Privacy policy
Last Updated:
Introduction
This Privacy Policy explains what information Solafya collects from visitors to solafya.com and from people who contact us through our website. It does not cover how Solafya handles protected health information (PHI) on behalf of clinics that have signed a Business Associate Agreement (BAA) with us — that is governed separately by HIPAA and the BAA itself.
If you are a patient of a clinic that uses Solafya, please contact your clinic directly with questions about your patient records. Your information is your clinic's responsibility, not ours, under the BAA we have with them..
What We Collect
When you visit solafya.com, we collect two kinds of information:
Information you give us directly when you submit our pilot inquiry form: your work email, full name, role, clinic or organization name, US business address, and any message you choose to include.
Basic web analytics when you visit our pages: page views, referrer, approximate region, browser type, and visit time. We use this to understand traffic and improve the site.
What We Don't Do
Some things we want to be explicit about — what we don't do is as important as what we do.
We don't use cookies for tracking or advertising
We don't sell, rent, or trade your information to anyone,
We don't share your information with advertisers or marketing partners.
We don't collect payment information on this website.
We don't track you across other websites.
We don't use behavioral or interest-based targeting.
How we use what you share with us
When you submit our pilot inquiry form, we use the information to:
Respond to your inquiry
Schedule and conduct your pilot consultation
Keep records of our communications for our own reference
Track our outreach effectiveness internally
Who we share information with
We use a small number of trusted operational vendors. As of the date above, these are:
AWS — hosts our infrastructure (HIPAA-eligible, BAA in place)
HubSpot — our CRM, where pilot inquiries are stored
Amazon SES — sends confirmation emails
Patient information (PHI)
If your clinic has signed a BAA with Solafya, we handle your patients' protected health information under HIPAA. Our handling of PHI is governed by the Business Associate Agreement with your clinic, the HIPAA Security Rule, Privacy Rule, and Breach Notification Rule, and our internal security and access controls.
For our security architecture, see our Security & Compliance page. We never display, sell, or share PHI for marketing.
AI and your patient data
When Solafya's products use AI to surface insights or suggestions, that processing happens inside our HIPAA-aligned cloud environment under our BAA chain. Your patient data is never sent to ChatGPT or any other public AI service. Your patient data is never used to train AI models — ours or anyone else's
How we protect your information
Information you submit through our website is encrypted in transit and stored in HIPAA-eligible infrastructure. We restrict access to Solafya team members who need it to respond to your inquiry, and we log access for audit purposes.
Your rights
You can exercise the following rights regardless of where you live. We honor California Consumer Privacy Act (CCPA) requests and similar rights granted by other US state privacy laws.
See what we have on you — email us and we'll send you a summary within 30 days
Ask us to delete it — we'll delete your information unless we're legally required to retain it
Correct it — email us with the correction.
Opt out of contact — reply STOP, unsubscribe, or email us; we'll remove you from any further communications.
Data location
All of our infrastructure is hosted in the United States. We do not transfer your information internationally.
Children
Solafya is a business service for healthcare clinics. We do not knowingly collect information from people under 18 through this website. If you believe we've inadvertently received such information, please email privacy@solafya.com so we can remove it.
Changes to this policy
We may update this policy from time to time. When we do, we'll update the date at the top. For material changes that affect how we handle your information, we'll email pilot applicants directly..