Privacy Policy

If you are reading this Privacy Policy, you likely know us as Society Health. At Society Venture Investments, LLC (d/b/a Society Health) ("Society Health,""we,""us," or"our"), we help healthcare organizations and related businesses transform the way they manage financial and operational resources. We provide technology-enabled services that integrate financial systems, treasury operations, accounts payable, and, where appropriate, electronic health record (EHR) data to enable cost transparency, value-based care readiness, and overall financial resiliency.

Because we process financial data, operational records, and, in some cases, health-related information, we take privacy and security very seriously.

This Privacy Policy explains how we collect, use, share, and protect personal information in connection with your use of our Website (www.societyhealth.co) and related services (together, our"Services"). It also describes your rights with respect to the personal information we handle, including if you are a resident of California, other U.S. states with privacy laws, or are located in the European Economic Area (EEA) or the United Kingdom (UK).

If you have questions about our privacy practices, you can contact us at: privacy@societyhealth.co.

Our Role

In most cases, Society Health acts as a service provider or data processor. That means:

• We process financial and operational data (e.g., accounts payable, billing, payroll, reimbursement files, tax records) and sometimes health-related information (e.g., cost allocations tied to EHR encounters) strictly on behalf of our customers.
• Our customers (the"data controllers") decide what data is shared with us and how it is used.
• If you are an employee, patient, or vendor of one of our customers and want to know how your data is used, you should contact them directly.
• If we collect your information outside of a customer relationship (e.g., you are a visitor to our Website, a business contact, or an applicant for employment), then this Privacy Policy applies directly to you.

What Personal Information We Collect

We may collect the following categories of personal information depending on your relationship with us:

• Identifiers: Name, email address, phone number, mailing address, IP address.
• Business and Customer Records: Job title, employer, payment and billing information, account credentials.
• Financial Information: Transactional data, accounts payable records, tax-related identifiers, and treasury information shared by our customers for processing.
• Health-Related Information: Limited clinical or administrative data (from EHRs or claims systems) used solely to support financial analysis and value-based care models.
• Commercial Information: Records of services purchased, subscribed to, or evaluated.
• Internet Activity: Browsing activity, device identifiers, cookies, and log data when you interact with our Website.
• Professional/Employment Data: Resume, work history, or reference information if you apply for a job with us.
• Education Data: Degrees or certifications, if relevant to job applications.
• Inferences: Preferences, interests, or trends derived from other collected data.

We may also collect sensitive personal information in limited cases, such as:

• Financial account numbers with security credentials (for treasury and accounts payable services).
• Health-related data elements if shared by a customer for financial modeling.

How We Collect Your Personal Information

We may collect information in the following ways:

• Directly from you: When you complete forms, register for updates, email us, or apply for a job.
• From our customers: When they share financial, operational, or health-related data for us to process on their behalf.
• From third parties: Business partners, vendors, or event organizers.
• Automatically: Through cookies and similar technologies when you use our Website.

How and Why We Use Personal Information

We process personal information to:

• Provide and improve our Services (financial analytics, EHR-linked costing models, treasury operations).
• Process transactions and customer requests.
• Communicate with you about accounts, inquiries, and opportunities.
• Ensure compliance with applicable healthcare, financial, and privacy laws (including HIPAA, HITECH, and IRS rules).
• Protect security and prevent fraud.
• Recruit and evaluate job applicants.
• Comply with legal obligations.

We do not use automated decision-making or profiling that produces legal or significant effects without human involvement.

How We Share Personal Information

We do not sell your personal information. We may disclose personal information as follows:

• With service providers: Vendors who support IT, security, analytics, cloud hosting, and professional services.
• With account owners/administrators: If you are using our Services through an employer or customer account.
• For legal purposes: To comply with subpoenas, government requests, or lawful reporting obligations.
• Business transfers: If Society Health is involved in a merger, acquisition, or restructuring.
• With your consent: If you direct us to share your information with others.

We may also disclose aggregated or de-identified information that cannot reasonably identify you.

Cookies and Tracking

Our Website may use cookies, web beacons, and similar technologies to:

• Improve user experience.
• Monitor Website traffic and security.
• Support marketing and analytics.

You may control cookies through your browser settings. Some features may not function properly if cookies are disabled.

Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access and obtain a copy of your personal information.
• Correct inaccuracies.
• Request deletion.
• Request portability of your data.
• Opt out of targeted advertising or profiling.

To exercise these rights, contact us at privacy@societyhealth.co. We may need to verify your identity before responding.

Notice to California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, request deletion, and opt out of the sale of data (though we do not sell data). Please see our California Privacy Notice for more information.

Notice to EEA and UK Residents

If you are located in the EEA or UK, we process your data based on:

• Contract: Where processing is necessary to deliver our Services.
• Consent: For certain communications or optional features.
• Legal obligation: For compliance with applicable law.
• Legitimate interests: For service improvement, fraud prevention, and protection of legal rights.

You may also lodge a complaint with your local data protection authority.

How We Secure Personal Information

We implement appropriate technical, organizational, and administrative safeguards to protect personal information, including:

• Encryption of sensitive financial and health-related data.
• Access controls and audit logs.
• Secure cloud hosting.
• Vendor due diligence.

Despite safeguards, no system is completely secure. Users are responsible for protecting their own credentials (such as passwords or API keys).

Data Retention

We retain personal information only as long as necessary to fulfill the purposes described above, or as required by law, regulation, or contract. For example:

• Customer data: Retained for the duration of the service relationship and in compliance with healthcare and financial recordkeeping obligations.
• Job applicants: Retained per applicable employment law.
• Website users: Retained consistent with cookie and analytics practices.

Children's Privacy

Our Services are not directed at children under 18, and we do not knowingly collect data from minors. If we learn we have collected data from a child, we will delete it promptly.

International Transfers

If you access our Services from outside the United States, your information will be transferred to and processed in the United States. We use safeguards such as contractual data protection commitments to protect personal information subject to cross-border transfers.

Do Not Track

At this time, we do not respond to Do Not Track (DNT) signals.

Third-Party Links

Our Services may link to third-party websites or content. We are not responsible for their privacy practices. Please review their privacy policies.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated"Last Updated" date. For significant changes, we may provide additional notice by email or Website notification.

Contact Us

For questions about this Privacy Policy or our practices, please contact us: