VIVID VAULT HEALTH SOLUTIONS, LLC PRIVACY POLICY
Last updated on October 29th, 2025.
This Privacy Policy describes the information collection, use, retention and sharing practices of Vivid Vault Health Solutions, LLC, a Colorado limited liability company, and its affiliates and subsidiaries (“Vivid Vault”, “we”, “our”, or “us”) when you interact with us through our the Vivid Vault Mobile Application or Vivid Vault Patient Portal (collectively, “Vivid Vault Products”), or through our website or telephone.
IMPORTANT NOTE: This Privacy Policy applies to personal information that you provide to us for in connection with your use of Vivid Vault Products that is (“Protected Health Information” or “PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996, as amended, and implementing regulations (“HIPAA”) and our HIPAA Notice of Privacy Practices (“HIPAA Notice”), as well as to personal information that is not PHI. Our HIPAA Notice describes how we can use and disclose your PHI and your rights with respect to your PHI. If there is a conflict between this Privacy Policy and the HIPAA Notice, the HIPAA Notice will apply. The HIPAA Notice does not apply to information that is not PHI.
PERSONAL INFORMATION WE COLLECT, WHY AND FOR HOW LONG
We collect personal information, which is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you. We collect personal information as described below from a variety of sources in a variety of ways, including when you:
Contact us. When you contact us through our website or other platforms, we collect, from you, your personal identifiers (name, email address, telephone number) and any information you choose to provide. We use this personal information to respond to your questions or inquiries, troubleshoot where necessary, and address any issues you have with the Services.
Call us. When you call us, we collect, from you, your personal identifiers (name, email address, telephone number) and any information you choose to provide. We use this personal information to respond to your questions or inquiries, troubleshoot where necessary, communicate with you, and address any issues you may have.
Create a User Account.
o User Account. To access or use Vivid Vault Products, users must register.
o User Registration. During registration, users will be asked to provide or confirm their name, date of birth, phone number, and email. This data will be used to provide the services under Vivid Vault Products.
Location Data. Through Vivid Vault Products, if you allow it, we also gather data on the mobile device used to access the Vivid Vault services.
Interact with us on social media. When you interact with our social media page on social networking websites, such as Facebook, Twitter, and LinkedIn (each a “Social Media Page”) (collectively “Social Media Pages”), we collect basic engagement metrics and use it to tailor content and marketing and use it to improve user experience as set forth in this section. Please note that we do not control the use or storage of the information that you have posted to any social networking websites, including Higher Logic. This information is
collected and processed by the social networking websites for their own purposes, including marketing. For more information on how Facebook, Twitter, LinkedIn, and/or Higher Logic use your personal information, please
see Facebook’s Privacy Policy, Twitter’s Privacy Policy, LinkedIn’s Privacy Policy, and/or Higher Logic’s Privacy Policy.
Vivid Vault will use the personal information we collect as described in this section to provide the Vivid Vault Products, to monitor the performance of the software, to provide recommendations on other Vivid Vault services, to comply with the law, to efficiently maintain our business, and for other limited circumstances as described inn. Please note that we do not control the use or storage of the information that you have posted to any social networking websites, including Higher Logic. This information is collected and processed by the social networking websites for their own purposes, including marketing. For more information on how Facebook, Twitter, LinkedIn, and/or Higher Logic use your personal information, please see Facebook’s Privacy Policy, Twitter’s Privacy Policy, LinkedIn’s Privacy Policy, and/or Higher Logic’s Privacy Policy. Vivid Vault will use the personal information we collect as described in this section
to provide the Vivid Vault Products, to monitor the performance of the software, to provide recommendations on other Vivid Vault services, to comply with the law, to efficiently maintain our business, and for other limited circumstances as described in
HOW AND WHEN WE REMOVE YOUR PERSONAL INFORMATION
This Section applies to users in the United States and to individuals in the European Economic Area (EEA), the United Kingdom, and Switzerland and describes how we honor requests under the EU/EEA GDPR and UK GDPR.
▪ Right to Erasure (Right to be Forgotten). You may request that we delete your personal data at any time by submitting a written request to together@vividvaulthealth.org or via vividvaulthealth.org or by mail at: 1200 Pearl St. Suite 314 PMV 7897 Boulder, CO 80302. We will respond without undue delay and in any event within one month of receiving your request. Where necessary due to request complexity or volume, we may extend this period by up to two further months and will notify you of the extension and reasons.
▪ Verification and Authorized Agents. We may need to verify your identity and request additional information to process your request. If an authorized agent submits the request, we may require proof of authorization and verification of your identity.
▪ Our Deletion Process. Once we confirm your request, we will delete your personal data from our active systems and instruct our service providers/processors to do the same, where applicable. Residual copies may remain in encrypted backups for a limited period consistent with our backup retention and disaster recovery practices; such copies are segregated from routine business use and will be purged in the ordinary course of the backup lifecycle.
