Privacy & security at Averyn
You're trusting us with sensitive information about your family. This page explains — in plain English — how we handle it, who can see it, and what you control.
For the full legal text, see our Privacy Policy and Terms of Use.
At a glance
- We do not sell personal information — not to advertisers, data brokers, or anyone else.
- We never contact providers without your authorization.
- Averyn acts at your family's direction — not at the direction of providers, insurers, or payers.
- All infrastructure is built on HIPAA-compliant vendor architectures.
- AI-assisted tools use HIPAA-compliant models that don't train on your data.
- Every action is documented in the app — nothing happens "in the dark."
- You can add, remove, or revoke access for any family member or caregiver — at any time, from the app.
How access works
Three steps — each one is deliberate, documented, and under your control.
You sign releases or grant access. We don't freeload on the system — every provider relationship starts with a documented authorization that you approve.
We set up official portal access (a separate login tied to your authorization) so nothing depends on sharing your personal password. This is the cleanest, most auditable approach.
If a portal doesn't support delegate access and you explicitly authorize it, we store credentials in an encrypted, per-customer vault — accessible only to your assigned staff, purgeable when the engagement ends.
Proxy email — you always see what we see
We set up a proxy email address on our enterprise email platform (@averyncare.com, hosted on Google Workspace) for every Supported Person. This is the address used to establish portal access. Every notification from providers, pharmacies, and vendors — including two-factor authentication codes required by some portals — is automatically forwarded to both your assigned navigator and the Supported Person, so nothing arrives in the dark. This administrative email does not replace your clinical or emergency contact details with any provider.
The end state: your records consolidated, organized, and portable. Your navigator uses access only to do the authorized administrative work — checking messages, downloading records, confirming appointments — never to modify clinical records or impersonate you.
How we protect data
Three layers: people, process, and technology.
- Background checks via third-party screening before any account access
- OIG LEIE exclusion check — screening for healthcare fraud and abuse
- SAM.gov debarment check — federal exclusion screening
- Least-privilege access — navigators only access the accounts they're assigned to
- Authorization before action — documented releases before any provider contact
- Audit trail — every action logged in the app; your family can see what happened
- Revoking access — you can pause or revoke at any time; credential vaults are purged on exit
- Escalation rules — clear boundaries between administrative and clinical work
- AWS + Azure hosting — managed, enterprise-grade cloud infrastructure; all health-related data stored in US data centers
- Encryption — data in transit and sensitive data at rest
- Enterprise password management — per-customer vaults, generated passwords, staff-only access
- Disk encryption on all company-owned workstations; minimal-rights posture
- No self-hosted servers — zero-trust, fully managed infrastructure
A note on HIPAA
Averyn is not a HIPAA covered entity (we are not a health plan, provider, or clearinghouse), and we are not contracted as a Business Associate. That said, we deliberately build on HIPAA-compliant architectures — every vendor we depend on offers BAAs to covered entities and operates at that standard. We do this because it's the right way to handle sensitive health-related information, regardless of whether the law technically requires it of us.
If something goes wrong
No system guarantees absolute security. If a security incident affects your account, we will notify you directly and promptly — not bury it in a blog post or terms update.
Communication choices
You choose how we communicate with your household. Nothing is forced.
- App messaging — the primary channel; persistent, shared with the whole household
- Phone and video — your navigator is a call away
- Email and text — when that's what works best for you
- App is optional — we can communicate entirely outside the app if you prefer
- We don't send marketing messages unless you opt in
- SMS consent information is not shared with third parties for their own marketing or promotional purposes
- You can opt out of non-essential SMS at any time (reply STOP, END, CANCEL, UNSUBSCRIBE, or QUIT)
- Operational messages (appointment reminders, coordination updates) are tied to your active service
Payment processing
- All payments are processed through Stripe, a PCI-compliant payment processor
- Your card information goes directly to Stripe — Averyn never sees or stores complete payment card numbers
- We do not handle PCI-regulated data
- Averyn is a private-pay service — we do not submit claims to Medicare, Medicaid, or commercial insurers
- This keeps the service free from payer restrictions and focused entirely on your household's priorities
- The cardholder can be the Primary Contact, the Supported Person, or another family member
AI-assisted tools
We use AI to help your navigator process the volume of documentation that comes with complex care. Here's what that looks like — and what it doesn't.
- Standardizing documentation — converting PDFs and imaging reports from portals into structured, consistent formats
- Identifying changes over time — highlighting what's different in your providers' reports so your navigator can surface what matters
- Plain-language summaries — turning dense medical documentation into readable overviews your family can actually use
- Call note-taking — most navigator calls are recorded (announced at the start) to support accurate notes and quality assurance. Original recordings are not retained long-term; de-identified transcripts may be used to improve internal tools and workflows. Some providers or vendors may request we discontinue recording during their calls, and we comply
- HIPAA-compliant models — we use enterprise AI services (Azure OpenAI) that operate under BAA-grade security
- Your data is not used for training — these models do not learn from or retain your information
- Human review — AI outputs are reviewed by your navigator before anything is shared with your family or providers
Our summaries are not clinical interpretation or advice. They're administrative plain-language overviews based on your providers' reports. Your Record Vault always includes the full, original documentation from your providers — the summaries make it usable, not replace it.
We'd rather be transparent about using AI tools than pretend everything is done manually. The navigators do the thinking; the tools help with the processing.
Your controls
What you can do at any time — no waiting period, no hoops.
Control who's in your household account
The Primary Contact decides who has access. You can invite family members, caregivers, or anyone else who needs to be in the loop — and suspend or remove them at any time from the app. This is vastly more controlled than sharing portal passwords, managing a group text, or hoping everyone checks a shared Google Calendar.
Choose your communication channels
Tell us how you want to communicate — app, phone, email, text, video — and we'll use that. The app is optional. You can change preferences anytime.
Decide whether we store portal credentials
If delegate/proxy access isn't available for a particular portal, we'll ask your explicit permission before storing credentials. You can decline — we'll work around it. If you authorize it, credentials are encrypted in a dedicated vault, and purged when you say so or the engagement ends.
Pause or cancel at any time
You can pause or revoke Averyn's access at any time. We will never treat access as permanent — you remain the decision-maker. If you end the engagement, your credential vault is purged and active authorizations can be rescinded.
What happens to my Record Vault if I cancel?
Your Record Vault remains accessible for up to 36 months after cancellation of service or the conclusion of your Record Vault engagement — long enough to allow for vault refreshes or the reactivation of a Navigation Plan without starting over.
At any point during that window, you can request a full digital download of your Record Vault as an organized ZIP file with supporting index documents. You can also request that we remove your records at any time.
If you return to services after your records have been removed, a new Record Vault project may be required.
Some data may be retained beyond 36 months in backup or archival form, consistent with our general retention period of at least seven years, as described in our Privacy Policy. This includes data retained for legal compliance, billing documentation, audit support, and fraud prevention.
Request deletion of your information
You can request deletion of eligible information at any time. We'll comply to the extent required by law, subject to exceptions including legal compliance, billing or documentation needs, fraud prevention, legitimate business interests, and information that has already been de-identified.
Once data has been de-identified, it is no longer considered personal information, cannot be deleted, and may be used for analytics, operational modeling, and internal tool improvement.
To request deletion, contact l e g a l [d o t] n o t i c e [ a t ] a v e r y n c a r e [d o t] c o m.
Questions?
If anything on this page is unclear, ask. We'd rather answer directly than leave you guessing.