Privacy Policy

Overview

AudiVault, Inc. ("AudiVault," "we," "us," or "our") is committed to protecting your privacy and the confidentiality of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based hearing conservation platform and related services (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

Information We Collect

Account Information

When you create an account, we collect:

• Name, email address, and phone number
• Organization name and business address
• Job title and role
• Billing and payment information

Protected Health Information (PHI)

Through your use of the Service, you may input and store PHI including:

• Patient names, dates of birth, and employee identifiers
• Audiometric test results and hearing threshold data
• OSHA compliance letters and physician correspondence
• Work history and noise exposure records

All PHI is handled in strict accordance with the Health Insurance Portability and Accountability Act (HIPAA). See our HIPAA Compliance page for details.

Usage Information

We automatically collect certain information when you use the Service:

• Log data (IP address, browser type, pages visited, timestamps)
• Device information (operating system, device identifiers)
• Feature usage and interaction patterns

How We Use Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process audiometric tests and generate compliance reports
• Send important service notifications and updates
• Provide customer support and respond to inquiries
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations, including OSHA and HIPAA requirements
• Generate anonymized, aggregate analytics to improve the platform

Data Sharing

We do not sell your personal information or PHI. We may share information only in the following circumstances:

• Service Providers: With trusted third-party vendors who assist in operating the Service (e.g., cloud hosting, payment processing), bound by data processing agreements
• Business Associates: With HIPAA-compliant business associates, under executed Business Associate Agreements (BAAs)
• Legal Requirements: When required by law, regulation, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to you
• Consent: With your explicit consent for any purpose not described above

Data Security

We implement comprehensive security measures to protect your information:

• AES-256 encryption for data at rest
• TLS 1.2+ encryption for data in transit
• Multi-factor authentication options
• Regular security audits and penetration testing
• SOC 2 Type II certified infrastructure
• Role-based access controls and audit logging

For more details, see our Security page.

HIPAA & Protected Health Information

AudiVault acts as a Business Associate under HIPAA when processing PHI on behalf of Covered Entities. We:

• Execute Business Associate Agreements (BAAs) with all customers who store PHI
• Implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule
• Maintain a HIPAA compliance program with regular risk assessments
• Train all employees on HIPAA requirements annually
• Report any security incidents in accordance with the HIPAA Breach Notification Rule

Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Audiometric records are retained in accordance with OSHA's recordkeeping requirements (29 CFR 1910.95), which mandate retention for the duration of employment plus 30 years.

Upon account termination, we provide a data export option and delete your data within 90 days, unless retention is required by law.

Your Rights

Depending on your jurisdiction, you may have the right to:

• Access and receive a copy of your personal data
• Correct inaccurate personal data
• Request deletion of your personal data
• Object to or restrict processing of your personal data
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@audivault.com.

Cookies & Tracking

We use cookies and similar technologies to:

• Essential Cookies: Required for the Service to function (session management, authentication)
• Analytics Cookies: Help us understand how users interact with the Service (anonymized usage data)
• Preference Cookies: Remember your settings and preferences

You can control cookie preferences through your browser settings. Note that disabling essential cookies may affect the functionality of the Service.

Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or through the Service.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: