Curvia Care Logo
Curvia Care

Privacy Policy

Last updated: June 18, 2026

At Curvia Care, we understand that healthcare data is incredibly sensitive. This Privacy Policy outlines how Curvia Care ("Company", "we", "us") collects, uses, protects, and discloses information when you use our healthcare management platform and Electronic Health Record (EHR) systems.

1. Information We Collect

We collect various types of information to provide and improve our Services:

  • Account Information: Name, email address, phone number, facility name, and billing details when you register as a healthcare provider.
  • Patient Health Information (PHI): Information entered by healthcare providers into the EHR system, including medical history, diagnoses, prescriptions, lab results, and demographic data.
  • Usage Data: Information about how you interact with our platform (e.g., log times, features used, IP addresses) to ensure security and improve system performance.

2. How We Use Information

Your information is used strictly for the following purposes:

  • To provide, maintain, and secure the Curvia Care platform.
  • To facilitate medical record keeping, billing, and pharmacy management for your facility.
  • To provide customer support and respond to technical issues.
  • To ensure compliance with legal obligations and our Terms of Service.

We do NOT sell Patient Health Information to third parties under any circumstances.

3. Data Security and Encryption

Protecting PHI is our highest priority. We employ strict, industry-standard security protocols:

  • Encryption: All data is encrypted in transit (using TLS/SSL) and at rest using AES-256 encryption.
  • Access Controls: We use role-based access control (RBAC) ensuring only authorized medical and administrative staff can access specific patient records.
  • Audit Logs: The system automatically logs all access to patient records to monitor for unauthorized access.
  • Infrastructure: We host our services on secure, compliance-certified cloud infrastructure.

4. Data Sharing and Disclosure

We may share information only in the following limited circumstances:

  • Service Providers: We may share data with trusted third-party vendors (e.g., hosting providers, SMS gateways for appointment reminders) who are bound by strict confidentiality agreements.
  • Legal Requirements: If required by law, subpoena, or government request, we may disclose information to comply with legal processes.
  • Facility Transfers: If authorized by the patient and the healthcare provider, data may be transmitted to other healthcare entities for continuity of care.

5. Patient Rights

Patients have the right to access, amend, and request deletion of their medical records. Since Curvia Care acts as a Data Processor, patients must direct these requests to their healthcare provider (the Data Controller). We will assist healthcare providers in fulfilling these legal obligations within our platform.

6. Data Retention

We retain account and patient data as long as the facility's subscription is active, or as required by healthcare data retention laws. Upon termination of a subscription, facilities have a 30-day grace period to export their data before it is securely and permanently deleted from our systems.

7. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer at privacy@curviacare.com.