Privacy Policy

Last updated: December 31, 2025

This Privacy Policy explains how we collect, use, disclose, and protect information when you use TrivanaCare’s websites, scheduling portals, and related services. It also clarifies how our handling of Protected Health Information (PHI) under HIPAA differs from non-clinical website data (e.g., cookies, analytics).

Who We Are

TrivanaCare (“we,” “our,” “us”) is a telehealth service that provides virtual evaluations and related care support. TrivanaHealth, our enterprise entity, supports operations and technology. For simplicity, this Policy refers to both as “TrivanaCare.”

Scope

This Policy covers information collected on our websites, scheduling pages, and support channels. When you engage in clinical services, your information may be treated as PHI and governed by our HIPAA Notice of Privacy Practices (NPP).

  • Website & Marketing Data (non-PHI): cookies, device data, page analytics, and form submissions on informational pages.
  • Clinical PHI: information created or received by clinicians (e.g., visit notes, health history) handled per HIPAA and our NPP.

For PHI rights (access, amendment, restrictions), see our Notice of Privacy Practices.

Information We Collect

Information you provide

  • Contact details (name, email, phone), address, and appointment preferences.
  • Messages to support, surveys, or feedback forms.
  • Clinical intake and visit data (PHI) when receiving care.

Information collected automatically

  • Device and usage data (IP address, browser, pages viewed, timestamps).
  • Cookie/SDK data for analytics and site performance.

Information from third parties

  • Payment processors (limited billing details; we do not store full card numbers).
  • Scheduling/telehealth platforms used to deliver your visit.
  • Referring partners (only with appropriate permissions/agreements).

How We Use Information

  • Provide, schedule, and support telehealth services.
  • Communicate about appointments, results, and follow-up care.
  • Improve website performance, security, and user experience.
  • Process payments and prevent fraud.
  • Comply with legal, regulatory, and audit requirements.

We do not use PHI for advertising. Non-PHI website data may be used for analytics and site improvements as described below.

Disclosure & Third Parties

We may share information with:

  • Service providers under contracts (e.g., scheduling, telehealth platform, payment processing, secure messaging, analytics).
  • Clinicians providing your care (PHI as appropriate).
  • Legal/regulatory authorities where required by law.
  • Business transfers in the event of a merger, acquisition, or reorganization.

For PHI, we enter Business Associate Agreements (BAAs) as required by HIPAA.

Cookies & Analytics

We use cookies and similar technologies to understand site usage and improve performance. You can control cookies via your browser settings. Some features may not function without certain cookies.

  • Strictly necessary: security, session management.
  • Performance/analytics: aggregate traffic measurement.

We do not combine analytics data with PHI. Analytics events on clinical portals are limited to operational metrics and never expose diagnosis/treatment details.

Manage Cookie Preferences

SMS, Email & Phone Communications

  • By providing your phone number, you consent to receive SMS related to scheduling and care. Message/data rates may apply. You may opt out at any time by replying STOP.
  • Transactional emails (e.g., confirmations, reminders) are sent as part of service delivery.
  • We do not send marketing communications using PHI.

Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, or restrict the use of certain personal information.

California (CPRA)

  • Right to know what personal information we collect and use.
  • Right to delete certain personal information.
  • Right to correct inaccuracies.
  • Right to opt out of “sharing” for cross-context behavioral advertising (not used for PHI).
  • Right to limit use of sensitive personal information (as defined by CPRA).

Exercise your rights: Privacy Request Form  |  Do Not Sell or Share My Personal Information

HIPAA PHI is exempt from certain state privacy laws; PHI rights are governed by the NPP.

Security

We employ administrative, technical, and physical safeguards to protect information, including encryption in transit, access controls, and monitoring. No method is 100% secure; please notify us immediately if you suspect unauthorized access.

Data Retention

We retain information only as long as necessary for the purposes described here, to comply with legal obligations, resolve disputes, and enforce agreements. PHI retention follows applicable healthcare record-keeping requirements.

Children’s Privacy

Our public website is not directed to children under 13. We do not knowingly collect personal information from children on marketing pages. Clinical services for minors follow applicable consent and privacy laws.

International Users

We operate in the United States. If you access our services from outside the U.S., you understand your information may be processed in the U.S., where laws may differ from those in your country.

Changes to This Policy

We may update this Policy from time to time. Changes become effective when posted here. If we make material changes, we will provide a prominent notice (e.g., banner or email).

Contact Us

Questions or requests about privacy?

Want to see how we protect PHI?

Read our HIPAA Notice of Privacy Practices.

Book your visit