▪ Legal Grounds to Decline or Limit Deletion. We may refuse or limit deletion where processing is necessary for:
o Compliance with a legal obligation (e.g., tax, accounting, regulatory, product safety, or other record-keeping laws);
o Establishment, exercise, or defense of legal claims;
o Exercising the right of freedom of expression and information;
o Public interest in the area of public health, archiving in the public interest, or scientific/historical research or statistical purposes, where deletion would seriously impair the objectives of that processing. Where we retain data for these reasons, we will restrict processing to the minimum necessary and keep it only for as long as required.
▪ No Indefinite Retention. We do not keep personal data indefinitely. We retain personal data only for as long as necessary to provide the services, for legitimate business purposes, to comply with legal obligations, or to resolve disputes and enforce our agreements. When data is no longer needed for these purposes, we delete or irreversibly anonymize it.
▪ Account Termination and 30-Day Deletion. If you close your account, or we terminate it in accordance with our terms, we will delete your personal data from our active systems within 30 days of the termination date, subject to the legal grounds listed above. We may retain de-identified or aggregated information that
does not identify you. If you reactivate your account within that 30-day period, limited restoration may be possible
▪ Appeals and Complaints. If you are not satisfied with our response, you may lodge a complaint with your local supervisory authority. Contact details for EEA authorities are available at https://edpb.europa.eu/about-edpb/about-edpb/members_en, and the UK Information Commissioner’s Office is at https://ico.org.uk. You may also contact our Data Protection Officer at together@vividvaulthealth.org or 1200 Pearl St., Suite 314 PMB 7897 Boulder, CO 80302.
HOW WE SHARE YOUR PERSONAL INFORMATION.
We retain personal information for as long as is necessary for the processing purposes for which the information was collected. We also retain personal information for purposes of compliance with our legal obligations, exercising or defending legal claims, and meeting our safety and security commitments
Vivid Vault shares personal information in the following instances:
o In the event of a corporate reorganization. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, assets orstock, we would share personal information with the successor entity for the purpose of continuing our business operations.
o For legal purposes. We share your personal information where we are legally required to do so, such as in response to court orders, governmental/regulatory bodies, law enforcement or legal process, including for national security purposes. We may share your information with our legal advisors or auditors to establish, protect, or exercise our legal rights or as required to enforce our terms of service or other contracts or to defend against legal claims or demands. We also share this information with third
parties as necessary to: detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person; to comply with the requirements of any applicable law; or to comply with our legal obligations.
o With service providers. We disclose your personal information with service providers that assist us in providing Vivid Vault Products. These service providers assist us with the following: information technology (“IT”) support; website hosting; data analysis; customer service; email delivery; text messaging; auditing; analytics services; and similar services
o With your consent. Apart from the reasons identified above, we may request your permission to share your personal information for a specific purpose. We will notify you and request consent before you provide the personal information or before the personal information you have already provided is shared for such purpose.
o With third party companies. We will never sell your data to any third party even if you request that it be sold.
YOUR INFORMATION CHOICES
You have the following choices with respect to your personal information:
▪ Correct or View Your Information. You may email us at
together@vividvaulthealth.org to request that we correct or to view certain personal information of yours in our possession.
▪ Revoke Your Consent. You may revoke your consent to our sharing of your information at any time and may do so by contacting us via email at together@vividvaulthealth.org.
DO NOT TRACK
We do not respond to Do Not Track requests sent to us directly. Do Not Track is a preference you can set in your web browser to inform websites and mobile applications that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser
INFORMATION SECURITY
We implement appropriate technical and organizational security measures, such as access controls and encryption (at rest and in transit), to protect the personal information that we collect and maintain from unauthorized access, destruction, use, modification, or disclosure. However, no security measure or modality of data
transmission is 100% secure, and we are unable to guarantee the absolute security of the personal information we have collected from you
CHILDREN’S PRIVACY
Vivid Vault and all related Vivid Vault services are not intended for individuals under the age of eighteen (18) years without adult supervision
PROXY CAREGIVER ACCESS
Individuals wanting to give proxy caregiver access are required to email together@vividvaulthealth.org and/or check giving permission on the app proxy access to give the proxy access to their medical information in a download encrypted pdf. If either of these items are not provided to Vivid Vault, the proxy caregiver will not be provided this feature.
CHANGES TO THIS PRIVACY STATEMENT
We may amend this Privacy Statement in our sole discretion at any time. If we do, we will post the changes and will indicate the date the changes go into effect. We encourage you to review our Privacy Statement to stay informed. If we make changes that materially affect your privacy rights, we will notify you by prominent posting on the website and/or via email, and obtain your consent, if required.
CONTACT US
If you have any questions or concerns regarding this Privacy Statement, please contact us via email at together@vividvaulthealth.org