Welcome to Guava. Your privacy is critically important to us. Guava is committed to protecting your privacy and handling your data in an open and transparent manner. This privacy policy outlines how we collect, use, process, and disclose your information through the use of Guava's services ("Services").

1. Information We Collect

   Account & Contact (name, work email, phone, org), Support & Comms, Usage (features used, timestamps), Technical (IP, device, browser, cookie IDs), and Operational Artifacts you upload (e.g., payer policies, forms, documents). Guava is designed to minimize PHI; do not upload PHI unless a BAA is in place.

   
   

2. PHI & BAA

   By default, Guava operates outside the EHR and avoids PHI. If your use case requires PHI, you must execute a Business Associate Addendum (BAA). Without a BAA, you agree to de-identify data consistent with HIPAA safe harbor or expert determination.

   
   

3. How We Use Information

   To provide and secure the Service, personalize features, process billing, communicate about updates, analyze performance, enforce terms, and comply with law. We may use de-identified/aggregated analytics to improve reliability and quality.

   
   

4. Legal Bases (where applicable)

   We process data to perform our contract with you, for our legitimate interests (security, product improvement), with your consent (where required), and to comply with legal obligations.

   
   

5. Sharing & Disclosures

   We do not sell personal information. We share with vetted processors (e.g., cloud hosting, analytics, error monitoring, telephony/AI providers) under strict data protection terms; with affiliates for operations; to comply with law; or to protect rights, security, and integrity.

   
   

6. Data Retention

   We keep personal information only as long as needed for the purposes above and to meet legal/contractual requirements. You can request deletion; backups purge on their normal cycle. Product-level retention settings (e.g., logs, uploads) may be available to admins.

   
   

7. Security

   We implement administrative, technical, and physical safeguards (encryption in transit and at rest, access controls, audit logging, vulnerability management). No system is 100% secure; report issues to us immediately.

   
   

8. Your Rights & Choices

   You may request access, correction, deletion, portability, or restriction/objection to processing, and update preferences. For marketing emails, use unsubscribe links. We honor Global Privacy Control (GPC) for non-essential cookies where supported. Enterprise admins may control data exports and retention settings.

   
   

9. International Transfers

   If data is transferred across borders, we use appropriate safeguards (e.g., SCCs or other lawful mechanisms) as required by applicable law.

   
   

10. Children's Privacy

    Guava is for business use and not directed to children under 16. We do not knowingly collect data from children; if we learn we have, we will delete it.

    
    

11. Changes to this Policy

    We may update this Policy periodically. Material changes will be noted by updating the effective date and, where required, providing additional notice.

    
    

12. Contact Us

    Guava Medical, LLC.

    legal@guavamedical.ai

    For security/privacy requests, please include: your name, organization, relationship to Guava, and the request type.

    
    

    See also: our Cookie Policy and Terms of Service.