ApiVoc LLC Service Privacy Policy

Effective Date: May 5, 2026   |   Last Updated: May 22, 2026

This Service Privacy Policy ("Privacy Policy") describes how ApiVoc LLC and its subsidiaries ("ApiVoc," "we," "us," or "our") collect, use, and share information about you when you create an account for, register with, or use our products, applications, and APIs (collectively, the "Service").

Our subsidiaries include:

  • Payor Systems
  • AmbiScript
  • RTPB
  • NoventaRx
  • ACO

This Privacy Policy applies to information collected through the Service, including:

  • Account registration
  • Authentication
  • Application use
  • Integrations
  • Support interactions

A separate Website Privacy Policy governs information collected through the apivoc.com public website.

This Privacy Policy does not govern Protected Health Information ("PHI").

When ApiVoc processes PHI on behalf of customers, that PHI is governed by HIPAA, Business Associate Agreements, and applicable customer agreements.

1. Information We Collect

Account and Profile Information

When you create or use a Service account, we collect:

  • Name and job title
  • Business email address and phone number
  • Employer or organization name
  • Authentication credentials
  • Multi-factor authentication enrollment data
  • Profile preferences and account configuration

Service Use and Telemetry

When you use the Service, we collect information about how you interact with it, including:

  • Login events, session duration, and IP address
  • Device, browser, and operating system information
  • Feature usage and configuration changes
  • API calls
  • Audit and security event logs
  • Performance and reliability metrics
  • Error reports and diagnostic data

Support and Communications

When you contact us for support, training, or feedback, we collect:

  • The content of your communications
  • Attachments you provide
  • Customer support interaction records
  • Survey and feedback information

Information from Your Organization or Third Parties

We may receive information from:

  • Your employer or organization
  • Federated identity providers such as Microsoft Entra ID
  • Integration partners

Do not submit:

  • Social Security numbers
  • Financial account numbers
  • Government identifiers
  • Biometric information
  • Sensitive personal information

unless expressly required by your organization’s account configuration.

2. How We Use Information

We use information to:

  • Provide, operate, secure, and improve the Service
  • Authenticate your identity and manage access
  • Detect and respond to security incidents and fraud
  • Provide customer support
  • Send service-related communications
  • Analyze Service usage and trends
  • Comply with legal and regulatory obligations
  • Enforce Terms of Service and agreements

3. How We Share Information

We do not sell or rent your personal information.

Service Providers

We share information with vendors that provide:

  • Cloud hosting
  • Identity management
  • Security tooling
  • Monitoring and observability
  • Customer support
  • Compliance automation

Within the ApiVoc Family of Companies

We may share information among ApiVoc LLC and its subsidiaries for operational purposes.

To Your Organization

Organization administrators may receive information about your account and Service usage.

Legal and Safety

We may disclose information when required by law, legal process, or to protect rights and safety.

Business Transfers

Information may be transferred during mergers, acquisitions, financing, or reorganizations.

With Your Consent

We may share information for additional purposes with your consent.

4. Data Security

ApiVoc maintains administrative, technical, and physical safeguards designed to protect Service data.

Our infrastructure is hosted in Microsoft Azure (United States regions) and managed through Microsoft Entra ID.

Security controls include:

  • Encryption in transit and at rest
  • Identity and access management
  • Multi-factor authentication
  • Network segmentation
  • Vulnerability management
  • Continuous monitoring
  • Audit logging

Our compliance program is monitored using Drata, and we are pursuing SOC 2 attestation.

5. Data Retention

We retain information according to our Data Retention Policy.

Closed accounts enter an expired state for thirty (30) days before permanent removal.

Suspended accounts may be reinstated during a thirty (30) day grace period.

PHI retained by Payor Systems is retained according to HIPAA requirements.

Audit logs and security records are retained according to legal, regulatory, and compliance requirements.

6. Your Privacy Choices

Depending on your jurisdiction, you may have rights including:

  • The right to know what information we collect
  • The right to access or receive a copy of information
  • The right to correct inaccurate information
  • The right to request deletion
  • The right to opt out of certain uses
  • The right not to be discriminated against

To exercise these rights, contact us using the information below.

7. International Users

ApiVoc operates exclusively in U.S. Azure regions.

If you access the Service from outside the United States, your information will be processed in the United States.

8. Third-Party Integrations

The Service may integrate with:

  • Third-party applications
  • Identity providers
  • EHR/EMR systems
  • APIs and external services

Third-party integrations are governed by their own policies and agreements.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Material changes may be communicated through in-product notices or email notifications.

10. How to Contact Us

ApiVoc LLC
Attn: Privacy Officer
20551 N. Pima Road, Suite 200
Scottsdale, AZ 85255

Email: support@apivoc.com