Legal
Privacy Policy
Effective date: April 9, 2026 | Last updated: April 9, 2026
SolvingHealth Technologies LLC (“SolvingHealth,” “we,” “our,” or “us”) operates the SolvingHealth platform, ComfortCard, co-op.care, CareGoals, ClinicalSwipe, and related products (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect your information.
1. Information We Collect
We collect the following categories of information:
- Account information: Name, email address, phone number, and credentials when you register.
- Health information: Medical records, insurance information, and health history that you voluntarily connect or enter. This constitutes Protected Health Information (PHI) under HIPAA.
- Usage data: Pages visited, features used, timestamps, and device information.
- Communications: Messages you send to us or through our AI assistant (Sage).
- Financial information: HSA/FSA account identifiers (we do not store full financial account numbers).
2. How We Use Your Information
- To provide, operate, and improve the Services
- To generate Letters of Medical Necessity (LMNs) through our physician review process
- To connect your health records via Fasten Health’s FHIR-compliant API (with your explicit authorization)
- To facilitate care coordination between you and care providers
- To send service communications and updates
- To comply with legal obligations, including HIPAA
3. Data Security and HIPAA
SolvingHealth is a technology infrastructure provider (not a HIPAA-covered entity). Where our platform processes Protected Health Information on behalf of covered entities or their patients, we operate as a Business Associate under 45 CFR Part 164 and enter into BAAs with those covered entities. We maintain administrative, physical, and technical safeguards. Your data is:
- Encrypted at rest (AES-256) and in transit (TLS 1.3)
- Accessible only to authorized personnel and your designated care team
- Never sold to third parties
- Retained only as long as necessary to provide Services or as required by law
4. Health Records and Fasten Connect
When you connect health records through our platform (powered by Fasten Health), you authorize the import of your FHIR R4 health records. You can revoke this connection at any time from your account settings. SolvingHealth is a registered organization on the Fasten Connect network and operates under Fasten’s data use and security standards.
5. Sharing Your Information
We do not sell your personal information. We may share information with:
- Service providers: Supabase (database), Vercel (hosting), Anthropic (AI processing), Twilio (messaging) โ all under Business Associate Agreements where required
- Physicians: When you request an LMN, your relevant health information is shared with our reviewing physician under a HIPAA-compliant Business Associate Agreement
- Care coordinators: If you are a co-op.care member and have authorized care coordination
- Legal authorities: When required by law or to protect safety
6. Your Rights
Under HIPAA, the Colorado Privacy Act (C.R.S. ยง 6-1-1301 et seq.), and other applicable law, you have the right to:
- Access and receive a copy of your data (HIPAA Right of Access; CPA access right)
- Request corrections to your health information
- Receive an accounting of disclosures
- Request restrictions on how we use or disclose your data
- Opt out of the sale of personal data or its use for targeted advertising (CPA)
- File a complaint with the U.S. Department of Health and Human Services or the Colorado Attorney General
- Delete your account and associated data (subject to legal retention requirements)
To exercise your Colorado Privacy Act rights, contact us at privacy@solvinghealth.com. We will respond within 45 days.
7. Data Retention
We retain your information for as long as your account is active or as needed to provide Services. PHI is retained for a minimum of 6 years per HIPAA requirements, or longer if required by state law. You may request deletion of non-PHI data at any time.
8. Children’s Privacy
Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. Family plan accounts for minors are managed by the account holder (parent or guardian).
9. Changes to This Policy
We may update this policy periodically. We will notify you of material changes via email or prominent notice on our platform at least 30 days before the change takes effect.
10. Contact Us
Privacy questions, HIPAA requests, or Colorado Privacy Act rights requests:
- Email: privacy@solvinghealth.com
- Address: SolvingHealth Technologies LLC, Boulder, CO 80302
SolvingHealth Technologies LLC — Boulder, CO — © 2026. See also: Terms of Service