Privacy Policy
This Privacy Policy describes how Travora Data LLC (“Travora,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with our websites, applications, APIs, portals, documentation, EVV clearinghouse services, data transmission services, integration services, support services,
Travora provides electronic visit verification (“EVV”) data aggregation, integration, validation, routing, monitoring, and related technology services for EHR/EMR platforms, home care technology platforms, provider agencies, healthcare organizations, and other business customers.
This Privacy Policy applies to information we collect through our website, customer portal, APIs, business communications, support channels, and Services.
This Privacy Policy does not replace any Business Associate Agreement (“BAA”) entered into between Travora and a customer. If Travora and a customer enter into a BAA and there is a conflict between this Privacy Policy and the BAA regarding Protected Health Information (“PHI”), the BAA will control with respect to PHI.
1. Information We Collect
We may collect the following categories of information:
1.1 Customer Account and Business Contact Information
We may collect information about our customers and their authorized users, including:Name;Business email address;Phone number;Job title;Company name;Company address;Billing information;Account credentials and user role information;Technical contact information; andOther information provided during onboarding, contracting, implementation, support, or account administration.
1.2 Customer Data Processed Through the ServicesCustomers may submit or make available data through the Services, including EVV-related data and other operational data. This may include:Visit information;Caregiver information;Patient, member, or recipient information;Provider or agency information;Scheduling data;Service codes;Payer or managed care organization information;EVV records;Exception data;Submission statuses;Rejection or error information;Aggregator or state system responses;Logs, reports, and audit information; andOther information submitted to, transmitted through, or generated by the Services.Depending on Customer’s use of the Services, Customer Data may include PHI subject to HIPAA.
1.3 Technical and Usage InformationWe may collect technical and usage information when users access our website, portal, APIs, or Services, including:IP address;Device type;Browser type;Operating system;Pages viewed;Referring website;Dates and times of access;Login activity;API activity;Feature usage;Error logs;Diagnostic information; andSecurity and audit logs.
1.4 Communications and Support InformationWe may collect information provided when customers, users, prospects, or other parties contact us, request support, submit inquiries, participate in meetings, respond to communications, or otherwise interact with us.This may include emails, messages, meeting notes, support tickets, issue details, files, screenshots, technical logs, and related communications.
1.5 Payment InformationPayments may be processed through Stripe or another third-party payment processor. We may receive limited payment-related information, such as billing contact information, payment status, invoice history, and partial payment method details. We do not intend to store full credit card numbers directly on our systems.
We may collect the following categories of information:
1.1 Customer Account and Business Contact Information
We may collect information about our customers and their authorized users, including:Name;Business email address;Phone number;Job title;Company name;Company address;Billing information;Account credentials and user role information;Technical contact information; andOther information provided during onboarding, contracting, implementation, support, or account administration.
1.2 Customer Data Processed Through the ServicesCustomers may submit or make available data through the Services, including EVV-related data and other operational data. This may include:Visit information;Caregiver information;Patient, member, or recipient information;Provider or agency information;Scheduling data;Service codes;Payer or managed care organization information;EVV records;Exception data;Submission statuses;Rejection or error information;Aggregator or state system responses;Logs, reports, and audit information; andOther information submitted to, transmitted through, or generated by the Services.Depending on Customer’s use of the Services, Customer Data may include PHI subject to HIPAA.
1.3 Technical and Usage InformationWe may collect technical and usage information when users access our website, portal, APIs, or Services, including:IP address;Device type;Browser type;Operating system;Pages viewed;Referring website;Dates and times of access;Login activity;API activity;Feature usage;Error logs;Diagnostic information; andSecurity and audit logs.
1.4 Communications and Support InformationWe may collect information provided when customers, users, prospects, or other parties contact us, request support, submit inquiries, participate in meetings, respond to communications, or otherwise interact with us.This may include emails, messages, meeting notes, support tickets, issue details, files, screenshots, technical logs, and related communications.
1.5 Payment InformationPayments may be processed through Stripe or another third-party payment processor. We may receive limited payment-related information, such as billing contact information, payment status, invoice history, and partial payment method details. We do not intend to store full credit card numbers directly on our systems.
2. How We Use Information
We may use information for the following purposes:
1. To provide, operate, support, maintain, and improve the Services;
2. To process, validate, transform, route, transmit, monitor, and troubleshoot EVV-related data;
3. To provide customer onboarding, implementation, configuration, and technical support;
4. To communicate with customers, authorized users, prospects, vendors, and business partners;
5. To administer accounts, credentials, permissions, billing, invoicing, and payments;
6. To monitor performance, availability, usage, errors, security events, and system integrity;
7. To investigate, prevent, or respond to fraud, abuse, security incidents, unauthorized access, or misuse of the Services;
8. To comply with legal, regulatory, contractual, payer, state EVV, aggregator, and operational requirements;
9. To enforce our agreements, policies, and legal rights;
10. To develop, improve, and enhance our products, services, documentation, analytics, and support processes;
11) For other purposes described at the time information is collected or as otherwise permitted by law.
