Privacy Policy

Last updated: September 6, 2025

This Policy explains how Rovi Health, Inc. ("Rovi," "we," "us") collects, uses, and shares information. It covers our websites (including rovi.health), messaging (SMS), and related services ("Services").

HIPAA Business Associate

When we handle Protected Health Information ("PHI") on behalf of a covered entity (e.g., an employer health plan or TPA), our processing of PHI is governed by our Business Associate Agreements (BAAs) with those entities. The covered entity remains responsible for issuing any HIPAA Notice of Privacy Practices. This Policy applies to other personal information we process.

What we collect

  • Information you provide: name, email, phone number, two-way SMS content, support messages.
  • From employers/plans/TPAs/providers: eligibility rosters, claims (e.g., 837/835), EHR/HIE events, and other plan data as authorized.
  • Device/usage data: IP address, browser/device info, pages viewed, timestamps, and diagnostics.
  • Payments (future optional): if you choose to receive incentives/reimbursements, limited financial account info may be collected and processed by our payments vendor on our behalf.

How we use information

  • Provide, secure, and improve the Services (including care navigation and messaging).
  • Communicate with you (transactional SMS with your consent, emails, support).
  • Personalize content and measure performance.
  • Comply with law, prevent fraud/abuse, and enforce terms.
  • At your direction or as authorized by your plan/provider, share information to coordinate care or benefits.

Sharing

  • Service providers (sub-processors): e.g., Amazon Web Services (infrastructure/hosting), Vercel (app/edge hosting), Twilio and Plivo (telephony/SMS), Sentry (error monitoring), Google Analytics (web analytics), Google Drive (document storage/collaboration), OpenAI (AI processing). We also engage other service providers that support hosting, communications, analytics, monitoring, storage, security, or similar infrastructure services. We maintain a current list at /subprocessors.
  • Plans/providers/employers: only as authorized to coordinate benefits/navigation.
  • Legal/safety: to comply with law, protect rights, or respond to lawful requests.
  • Business transfers: in connection with a merger, acquisition, or asset sale.

SMS Programs

If you opt in to SMS, we process your phone number, message metadata, and content to deliver texts. You can opt out by texting STOP. See our Mobile Terms.

To opt in to SMS, use our web form at /sms-optin.

Your privacy rights

If you are a resident of California (CPRA) or certain other U.S. states (e.g., VA, CO, CT), you may request access, correction, deletion, or portability of personal information, and opt out of certain processing where applicable. Submit requests to contact@rovihealth.com. We do not "sell" personal information as defined by CPRA. If we ever "share" personal information for cross-context behavioral advertising, we will provide an opt-out mechanism.

Security

We implement administrative, technical, and physical safeguards (e.g., encryption in transit/at rest, access controls, logging, vendor due diligence). No method is 100% secure.

Retention

We keep information only as long as necessary for the purposes described above, to meet legal/contractual obligations, or as specified in a BAA.

Children

Our Services are intended for individuals 18+. If a plan member is a dependent under 18, communications will be directed to the parent or legal guardian.

Changes

We may update this Policy and will change the "Last updated" date. Material changes will be reasonably noticed.

Contact

Rovi Health, Inc., 1620 Sansom Street, #1507, Philadelphia, PA 19103 • contact@rovihealth.com