AVA Privacy Policy

Effective Date: September 30, 2025
AVA ("we," "our," "us") is a software-as-a-service (SaaS) platform for clinic management. We provide electronic medical record (EMR) services to clinics and enable patients to access and manage their health information. We are committed to protecting your privacy and ensuring the confidentiality and security of your personal information.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services. It also includes details required under the Google API Services User Data Policy.

1. Who We Are

AVA is a clinic management platform that allows:
  • Clinic owners and practitioners (our subscribers) to manage their clinic operations, including maintaining patient medical records.
  • Patients to create free accounts to access their medical records, book appointments, and interact with their clinics.

2. Information We Collect

We collect the following types of information:
a. Information you provide directly
  • Clinic owners & practitioners: name, email, contact details, clinic information, payment information (for subscriptions).
  • Patients: name, email, date of birth, contact details, and any medical or health information you provide through the platform.
b. Login credentials
  • We support login via email and password.
c. Information from integrations (Google Data)
If you are a practitioner, you may choose to sign up or log in using our Google App. This may provide us with access to certain Google user data, specifically:
  • Basic account profile information (name, email address).
We do not access or request sensitive Google user data such as contacts, calendar events, documents, or files.
d. Automatically collected information
  • Device and browser information, IP address, and usage data when you access our platform.

3. How We Use Your Information

We use your information to:
  • Provide, operate, and improve our platform and services.
  • Facilitate clinic-patient communication.
  • Maintain secure electronic medical records.
  • Process subscription payments (for clinic owners).
  • Respond to inquiries and provide customer support.
  • Authenticate users who choose to sign in with Google.
  • Comply with HIPAA and other legal obligations.
Google user data is used solely for authentication and account creation purposes and is not used for advertising or profiling.

4. How We Share Your Information

We do not sell or rent your personal data.
We may share information as follows:
  • With clinics: Patients' personal and health information may be shared with their registered clinics for treatment, payment, and healthcare operations.
  • With service providers: Third-party vendors who help us deliver services (e.g., hosting, payment processing, analytics), subject to HIPAA-compliant agreements.
  • With Google: We do not share your Google user data with any third parties. Your Google account information is used only within AVA for login and identification.
  • For legal reasons: If required by law, regulation, legal process, or government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets.

5. Data Storage & Protection

We implement industry-standard measures to protect your data, including:
  • Encryption of PHI and Google user data at rest and in transit.
  • Role-based access controls.
  • Audit logging and monitoring.
  • Secure data storage compliant with HIPAA standards.
However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention & Deletion

  • PHI is retained as directed by the subscribing clinics in accordance with HIPAA and applicable laws.
  • Account information (including Google user data such as your name and email) is retained as long as your account is active or as necessary to provide our services.
You may request deletion of your account and associated Google user data at any time by contacting us at info@ava-healthcare.com. Upon verification, we will delete your account information unless retention is required by law or HIPAA.

7. Patient Rights Under HIPAA

Patients have the right to:
  • Access and obtain a copy of their medical records.
  • Request corrections to their PHI.
  • Request restrictions on certain uses or disclosures of PHI.
  • Receive an accounting of disclosures of PHI.
  • Request confidential communications.
Requests should be made directly to the patient's clinic, which is the Covered Entity responsible for managing these rights.

8. Children's Privacy

AVA is not intended for use by individuals under the age of 18 without parental consent. Clinics are responsible for ensuring proper authorization for patient accounts involving minors.

9. International Data Transfers

If you are accessing our platform from outside the United States, please note that your information may be transferred and stored in jurisdictions with different data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by posting the new policy with an updated effective date.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, HIPAA compliance, or our data practices, you may contact us at:
AVA Privacy & HIPAA Compliance Team
Email: info@ava-healthcare.com
Address: 115 Kasing-Kasing corner K-6th St. Brgy. East Kamias, Quezon City, Metro Manila, Philippines