We may use information for the following purposes:
1. To provide, operate, support, maintain, and improve the Services;
2. To process, validate, transform, route, transmit, monitor, and troubleshoot EVV-related data;
3. To provide customer onboarding, implementation, configuration, and technical support;
4. To communicate with customers, authorized users, prospects, vendors, and business partners;
5. To administer accounts, credentials, permissions, billing, invoicing, and payments;
6. To monitor performance, availability, usage, errors, security events, and system integrity;
7. To investigate, prevent, or respond to fraud, abuse, security incidents, unauthorized access, or misuse of the Services;
8. To comply with legal, regulatory, contractual, payer, state EVV, aggregator, and operational requirements;
9. To enforce our agreements, policies, and legal rights;
10. To develop, improve, and enhance our products, services, documentation, analytics, and support processes;
11) For other purposes described at the time information is collected or as otherwise permitted by law.
3. Customer Data and EVV Submissions
Travora processes Customer Data based on the data received from or on behalf of our customers. Customers are responsible for the accuracy, completeness, timeliness, authorization, and compliance of Customer Data submitted to Travora or transmitted through the Services.
Travora does not independently verify the underlying truth, accuracy, completeness, authorization, or compliance of Customer Data. Travora transmits, routes, validates, transforms, and processes EVV-related data based on the Customer Data received from or on behalf of the customer.
Customers are responsible for obtaining all rights, consents, authorizations, notices, credentials, and approvals required for Travora to process Customer Data and provide the Services.
Travora processes Customer Data based on the data received from or on behalf of our customers. Customers are responsible for the accuracy, completeness, timeliness, authorization, and compliance of Customer Data submitted to Travora or transmitted through the Services.
Travora does not independently verify the underlying truth, accuracy, completeness, authorization, or compliance of Customer Data. Travora transmits, routes, validates, transforms, and processes EVV-related data based on the Customer Data received from or on behalf of the customer.
Customers are responsible for obtaining all rights, consents, authorizations, notices, credentials, and approvals required for Travora to process Customer Data and provide the Services.
4. HIPAA and Protected Health Information
Depending on Customer’s use of the Services, Travora may create, receive, maintain, or transmit PHI on behalf of Customer.
To the extent Travora acts as a Business Associate under HIPAA, Travora will use and disclose PHI only as permitted by the applicable customer agreement, the Travora Terms of Service, applicable law, and any BAA entered into by the parties.
Customers are responsible for determining whether their use of the Services involves PHI and whether a BAA is required. A more comprehensive BAA is available upon request where required by applicable law or otherwise agreed by the parties in writing.
Travora will not intentionally use PHI for marketing purposes or sell PHI. Travora will not use PHI except as necessary to provide the Services, support and secure the Services, comply with applicable law, or as otherwise permitted by HIPAA and any applicable BAA.
Depending on Customer’s use of the Services, Travora may create, receive, maintain, or transmit PHI on behalf of Customer.
To the extent Travora acts as a Business Associate under HIPAA, Travora will use and disclose PHI only as permitted by the applicable customer agreement, the Travora Terms of Service, applicable law, and any BAA entered into by the parties.
Customers are responsible for determining whether their use of the Services involves PHI and whether a BAA is required. A more comprehensive BAA is available upon request where required by applicable law or otherwise agreed by the parties in writing.
Travora will not intentionally use PHI for marketing purposes or sell PHI. Travora will not use PHI except as necessary to provide the Services, support and secure the Services, comply with applicable law, or as otherwise permitted by HIPAA and any applicable BAA.
5. How We Disclose Information
Depending on Customer’s use of the Services, Travora may create, receive, maintain, or transmit PHI on behalf of Customer.
We may disclose information in the following circumstances:
5.1 To Provide the Services
We may disclose Customer Data and related information to state EVV systems, payer systems, managed care organization systems, EVV aggregators, EHR/EMR systems, billing systems, clearinghouses, customer-authorized platforms, and other third-party systems as necessary to provide the Services.
5.2 To Service Providers and Subcontractors
We may disclose information to service providers, vendors, contractors, and subcontractors that help us operate, support, host, secure, monitor, bill, improve, or provide the Services. These may include cloud hosting providers, infrastructure providers, payment processors, analytics providers, communications tools, support tools, security tools, and professional advisors.
5.3 To Customers and Authorized Users
We may disclose information to the applicable customer, its authorized users, administrators, technical contacts, or other parties authorized by the customer
5.4 For Legal and Compliance Purposes
We may disclose information when we believe disclosure is necessary or appropriate to:
1)Comply with applicable law, regulation, subpoena, court order, legal process, or government request;
2)Enforce our agreements, policies, and rights;
3)Protect the rights, property, safety, or security of Travora, our customers, users, third parties, or the public;
4)Detect, prevent, or respond to fraud, abuse, security incidents, technical issues, or unlawful activity;
5) Satisfy payer, state EVV, aggregator, audit, or regulatory requirements applicable to the Services.
5.6 With Consent or DirectionWe may disclose information with the consent or direction of the customer, user, or other authorized party.
Depending on Customer’s use of the Services, Travora may create, receive, maintain, or transmit PHI on behalf of Customer.
We may disclose information in the following circumstances:
5.1 To Provide the Services
We may disclose Customer Data and related information to state EVV systems, payer systems, managed care organization systems, EVV aggregators, EHR/EMR systems, billing systems, clearinghouses, customer-authorized platforms, and other third-party systems as necessary to provide the Services.
5.2 To Service Providers and Subcontractors
We may disclose information to service providers, vendors, contractors, and subcontractors that help us operate, support, host, secure, monitor, bill, improve, or provide the Services. These may include cloud hosting providers, infrastructure providers, payment processors, analytics providers, communications tools, support tools, security tools, and professional advisors.
5.3 To Customers and Authorized Users
We may disclose information to the applicable customer, its authorized users, administrators, technical contacts, or other parties authorized by the customer
5.4 For Legal and Compliance Purposes
We may disclose information when we believe disclosure is necessary or appropriate to:
1)Comply with applicable law, regulation, subpoena, court order, legal process, or government request;
2)Enforce our agreements, policies, and rights;
3)Protect the rights, property, safety, or security of Travora, our customers, users, third parties, or the public;
4)Detect, prevent, or respond to fraud, abuse, security incidents, technical issues, or unlawful activity;
5) Satisfy payer, state EVV, aggregator, audit, or regulatory requirements applicable to the Services.
5.6 With Consent or DirectionWe may disclose information with the consent or direction of the customer, user, or other authorized party.
6. Cookies and Similar Technologies
Our website and online Services may use cookies, pixels, local storage, log files, and similar technologies to operate the website and Services, maintain sessions, remember preferences, understand usage, improve performance, support security, and analyze traffic.
Users may be able to control cookies through their browser settings. Disabling cookies may affect the functionality of the website or Services.
Our website and online Services may use cookies, pixels, local storage, log files, and similar technologies to operate the website and Services, maintain sessions, remember preferences, understand usage, improve performance, support security, and analyze traffic.
Users may be able to control cookies through their browser settings. Disabling cookies may affect the functionality of the website or Services.
7. Data Security
Travora uses commercially reasonable administrative, physical, and technical safeguards designed to protect information processed through the Services against unauthorized access, use, alteration, or disclosure.
These safeguards may include access controls, authentication, encryption, logging, monitoring, least-privilege access practices, vendor controls, backup processes, and other security measures appropriate to the nature of the Services.
No system, network, software, infrastructure, API, or transmission method is completely secure or error-free. Customers and users are responsible for securing their own systems, accounts, credentials, devices, networks, applications, and data before and after transmission to Travora.
Travora uses commercially reasonable administrative, physical, and technical safeguards designed to protect information processed through the Services against unauthorized access, use, alteration, or disclosure.
These safeguards may include access controls, authentication, encryption, logging, monitoring, least-privilege access practices, vendor controls, backup processes, and other security measures appropriate to the nature of the Services.
No system, network, software, infrastructure, API, or transmission method is completely secure or error-free. Customers and users are responsible for securing their own systems, accounts, credentials, devices, networks, applications, and data before and after transmission to Travora.
8. Data Retention
We retain information for as long as reasonably necessary to provide the Services, comply with legal and contractual obligations, resolve disputes, enforce agreements, maintain security, support business operations, and satisfy audit, backup, accounting, tax, and compliance requirements.
Customer Data may be retained in accordance with the applicable customer agreement, the Terms, any applicable BAA, legal requirements, backup practices, and ordinary course retention policies.
Upon termination of Services, Travora may make Customer Data available for export for a limited period, as described in the applicable agreement. After that period, Travora may delete or retain Customer Data in accordance with applicable law, contractual obligations, backup practices, and ordinary course retention policies.
We retain information for as long as reasonably necessary to provide the Services, comply with legal and contractual obligations, resolve disputes, enforce agreements, maintain security, support business operations, and satisfy audit, backup, accounting, tax, and compliance requirements.
