Privacy Policy

Effective Date: 05 June 2025

1. Introduction

Versytech, LLC ("Versytech,” "we,” "our,” or "us") provides SOA Assist Pro—a HIPAA-compliant SaaS platform that helps Medicare insurance agents automate appointment scheduling, Scope‑of‑Appointment (SOA) workflows, email outreach, and AI‑powered call handling (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use the Service.

2. Information We Collect

We collect the following categories of information:

  • Agent Account Information: name, email address, billing information, and authentication tokens (OAuth refresh tokens are encrypted).
  • Client / Beneficiary Information (including Protected Health Information “PHI”): SOA form data, appointment details, call recordings and transcriptions, and any documents you upload.
  • Usage & Device Information: IP address, browser / device type, log files, and in‑app actions (e.g., button clicks, API errors).
  • Cookies & Similar Technologies: session cookies for authentication and analytics cookies to understand product usage. You can manage cookies through your browser settings.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Facilitate appointment scheduling, document e‑signatures, and SOA management.
  • Authenticate users and secure accounts.
  • Send transactional notifications and respond to inquiries.
  • Monitor, analyze, and improve Service performance and security.
  • Comply with legal obligations, including HIPAA.

4. Protected Health Information & HIPAA Compliance

We handle PHI in accordance with the Health Insurance Portability and Accountability Act (HIPAA). We sign Business Associate Agreements (BAAs) with covered entities and implement the following safeguards:

  • Data encrypted in transit (TLS 1.2+) and at rest (AES‑256 S3 / DynamoDB).
  • Granular IAM roles and audit logging via AWS CloudTrail.
  • Least‑privilege access controls and multi‑factor authentication.
  • Regular security assessments and penetration testing.

5. Sharing & Disclosure of Information

We do not sell your personal information. We may share it only:

  • With Authorized Service Providers: AWS (cloud hosting), Microsoft (Outlook / Entra ID), and DocuSeal (e‑signature). Each provider is bound by contract to protect data and (where applicable) sign a BAA.
  • With other users at your direction (e.g., when sending SOA forms).
  • To comply with legal requests, court orders, or enforce our terms.
  • In connection with a merger, acquisition, or sale of assets (with notice).

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements.

7. Your Choices & Rights

You may:

  • Access, correct, or delete certain personal information in your account.
  • Request an export of your data or restrict its processing, subject to legal limitations.
  • Opt out of non‑essential cookies through your browser or our in‑app preferences.
  • Revoke OAuth permissions via Calendly or Microsoft security settings.

8. Security

We employ administrative, technical, and physical safeguards designed to protect your information. While no system is 100% secure, we follow industry‑standard best practices (NIST 800‑53) and respond promptly to potential incidents.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version and update the "Effective Date" above. Material changes will be communicated via email or in‑app notice.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: