Privacy Policy

Valet Metrix, LLC (d/b/a Valet Health)

Privacy Policy

Introduction

Valet Metrix, LLC, doing business as Valet Health ("Valet Health," "we," "us," or "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at www.valethealth.com (the "Website"), use our services, including CRM systems, SMS and email communications, physician profile management, content marketing tools, analytics, and related integrations (collectively, the "Services"), or otherwise interact with us.

This Privacy Policy applies to all users of our Website and Services, including clients, website visitors, patients, and other individuals whose information we process. By accessing or using our Website or Services, you agree to this Privacy Policy. If you do not agree, please do not use our Website or Services.

We act as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH"), when handling Protected Health Information ("PHI") on behalf of our healthcare provider clients (who are Covered Entities under HIPAA). In such cases, our handling of PHI is governed by a Business Associate Agreement ("BAA") with the client, which takes precedence over this Privacy Policy to the extent of any conflict.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our Website and updating the "Effective Date" above. Your continued use of our Website or Services after such changes constitutes your acceptance.

Information We Collect

We collect the following categories of information:

1. Personal Information: Information that identifies, relates to, or could reasonably be linked to you, such as your name, email address, phone number, postal address, account credentials, payment information, and demographic details.
2. Protected Health Information (PHI): When provided by our clients (e.g., healthcare providers), this may include medical history, treatment details, insurance information, or other health-related data governed by HIPAA.
3. Usage and Device Information: Automatically collected data, such as IP address, browser type, device identifiers, operating system, pages visited, time and date of visits, clickstream data, and referral sources.
4. Marketing and Communication Data: Preferences for receiving communications, opt-in consents for SMS, email, or other outreach, and interaction data (e.g., opens, clicks).
5. Other Information: Any additional data you provide, such as feedback, survey responses, or content uploaded to our Services.

We do not knowingly collect sensitive personal information (e.g., Social Security numbers, genetic data) unless necessary for the Services and with appropriate consents.

How We Collect Information

• Directly from You: When you register for an account, subscribe to Services, submit forms, communicate with us, or provide data through our platforms.
• Automatically: Via cookies, web beacons, log files, and similar technologies. We use cookies for essential functions, analytics, and personalization. You can manage cookie preferences through your browser settings but disabling them may limit functionality.
• From Third Parties: From our clients (e.g., patient contact lists with consents), service providers, business partners, or public sources.
• From Communications: When you interact with SMS, email, or other messages sent via our Services.

For marketing communications, we require explicit opt-in consent as mandated by applicable laws (see "Compliance with US Federal and State Laws" below).

Use of Information

We use your information to:

• Provide, maintain, and improve our Services (e.g., facilitating CRM, communications, and analytics).
• Communicate with you, including sending service updates, marketing messages (with consent), and responding to inquiries.
• Comply with legal obligations, such as HIPAA reporting or responding to subpoenas.
• Analyze usage trends and personalize experiences.
• Prevent fraud, enforce our Terms and Conditions, and protect our rights.
• For any other purpose disclosed at the time of collection or with your consent.

We process PHI solely as permitted under our BAAs and HIPAA, typically for patient engagement and marketing on behalf of clients.

Disclosure of Information

We may disclose your information to:

• Service Providers: Third-party vendors (e.g., SMS gateways, email platforms, analytics tools) who assist us, bound by confidentiality and data protection obligations.
• Clients and Partners: Healthcare providers or affiliates, as necessary for the Services (e.g., sharing analytics).
• Legal and Regulatory Authorities: To comply with laws, respond to government requests, or protect rights (e.g., in litigation).
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Your Consent: For any other purpose you approve.

We do not sell your personal information as defined under applicable privacy laws (e.g., CCPA). For PHI, disclosures are strictly limited by HIPAA and our BAAs.

Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including encryption, access controls, and regular audits. However, no system is completely secure, and we cannot guarantee absolute security. In the event of a data breach involving PHI, we will notify affected parties as required by HIPAA/HITECH.