Customer Data may be retained in accordance with the applicable customer agreement, the Terms, any applicable BAA, legal requirements, backup practices, and ordinary course retention policies.
Upon termination of Services, Travora may make Customer Data available for export for a limited period, as described in the applicable agreement. After that period, Travora may delete or retain Customer Data in accordance with applicable law, contractual obligations, backup practices, and ordinary course retention policies.
9. De-Identified and Aggregated Data
Travora may create, use, retain, analyze, and disclose de-identified or aggregated data that does not identify a customer, user, patient, member, caregiver, provider, or other individual and does not constitute PHI under HIPAA.
We may use de-identified or aggregated data for lawful business purposes, including analytics, benchmarking, product improvement, operational monitoring, security, reporting, research, marketing, and development of new features.
Travora may create, use, retain, analyze, and disclose de-identified or aggregated data that does not identify a customer, user, patient, member, caregiver, provider, or other individual and does not constitute PHI under HIPAA.
We may use de-identified or aggregated data for lawful business purposes, including analytics, benchmarking, product improvement, operational monitoring, security, reporting, research, marketing, and development of new features.
10. Privacy Choices and Requests
Customers and authorized users may contact us to request access to, correction of, deletion of, or export of certain information associated with their account, subject to applicable law, contractual obligations, security requirements, and customer instructions.
If we process personal information or PHI on behalf of a customer, we may direct privacy or HIPAA-related requests to the applicable customer. Customers are responsible for responding to requests from their patients, members, caregivers, providers, employees, or other individuals when required by law.
To submit a privacy request, contact us at contact@travoradata.com.
Customers and authorized users may contact us to request access to, correction of, deletion of, or export of certain information associated with their account, subject to applicable law, contractual obligations, security requirements, and customer instructions.
If we process personal information or PHI on behalf of a customer, we may direct privacy or HIPAA-related requests to the applicable customer. Customers are responsible for responding to requests from their patients, members, caregivers, providers, employees, or other individuals when required by law.
To submit a privacy request, contact us at contact@travoradata.com.
11. Third-Party Systems and Links
The Services may interact with third-party systems, including state EVV systems, payer systems, managed care organization systems, EVV aggregators, EHR/EMR systems, billing systems, clearinghouses, payment processors, cloud providers, and other platforms.
This Privacy Policy does not apply to the privacy practices of third-party systems, websites, platforms, or services that we do not control. Customers and users should review the privacy policies and terms applicable to those third-party systems.
The Services may interact with third-party systems, including state EVV systems, payer systems, managed care organization systems, EVV aggregators, EHR/EMR systems, billing systems, clearinghouses, payment processors, cloud providers, and other platforms.
This Privacy Policy does not apply to the privacy practices of third-party systems, websites, platforms, or services that we do not control. Customers and users should review the privacy policies and terms applicable to those third-party systems.
12. Children’s Privacy
The Services are intended for business and healthcare operational use and are not directed to children. We do not knowingly collect personal information directly from children through our website or Services.
Customer Data processed through the Services may include information about patients or members, including minors, when submitted by or on behalf of a customer for EVV-related purposes. Customers are responsible for ensuring that such data is submitted and processed in compliance with applicable law.
The Services are intended for business and healthcare operational use and are not directed to children. We do not knowingly collect personal information directly from children through our website or Services.
Customer Data processed through the Services may include information about patients or members, including minors, when submitted by or on behalf of a customer for EVV-related purposes. Customers are responsible for ensuring that such data is submitted and processed in compliance with applicable law.
13. International Users
Travora is based in the United States, and the Services are intended primarily for use in the United States. Information may be processed and stored in the United States or other locations where our service providers operate.
By using the Services, customers and users understand that information may be transferred to and processed in the United States, where privacy laws may differ from those in other jurisdictions.
Travora is based in the United States, and the Services are intended primarily for use in the United States. Information may be processed and stored in the United States or other locations where our service providers operate.
By using the Services, customers and users understand that information may be transferred to and processed in the United States, where privacy laws may differ from those in other jurisdictions.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by posting the updated Privacy Policy on our website, emailing customers, or providing notice through the Services.
The updated Privacy Policy will become effective on the date stated at the top of the policy. Continued use of the Services after the effective date means that the updated Privacy Policy applies to the Services.
We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by posting the updated Privacy Policy on our website, emailing customers, or providing notice through the Services.
The updated Privacy Policy will become effective on the date stated at the top of the policy. Continued use of the Services after the effective date means that the updated Privacy Policy applies to the Services.
15. Contact Us
For questions about this Privacy Policy or Travora’s privacy practices, contact us at:
Travora Data LLC
Email: contact@travoradata.com
For questions about this Privacy Policy or Travora’s privacy practices, contact us at:
Travora Data LLC
Email: contact@travoradata.com