1. The Short Version
- We do not collect Protected Health Information (PHI) through this Site at any stage. Patient data is exchanged separately, only after a signed Business Associate Agreement is in place, and only through HIPAA-compliant channels.
- We collect business contact information from people who request a free audit or contact us, plus standard server logs.
- We do not sell or rent your information to anyone.
- We use Cloudflare for hosting and DNS, Google Workspace for forms and communication, and Calendly (or Google Calendar) for scheduling. These vendors process data on our behalf.
- We use Google Analytics to understand general traffic patterns on our marketing pages (analytics only — no advertising or ad-targeting signals). You can opt out anytime via Google’s browser add-on or your browser’s cookie controls. We do not run Google Analytics on pages where you submit audit or claim information, and we never collect Protected Health Information through analytics.
- You can ask us to access, correct, or delete your information at sarthak@relviohealth.com.
- We are an India-based company serving US healthcare practices.
2. Who We Are
Relvio Health is the trade name of SYBR INK Private Limited, a private limited company incorporated under the laws of India.
- Corporate Identification Number: U74999DL2021PTC383418
- Registered office: Delhi, India
- Service market: United States healthcare practices, currently focused on Florida practices, expanding across the United States
We provide denial recovery services to small physical therapy and mental health practices, helping them recover revenue from denied insurance claims through corrected claim submissions and formal appeals.
3. Information We Collect
3.1 Information you provide on the Site
When you submit our Free Audit form (/free-audit), we collect:
- Practice name
- Contact name
- Contact email address
- Contact person’s role at the practice (Owner / Practice Manager / Billing Staff / Other)
- Practice specialty (Physical Therapy / Mental Health / Other)
- Provider count (1–3 / 4–10 / 10+)
- Estimated monthly claim volume (under 100 / 100–500 / 500–1000 / 1000+)
- Optional free-text field describing denial challenges (with explicit instruction not to include patient information)
When you book a call through our scheduling tool (Calendly or Google Calendar), we collect:
- Name
- Business email address
- Practice name
- Practice specialty
- Optional: Monthly claim volume range
- Date and time selection
When you email us directly, we collect whatever information you choose to share, including any attachments.
3.2 Information explicitly NOT collected through the Site
We have designed our intake to avoid collecting Protected Health Information (PHI). The Site does not collect:
- Patient names, dates of birth, addresses, or other patient identifiers
- Patient insurance member IDs, group numbers, or policy numbers
- Specific claim numbers or claim-level data
- Dates of service tied to identifiable patients
- Diagnosis codes or procedure codes tied to specific patients
- Treatment details, clinical notes, or medical records
- Uploaded files of any kind
If you accidentally submit PHI through the Site, please contact us immediately at sarthak@relviohealth.com. We will delete it from our systems and confirm deletion to you.
3.3 Information collected automatically
When you visit the Site, our hosting provider (Cloudflare) automatically logs:
- IP address
- Browser type and version
- Operating system
- Referring website
- Pages visited and time of visit
- General geographic location derived from IP address (country / region level)
These logs are used to operate the Site, prevent abuse, and analyze general traffic patterns. We do not use marketing/advertising pixels (such as Meta or LinkedIn pixels), session replay tools, or behavioral retargeting on the Site.
3.3a Google Analytics
We use Google Analytics 4 (GA4), a web analytics service provided by Google LLC, on our marketing pages to understand how visitors find and use the Site (for example, page views, approximate location at the country/region level, device and browser type, and referral source).
- Analytics only, no advertising. GA4 runs with Google Consent Mode configured for analytics measurement only. We keep all advertising storage and ad-personalization signals disabled, do not enable Google Signals or cross-device advertising features, and do not use Google Analytics data for advertising or remarketing.
- IP handling. GA4 anonymizes IP addresses by default; we do not store full IP addresses through GA4.
- Walled off from claim data. Google Analytics is not loaded on pages where you submit audit or claim information (for example, the Free Audit intake page). No Protected Health Information is ever collected, sent to, or processed by Google Analytics.
- Separate from our BAA. Google Analytics is a distinct Google product and is not covered by our Google Workspace Business Associate Agreement. We therefore restrict it to non-PHI traffic measurement on marketing pages only.
Your choices. Google Analytics runs by default on our marketing pages. You can opt out at any time by:
- installing Google’s Analytics Opt-out Browser Add-on, which works across all sites you visit, or
- blocking or clearing analytics cookies through your browser’s privacy/cookie controls.
Google processes this data as a service provider on our behalf. Learn more in Google’s Privacy Policy.
3.4 Cookies
We use two categories of cookies:
- Strictly necessary cookies — required for the Site to function (set by Cloudflare for security and routing). These are always active and do not require consent.
- Analytics cookies — set by Google Analytics (for example,
_gaand_ga_*) to distinguish visitors and measure traffic. These are active by default on our marketing pages. You can opt out at any time using Google’s Analytics Opt-out Browser Add-on or by blocking/clearing analytics cookies through your browser’s privacy controls. They are never set on pages where you submit audit or claim information.
We do not use advertising or cross-context behavioral tracking cookies.
4. How We Use Your Information
We use the information described above for the following purposes:
- Respond to your inquiry. We use your contact information to respond to your free audit request, scheduled call, or email.
- Provide the Services. If you become a client, we use your business contact information to manage the engagement. PHI is handled separately under our Business Associate Agreement and is not subject to this Policy.
- Operate and improve the Site. Server logs and aggregated submission data help us understand traffic patterns, fix issues, and improve content.
- Comply with legal obligations. We may use information to comply with applicable law, respond to legal process, or protect our rights.
- Communicate about the Services. We may send occasional emails about features, compliance updates, or industry news to people who have contacted us. You can unsubscribe at any time.
We will not use your information for any purpose materially different from those listed above without your consent.
5. How We Share Your Information
We do not sell, rent, or trade your information.
We share information only in these limited circumstances:
5.1 Service providers (data processors)
| Vendor | Purpose | Data shared |
|---|---|---|
| Cloudflare, Inc. | Hosting, DNS, security | Server logs, IP addresses |
| Google LLC (Google Workspace) | Email, forms, document storage, scheduling | Form submissions, emails, calendar data |
| Google LLC (Google Analytics) | Marketing-page traffic analytics (consent-based) | Cookie ID, anonymized IP, page/device/referral data — no PHI |
| Calendly LLC | Appointment scheduling | Name, email, scheduling data |
| Namecheap, Inc. | Domain registration | Domain registration data only |
| GitHub, Inc. | Source code repository | No customer data |
| Wise Payments Limited | Payment processing | Payment / invoice data |
These vendors process data on our behalf under contractual data protection terms. For PHI, we maintain Business Associate Agreements with vendors as required by HIPAA.
5.2 Legal compliance
We may disclose information when required by law, subpoena, court order, or to protect the rights, safety, and property of Relvio Health, our clients, or others.
5.3 Business transfers
If Relvio Health is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use.
6. International Data Transfers
We are an India-based company. How your data is handled depends on its type:
- Protected Health Information (PHI), handled separately under the BAA: PHI is stored exclusively in US-based, BAA-covered Google Workspace cloud infrastructure, configured for a United States data region for primary data at rest. PHI is not downloaded to or stored on any device or server outside the United States. Our authorized workforce accesses PHI remotely only through encrypted, multi-factor-authenticated, audit-logged channels.
- Site and business-contact data (non-PHI): Information you submit through the Site (audit form, scheduling, email) may be accessed and processed by our workforce outside the United States and by our vendors in their operating locations. This data does not include PHI.
By using the Site, you consent to this processing of your business-contact information.
7. Your Privacy Rights
Depending on where you are located, you may have specific rights regarding your information.
7.1 United States — All states
You may have the right to access information we hold about you, request correction of inaccurate information, request deletion, opt out of certain processing, and receive a copy of your information. To exercise these rights, contact us at sarthak@relviohealth.com.
7.2 California (CCPA / CPRA)
California residents have rights to know, delete, correct, and opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information for cross-context behavioral advertising. Contact us at sarthak@relviohealth.com.
7.3 Florida (FDBR)
Florida residents may have rights to access, delete, correct, and opt out of certain processing. We honor verifiable requests to the extent the Florida Digital Bill of Rights applies to our processing. Contact sarthak@relviohealth.com.
7.4 India (DPDPA 2023)
If you are a resident of India, the Digital Personal Data Protection Act, 2023 grants you rights including access, correction, erasure, grievance redressal, and the right to nominate. Contact our designated grievance contact at sarthak@relviohealth.com.
8. Data Retention
| Data type | Retention period |
|---|---|
| Free audit / contact submissions (no engagement) | Deleted within 60 days of audit completion if no engagement proceeds, with written certification; retained through active engagement discussions plus 30 days if applicable |
| Active client business contact data | Duration of engagement, plus 6 years |
| Corrected claims, appeals, and related audit records | 6 years |
| Server logs | Up to 12 months |
| Email communications | Up to 6 years |
| PHI (under BAA) | Returned or destroyed at Client’s option upon termination, with written certification within 60 days; audit logs and disclosure records retained 6 years |
We may retain information longer if required by law.
9. Security
We implement administrative, physical, and technical safeguards to protect information:
- Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent)
- Multi-factor authentication on all accounts with access to client data
- Role-based access controls
- Audit logging
- Workforce HIPAA training
- Background checks
- Annual risk assessments
- Incident response plan
Detailed information about our security practices is available on our Trust & Security page.
No security measure is perfect. We cannot guarantee absolute security, but we work continuously to maintain industry-standard protections.
10. Children’s Privacy
The Site is not directed to children. We do not knowingly collect information from individuals under 16. If you believe a child has provided information to us, contact sarthak@relviohealth.com and we will delete it.
11. Third-Party Links
The Site may contain links to third-party websites. We are not responsible for the privacy practices of third parties. Review their privacy policies before providing information.
12. Changes to This Policy
We may update this Policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be highlighted on the Site. Continued use of the Site after changes constitutes acceptance.
13. Contact Us
For questions about this Policy or to exercise your rights:
Email: sarthak@relviohealth.com
For DPDPA grievances (India): sarthak@relviohealth.com (designated grievance contact)
Postal mail: SYBR INK Private Limited Delhi, India
14. Special Note: Protected Health Information (PHI)
This Site does not collect PHI. PHI is handled separately under signed Business Associate Agreements with client healthcare practices.
If you are a patient seeking access, correction, or deletion of your medical records, please contact your healthcare provider directly. We are a Business Associate to providers, not the Covered Entity, and patient rights requests must go through the Covered Entity (your provider) under HIPAA.
Relvio Health is the denial recovery brand of SYBR INK Private Limited, an Indian private limited company.