Back to Home

Privacy Policy

Last updated: February 12, 2026

Codavera LLC (“Codavera,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website at codavera.net, use our client portal, or engage our medical billing and revenue cycle management services.

1. Information We Collect

Information You Provide

  • Contact Information: Name, email address, phone number, and practice name when you request a consultation, fill out forms, or contact us.
  • Account Information: Email and password when you register for the Codavera client portal.
  • Practice Data: Claims data, patient identifiers (de-identified or limited data sets), billing codes, payer information, and financial records uploaded to or processed through our platform.
  • Communications: Records of correspondence when you contact our support team.

Information Collected Automatically

  • Usage Data: Pages visited, features used, timestamps, and actions taken within the portal.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: Session cookies for authentication and preferences. We do not use third-party advertising cookies.

2. How We Use Your Information

  • Provide, operate, and maintain our billing and analytics services.
  • Process and manage medical claims on behalf of your practice.
  • Generate analytics, reports, and insights within the client portal.
  • Communicate with you about your account, services, and support requests.
  • Improve our platform, detect issues, and enhance security.
  • Comply with legal obligations and regulatory requirements.

3. HIPAA Compliance

Codavera operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We enter into Business Associate Agreements (BAAs) with all covered entity clients. All Protected Health Information (PHI) is handled in accordance with HIPAA Privacy, Security, and Breach Notification Rules. We implement administrative, physical, and technical safeguards to protect PHI.

4. Information Sharing

We do not sell, rent, or trade personal information. We may share information with:

  • Service Providers: Trusted third parties that help us operate our platform (e.g., cloud hosting via Supabase/Vercel, AI services via Retell AI). All service providers are bound by data protection agreements.
  • Insurance Payers: As necessary to process and submit claims on your behalf.
  • Legal Requirements: When required by law, subpoena, or regulatory investigation.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice.

5. Data Security

We implement industry-standard security measures including:

  • 256-bit TLS encryption for all data in transit.
  • AES-256 encryption for data at rest.
  • Role-based access controls and multi-factor authentication.
  • Regular security audits and vulnerability assessments.
  • Row-level security (RLS) ensuring practices can only access their own data.

6. Data Retention

We retain practice data for the duration of our service agreement plus 7 years as required by healthcare record retention regulations. Account data is deleted upon request after the service relationship ends. Usage analytics are retained in anonymized form.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your personal data (subject to legal retention requirements).
  • Withdraw consent for non-essential data processing.
  • Export your data in a portable format.

8. AI-Powered Services

Our AI Front Desk Agent processes phone calls to schedule appointments and answer questions. Call recordings and transcripts are stored securely and associated with your practice account. AI-generated insights (denial pattern analysis, revenue forecasting) are derived from your claims data and are not shared with other practices.

9. Children's Privacy

Our services are designed for healthcare professionals and business use. We do not knowingly collect personal information from individuals under 18.

10. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated effective date. Material changes will be communicated via email to registered users.

11. Contact Us

For questions about this Privacy Policy or to exercise your data rights:

  • Email: info@codavera.net
  • Address: Codavera LLC, Atlanta, Georgia