rights

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request removal of your personal data
• Portability: Receive your data in a structured format
• Opt-out: Unsubscribe from marketing communications
• Do Not Sell: We do not sell personal information

9. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, request deletion, and opt-out of sale (though we do not sell personal data).

10. Data Retention

We retain personal information for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Typically, account data is retained for the duration of the business relationship plus 7 years for compliance purposes.

11. International Data Transfers

Our services are primarily provided to U.S.-based organizations. If we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or Privacy Shield frameworks.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover such information, we will promptly delete it.

13. Third-Party Links

Our platform may contain links to third-party websites, including affiliate partners. We are not responsible for the privacy practices of these external sites. Please review their privacy policies separately.

14. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Continued use of our services after changes indicates acceptance of the updated policy.

15. Contact Information

For questions about this Privacy Policy or to exercise your privacy rights, contact us at: