Privacy Policy & Notice of Privacy Practices
Table of Contents
- Who We Are
- Information We Collect
- How We Use Your Information
- Who We Share Information With
- How We Use Artificial Intelligence
- Your Privacy Rights
- How to Exercise Your Rights
- HIPAA Notice of Privacy Practices
- Data Retention
- Call Recording
- Security
- Do Not Sell or Share My Personal Information
- Limit the Use of My Sensitive Personal Information
- Children's Privacy
- Changes to This Policy
- Contact Us
This Privacy Policy describes how Qdos Health ("Qdos Health," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you interact with our platform, visit our website, call our phone lines, send us an email, or otherwise communicate with us. This document also serves as our Notice of Privacy Practices as required under the Health Insurance Portability and Accountability Act (HIPAA).
This policy satisfies requirements under the California Consumer Privacy Act (CCPA/CPRA), the Health Insurance Portability and Accountability Act (HIPAA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Texas Data Privacy and Security Act (TDPSA), the Oregon Consumer Privacy Act, and applicable consumer privacy laws in all states where we operate.
1. Who We Are
| Company | Qdos Health |
| Address | 1234 9th St, Minneapolis, MN 55401 |
| Privacy Officer | Alec Papierniak |
| Privacy Email | privacy@qdoshealth.com |
| Phone | (662) 399-5620 |
| Website | www.qdoshealth.com |
Qdos Health is a licensed health insurance brokerage. We are not an insurance company. We work on your behalf to compare plans from multiple carriers and help you find the right coverage.
2. Information We Collect
We collect the following categories of personal information:
| CCPA Category | Data Elements | Source |
|---|---|---|
| A: Identifiers | Name, email address, phone number(s), mailing address, date of birth | You provide this during calls and emails |
| B: Financial Information | Insurance plan details, premium information | You provide this during consultations |
| D: Commercial Information | Insurance inquiries, plan comparisons, coverage preferences | Generated from your interactions |
| F: Internet/Electronic Activity | IP address, browser type, pages visited on our site | Automatically collected when you visit our website |
| H: Audio/Visual | Call recordings, voicemails | Automatically recorded during phone calls |
| I: Professional/Employment | Employer name, employment status (for group plan inquiries) | You provide this during consultations |
| K: Inferences | AI-generated conversation summaries, extracted facts and preferences stored as "memories" | Generated by our AI systems from your interactions |
| Sensitive Personal Information | Health conditions, medications, medical providers, health insurance enrollment details | You share this during insurance consultations |
3. How We Use Your Information
We use your personal information for the following purposes:
- Insurance services: Helping you find, compare, and enroll in health insurance plans
- Customer support: Responding to your questions and following up on your requests
- Quality assurance: Reviewing call recordings and transcripts to ensure service accuracy
- Compliance: Meeting our legal and regulatory obligations
- Communications: Sending follow-up emails, policy reminders, and service updates related to your insurance needs
- Security: Detecting and preventing fraudulent or unauthorized activity
4. Who We Share Information With
We share personal information only as necessary to provide our services:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform | Infrastructure and AI processing | Encrypted data for processing and storage |
| Twilio | Phone call routing and recording | Phone numbers, call audio during transmission |
| Insurance Carriers | Processing insurance applications at your request | Information necessary for your application |
| Legal Authorities | Compliance with lawful requests | As required by applicable law |
5. How We Use Artificial Intelligence
Qdos Health uses AI technology to assist with our insurance brokerage services. We believe in full transparency about how AI is used:
AI Assistant
When you call Qdos Health, your call may be handled by an AI-powered voice assistant. The AI assistant is not a human. This is disclosed at the beginning of every call. You may request to speak with a human agent at any time during the call.
AI Memory
With your consent, our AI systems extract and store key facts from your conversations ("memories") to provide personalized service in future interactions. These memories may include your insurance preferences, coverage needs, and relevant details you have shared. You may opt out of AI memory storage at any time through the user portal or by contacting us. Opting out stops future memory storage; existing memories are retained until you separately request their deletion.
AI-Generated Communications
Follow-up emails may be generated by our AI systems. AI-generated emails are identified as such.
Important Disclaimer
AI-generated insurance guidance is informational only. It is not professional insurance advice and does not replace consultation with a licensed insurance professional.