Your Rights and Choices

You have the following rights, subject to verification and applicable laws:

• Access and Correction: Request access to or correction of your personal information.
• Deletion: Request deletion, subject to retention requirements (e.g., for legal compliance).
• Opt-Out: Unsubscribe from marketing communications via links in messages or by contacting us. For SMS, reply "STOP" or similar as instructed.
• Do Not Sell/Share: Opt-out of any sale or sharing of personal information (though we do not engage in such activities).
• Limit Use of Sensitive Data: Request limitations on sensitive personal information use.

To exercise rights, contact us at support@valethealth.com. We respond within required timeframes (e.g., 45 days under CCPA). We do not discriminate against you for exercising rights.

Children's Privacy

Our Services are not directed to children under 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it promptly. Parents/guardians: Contact us if you believe your child has provided information.

International Data Transfers and GDPR Compliance

Our operations are primarily in the United States, but if we process personal data from the European Union/European Economic Area ("EU/EEA"), we comply with the General Data Protection Regulation ("GDPR").

• Legal Basis for Processing: Consent, contract performance, legitimate interests (e.g., providing Services), or legal obligations.
• Data Subject Rights: EU/EEA residents have rights to access, rectify, erase, restrict, object to processing, data portability, and withdraw consent. Contact our Data Protection Officer at support@valethealth.com to exercise rights.
• International Transfers: We use Standard Contractual Clauses or other approved mechanisms for transfers outside the EU/EEA.
• Data Retention: We retain data as necessary for the purposes described, or as required by law.

If GDPR applies, this Privacy Policy serves as our notice under Article 13/14. Complaints can be lodged with your local supervisory authority.

Compliance with US Federal and State Laws

We comply with applicable US federal and state privacy laws. Key disclaimers and notices:

• HIPAA/HITECH: As a Business Associate, we protect PHI in accordance with HIPAA/HITECH. Clients must obtain patient consents before sharing PHI. We are not liable for client non-compliance.
• Telephone Consumer Protection Act (TCPA): For SMS/MMS communications, we require prior express written consent. Messages comply with carrier rules and include opt-out options (e.g., "STOP").
• CAN-SPAM Act: Emails include unsubscribe links and accurate headers. We do not send unsolicited commercial emails.
• Federal Trade Commission (FTC) Rules: Marketing practices are truthful and non-deceptive. We disclose material connections in endorsements.
• Texas Business and Commerce Code Chapter 302 (as amended by Senate Bill 140, effective September 1, 2025): For text-based marketing to Texas residents, clients must register as telephone solicitors (if not exempt), post bonds, obtain consents, honor quiet hours (9:00 a.m. to 9:00 p.m. local time), avoid spoofing, and comply with no-call lists. Penalties for violations may include up to $5,000 per message. We disclaim liability for client violations.
• Texas Data Privacy and Security Act (TDPSA): Texas residents have rights to access, correct, delete, opt-out of targeted advertising/profiling, and non-discrimination. We respond to requests within 45 days.
• California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA): California residents have rights to know, delete, correct, opt-out of sales/sharing, limit sensitive data use, and non-discrimination. We do not sell or share personal information.
• Other State Laws: Similar rights apply under the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and other emerging state laws (e.g., Delaware, Indiana, Iowa, Montana, Oregon, Tennessee). We process appeals for denied requests and provide opt-out for targeted advertising or profiling.

For state-specific requests, indicate your state of residence. We verify identity before processing.

Changes to This Privacy Policy

Changes are effective upon posting. We recommend reviewing periodically.

Contact Us

For questions, rights exercises, or concerns:

Valet Metrix, LLC (d/b/a Valet Health) 

9494 Six Pines Drive, Suite 8210

The Woodlands, TX 77380

Email: support@valethealth.com 

 

If you are an EU/EEA resident, contact our Data Protection Officer at the above email.

Last Updated: October 24, 2025