Privacy Policy

Last Updated: February 14, 2025

Introduction

Forward Technologies, Inc. DBA Vodera ("Forward," "Company," "we," "us," and/or "our") is committed to protecting your privacy and maintaining the security of Protected Health Information ("PHI") and other personal information. This Privacy Policy describes how we handle information, including personally identifiable data ("Personal Data") and PHI, collected from visitors to our website at www.vodera.ai and our web application at https://app.vodera.ai (collectively the "Site"), and through our mobile applications, AI voice agents, and related services (collectively, including any new features and applications, and the Site, the "Service(s)").

PLEASE READ THIS PRIVACY POLICY CAREFULLY.

1. Information We Collect

Protected Health Information

As a Business Associate under HIPAA, we collect and process Protected Health Information ("PHI") through our Services. This includes health information created or received by healthcare providers, health plans, employers, or healthcare clearinghouses that relates to past, present, or future physical or mental health conditions, healthcare provision, or payment for healthcare. We process PHI both from our business clients (e.g., healthcare providers) and on behalf of our clients.

PHI we may collect includes health-related identifiers such as patient names and demographic information, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, device identifiers, voice recordings and transcripts, full face photographic images, and other unique identifying characteristics or codes.

Personal Data You Provide

We collect Personal Data when you voluntarily provide information to us through the Services, including contact information, account credentials, payment details, employment information, and communications preferences. This may occur when you create an account, make a payment, or communicate with us through the Services.

Information Collected via Technology

When you interact with our Services, we automatically collect technical information about your equipment, browsing actions, and usage patterns. This includes your browser type and version, operating system, IP address, device identifiers, usage data and patterns, communication preferences, and voice recordings and transcripts.

Cookies and Tracking Technologies

Our Services employ various technologies to collect and store information, including cookies, web beacons, local storage, analytics tools, session replay software, and voice recording technology. We use both persistent cookies (which remain after you close your browser) and session cookies (which expire when you close your browser). You can control cookie settings through your browser preferences and other tools.

Telephone Numbers and Call Data

For our AI voice agent services, we collect phone numbers and call records to provide the Services, comply with legal obligations, and maintain opt-out records. We retain call logs to demonstrate compliance with applicable regulations.

2. Use of Your Information

Use of PHI

We handle PHI in strict compliance with HIPAA and our Business Associate Agreements. Our use and disclosure of PHI is limited to specific permitted purposes, including providing our Services, supporting healthcare operations, processing payments, and complying with legal requirements. We may also use PHI for quality assessment and improvement activities, training and assessment of AI systems, and other purposes permitted by HIPAA, always subject to appropriate safeguards and restrictions.

Use of Personal Data

We use Personal Data to operate, maintain, and improve our Services. This includes processing payments, communicating with you about our Services, enhancing our AI systems, and ensuring the security of our platform. When you consent, we may also use your information for marketing and promotional purposes. We regularly audit our AI systems for bias and accuracy, and may de-identify and aggregate voice data to improve AI performance.

AI Voice Agent Data Usage

Information collected through our AI voice agents serves several specific purposes in our healthcare revenue cycle services. We use this data to train and improve our AI systems, monitor compliance, optimize service delivery, and maintain accurate records. Our usage includes quality assurance measures and regular performance monitoring to ensure high standards of service delivery.

3. Disclosure of Your Information

HIPAA-Compliant Disclosures

We disclose PHI as permitted by HIPAA and our Business Associate Agreements. This includes disclosures to covered entities, other business associates, and regulatory authorities as required by law.

Service Providers and Subprocessors

We carefully select and oversee third-party service providers who help us deliver our Services. Our current subprocessors include Amazon Web Services (hosting), Twilio (communications), and AssemblyAI (speech processing). All subprocessors are bound by appropriate contracts and security requirements.

We will notify users of legal demands for PHI unless prohibited by law. For non-PHI data, we may disclose information as required by valid subpoenas or court orders.

4. Data Security

Security Measures

We implement comprehensive security measures to protect your information. We maintain strict access controls, require strong authentication, and conduct regular security monitoring. Our physical and administrative safeguards include employee training, incident response procedures, and quarterly access log reviews. We undergo annual third-party security audits to validate our security controls. However, these measures do not guarantee that your information could not be accessed, disclosed, altered or destroyed by a breach. By using our Service, you acknowledge that you understand and agree to assume these risks.

Data Breach Procedures

In the event of a data breach, we follow a documented incident response plan. This includes promptly investigating the incident, taking appropriate corrective action, and providing all required notifications. Breaches are reported according to applicable law and our Business Associate Agreements.

5. Your Rights and Choices

HIPAA Rights

Under HIPAA, you have specific rights regarding your PHI. These include the right to access your health information, request amendments, receive an accounting of disclosures, and request restrictions on certain uses or disclosures.

State Privacy Rights

Residents of certain states (including California, Colorado, Connecticut, Utah, and Virginia) may have additional privacy rights under applicable state laws. These rights may include requesting information about how we use and share your Personal Data, opting out of certain data uses, or requesting deletion of your information. To exercise these rights, please contact us at privacy@vodera.ai.

Communication Preferences

You can control your communication preferences through several methods. To opt out of marketing communications, you may use the unsubscribe mechanism in our messages, adjust your account settings, or contact us directly. Please note that you cannot opt out of service-related communications that are essential to providing our Services.

Call Opt-Out Procedures

To opt out of AI voice agent calls, you may use the automated opt-out mechanism provided during calls, email your request to privacy@vodera.ai. We maintain records of all opt-out requests in compliance with applicable regulations.

6. Data Retention

We maintain PHI in accordance with HIPAA requirements, state laws, and our Business Associate Agreements. For Personal Data, we retain information as long as necessary to provide our Services, comply with legal obligations, or fulfill legitimate business purposes. Our retention periods are regularly reviewed and updated to ensure compliance with evolving regulatory requirements.

7. Children's Privacy

Our website and direct Services are not intended for children under 13 years of age, and we do not knowingly collect information directly from children under 13 through our website or Services. However, in our role as a Business Associate under HIPAA, we may process PHI and insurance claims related to minors when such information is provided to us by healthcare providers, insurance companies, or other covered entities who are our clients. This processing is conducted in accordance with HIPAA regulations, our Business Associate Agreements, and other applicable laws governing the handling of minors' health information.

For any services involving minors' PHI, our covered entity clients are responsible for obtaining appropriate parental or guardian consent and maintaining compliance with all applicable regulations regarding the collection and sharing of minors' health information. We process such information solely for the purposes specified in our Business Associate Agreements and maintain all required security and privacy protections regardless of the age of the individual whose PHI we process.

8. International Data Transfers

While we primarily store and process data within the United States, some data transfers to international locations may occur. In such cases, we implement appropriate safeguards and data transfer mechanisms to protect your information in accordance with applicable privacy laws.

9. Do Not Track

Due to the lack of industry standards regarding Do Not Track (DNT) signals, our Services currently do not respond to DNT browser settings.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of material changes through our website, email communications, or other appropriate means. Your continued use of our Services after such modifications will constitute your acknowledgment of the modified Privacy Policy.

11. Contact Information

For questions about this Privacy Policy or to exercise your privacy rights, please contact our Privacy Officer:

Privacy Officer: Robby Abaya

Email: privacy@vodera.ai

Phone: +1 305-859-1217

Address: 1000 Brickell Ave Suite 715, PMB 1443, Miami, FL 33131