6. Your Privacy Rights
We honor the following privacy rights for all consumers, regardless of your state of residence:
| Right | Description | Legal Basis |
|---|---|---|
| Access | Request the categories and specific pieces of personal information we have collected about you | CCPA §1798.100, HIPAA §164.524, VCDPA, CPA, CTDPA |
| Deletion | Request deletion of personal information we have collected from you | CCPA §1798.105, VCDPA, CPA, CTDPA |
| Correction | Request correction of inaccurate personal information | CCPA §1798.106, HIPAA §164.526, VCDPA, CPA, CTDPA |
| Data Portability | Receive your personal information in a portable, machine-readable format | CCPA §1798.100(d), VCDPA, CPA |
| Opt-Out of AI Profiling | Opt out of automated decision-making and AI profiling | State privacy laws (ADMT provisions) |
| Limit Sensitive PI | Limit our use of your sensitive personal information to what is necessary for services you request | CCPA §1798.121 (California residents) |
| Appeal | Appeal a denied privacy rights request. If we deny your appeal, we will provide contact information for your state Attorney General. | VCDPA, CPA, CTDPA, TDPSA |
| Non-Discrimination | We will not discriminate against you for exercising your privacy rights. You will not receive different pricing, a different quality of service, or denial of service. | CCPA §1798.125 |
7. How to Exercise Your Rights
You may submit a privacy rights request through any of the following methods:
| Method | Details |
|---|---|
| privacy@qdoshealth.com — Include your full name and the right you wish to exercise. | |
| Phone | (662) 399-5620 — Our AI assistant can accept your rights request during the call. |
Verification
To protect your information, we verify your identity before fulfilling a rights request. Verification may include confirming your date of birth, email address, and phone number on file.
Response Timeline
- We acknowledge your request within 10 business days.
- We fulfill your request within 45 calendar days from receipt.
- If additional time is needed, we may extend by an additional 45 calendar days (90 days total) and will notify you.
Authorized Agents
You may designate an authorized agent to submit a request on your behalf. Authorized agents must provide a valid power of attorney or signed written authorization from you. We will independently verify your identity.
8. HIPAA Notice of Privacy Practices
Uses and Disclosures of Protected Health Information
We may use and disclose your protected health information (PHI) for the following purposes without your authorization:
- Treatment: Coordinating your insurance coverage and connecting you with appropriate carriers and plans.
- Payment: Processing insurance applications, enrollment, and billing-related activities.
- Health Care Operations: Quality assurance, compliance, auditing, and business management activities.
- As required by law: When federal, state, or local law requires disclosure.
- Public health activities: As permitted by HIPAA for public health and safety purposes.
Your HIPAA Rights
- Right to access: You have the right to inspect and obtain a copy of your PHI maintained by us (§164.524).
- Right to amend: You have the right to request amendment of your PHI if you believe it is incorrect or incomplete (§164.526).
- Right to an accounting of disclosures: You have the right to receive a list of certain disclosures we have made of your PHI (§164.528).
- Right to request restrictions: You have the right to request restrictions on certain uses and disclosures of your PHI.
- Right to request confidential communications: You have the right to request that we communicate with you through alternative means or at alternative locations.
- Right to a copy of this notice: You have the right to obtain a paper copy of this notice upon request.
Breach Notification
In the event of a breach of your unsecured PHI, we will notify you within 60 days of discovery as required by HIPAA §164.404. The notification will describe the breach, the types of information involved, steps you should take, and what we are doing to investigate and mitigate the breach.
Complaints
If you believe your privacy rights have been violated, you may file a complaint with us at privacy@qdoshealth.com or with the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/hipaa/filing-a-complaint. We will not retaliate against you for filing a complaint.
9. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this policy, subject to legal requirements. Our standard retention period for all data categories is 10 years, which exceeds the requirements of HIPAA, IRS, and applicable state insurance regulations.
| Data Category | Retention Period |
|---|---|
| Call recordings and transcripts | 10 years from date of recording |
| AI-generated memories | 10 years from creation, or until you request deletion |
| Insurance application and policy data | 10 years from last activity |
| Consumer rights request records | 10 years from request date |
| Consent records | 10 years from date of consent |
| Email correspondence | 10 years from date of communication |
| Profile and contact information | 10 years from last interaction, or until you request deletion |
| Audit logs | 10 years from creation |
When you submit a deletion request, we delete the applicable data within 45 calendar days, regardless of remaining retention period. After retention periods expire, data is securely destroyed.
10. Call Recording
Phone calls to and from Qdos Health are recorded for quality assurance. You are informed of this at the beginning of every call. You may opt out of call recording through the user portal or by contacting us. If you have opted out of recording, your calls will not be recorded.
11. Security
We implement administrative, technical, and physical safeguards to protect your personal information, including:
- Encryption of data at rest and in transit
- Role-based access controls
- Comprehensive audit logging
- Regular security assessments
- Workforce security training
12. Do Not Sell or Share My Personal Information
13. Limit the Use of My Sensitive Personal Information
We collect sensitive personal information, including health-related information, solely for the purpose of providing insurance brokerage services you have requested. We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide those services. California residents may exercise the right to limit the use of sensitive personal information by contacting privacy@qdoshealth.com.
14. Children's Privacy
Qdos Health does not knowingly collect personal information from children under the age of 13. Our services are not directed at children. If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us at privacy@qdoshealth.com.
15. Changes to This Policy
We may update this policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and post the revised policy on our website.
16. Contact Us
If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices:
| Privacy Officer | Alec Papierniak |
| privacy@qdoshealth.com | |
| Phone | (662) 399-5620 |
| Qdos Health, 1234 9th St, Minneapolis, MN 55401 | |
| HHS OCR Complaints | www.hhs.gov/hipaa/filing-a-complaint |