← Back to Plerous

Privacy Policy

Last updated: June 4, 2026

1. Who We Are

Plerous (“we”, “us”, “our”) is a healthcare technology company operating at plerous.com and providing closed-loop referral infrastructure for independent medical practices. Our contact email is hello@plerous.com.

2. HIPAA Compliance

Plerous is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA). We act as a Business Associate to our covered-entity customers. Protected Health Information (PHI) is:

  • Encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Accessed only by authorized personnel and systems
  • Never sold, shared with advertisers, or used for marketing
  • Subject to a Business Associate Agreement (BAA) with each customer

3. Information We Collect

Account Information

Name, email address, organization name, NPI number, and billing information when you register.

Clinical Information (PHI)

Patient demographics, insurance information, diagnosis codes, referral details, and prior authorization data submitted by authorized users. This data is processed solely to provide our services.

Usage Data

Log data, IP addresses, browser type, and platform analytics to improve the service. No PHI is included in usage analytics.

4. How We Use Your Information

  • To provide, operate, and improve the Plerous platform
  • To process prior authorization submissions to payers on your behalf
  • To send service notifications (SLA alerts, auth status updates)
  • To comply with legal and regulatory obligations

We do not use PHI for AI model training without explicit written consent.

5. Data Sharing

We share data only as necessary to provide our services:

  • Payers and clearinghouses — to submit prior authorizations (UHC, Aetna, BCBS, etc.)
  • Infrastructure providers — Supabase (database), Upstash (cache), Anthropic (AI processing) under BAAs where applicable
  • Law enforcement — only when required by valid legal process

We never sell personal data or PHI to third parties.

6. Data Retention

We retain PHI for the minimum period required by applicable law (typically 6 years under HIPAA). Account data is deleted within 30 days of account closure upon request. Audit logs are retained for 7 years to meet HIPAA requirements.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal information. To exercise these rights, email hello@plerous.com.

8. Security

We implement administrative, physical, and technical safeguards including encryption at rest and in transit, role-based access control, MFA, SHA-256 tamper-evident audit logs, and regular security reviews.

9. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email to account holders at least 30 days before taking effect.

10. Contact

For privacy questions or to exercise your rights:
hello@plerous.com
Plerous · 1hubsolutions, LLC