Hesvara Privacy Statement

We understand you're entrusting Hesvara with sensitive information about your loved one's care. That trust is not something we take lightly. This statement explains how we protect your data and respect your privacy—written in plain language, not legal jargon.

Hesvara is built with healthcare-grade security standards. We implement technical and administrative safeguards comparable to those required of healthcare providers, because your health information deserves that level of protection.

Hesvara collects only the information necessary to help you organize care and advocate for your loved one. All consumer health data is collected directly from you through your use of the Hesvara platform. We do not collect health data from third-party sources.

We use your information solely to provide the Hesvara service:

• Organizing and making your documents searchable
• Monitoring deadlines, transitions, and eligibility requirements
• Generating advocacy documents tailored to your situation
• Identifying patterns or trends in your daily records that may require attention
• Sending you alerts and reminders about upcoming deadlines

We do not sell your data. We do not use your information for advertising or marketing. We do not share your data with third parties except as described below.

We implement healthcare-grade security measures:

Encryption

Your data is encrypted both when it travels to our servers (in transit) and when it's stored (at rest). Even if data were somehow accessed, it would be unreadable without the encryption keys.

Access Controls

Only you (and any caregivers you authorize) can access your CaseFile. Our team cannot view your personal health information unless you specifically request support that requires it—and even then, access is logged and limited.

Authentication

We require strong passwords and encourage two-factor authentication to protect your account from unauthorized access.

Audit Logging

We maintain detailed logs of who accesses data and when, allowing us to detect and investigate any suspicious activity.

Data Backup & Recovery

Your CaseFile is regularly backed up to secure, encrypted storage. We have disaster recovery procedures in place to ensure your data isn't lost.

U.S.-Based Infrastructure

All data is stored on servers located in the United States, within data centers that meet healthcare-grade compliance standards.

Because Hesvara handles sensitive health information, we take consent seriously:

If you are the patient

You control your own data. You decide what to upload and who can access it.

If you are caring for a minor child or legal dependent

As their parent or legal guardian, you have authority to manage their health information.

If you are caring for an adult

You should have the patient's consent to use Hesvara on their behalf. During onboarding, we'll ask you to confirm you have authorization to manage their care information. If you have healthcare power of attorney or legal guardianship, you may act as their personal representative.

The patient (or their authorized representative) can revoke consent and request data deletion at any time.

Following the principle of data minimization, our AI features only access and include information relevant to the specific task. For example, when CaseMaker drafts an appeal letter, it includes only the medical details necessary to support that specific request—not your entire health history.

We share your information only in these limited circumstances:

At Your Direction

When you export documents, download letters, or explicitly share information with healthcare providers, schools, or insurers.

With Authorized Caregivers

If you invite additional family members or caregivers to access a CaseFile, they will see the information you've authorized them to view.

Service Providers

We use the following categories of service providers: (1) cloud infrastructure for secure data storage, and (2) AI processing services for document analysis and generation. Each provider is selected for their compliance with healthcare-grade security standards and is bound by data protection agreements requiring equivalent security controls. We do not share your health data with any other categories of third parties.

Legal Requirements

If required by law, we may disclose information—but we will notify you unless legally prohibited from doing so.

You have control over your information:

Access

You can view and download all information in your CaseFile at any time.

Correction

You can update or correct any information you've entered.

Withdraw Consent

You may withdraw consent to future collection of your health data at any time while retaining access to previously stored data.

Deletion

You can request full deletion of your account and all associated data. We will securely erase your information, though some may be retained as required by law or for legitimate business purposes (such as fraud prevention).

Revoke Caregiver Access

If a caregiver relationship changes, you can remove their access to your CaseFile at any time.

While we work hard to prevent security incidents, we have procedures in place if a breach occurs. If we discover unauthorized access to your health data, we will notify affected users within 60 days of discovering the breach, investigate the incident, and take steps to prevent future occurrences. Our commitment is transparency: you will know if your information has been compromised.

Your privacy matters to us. If you have questions about this statement or how we handle your information, please contact us:

Email: privacy@hesvara.com

We may update this privacy statement as our service evolves or as regulations change. We will post any changes here with an updated effective date. For significant changes, we will notify you directly via email or within the application.