V
VentoFlo

Privacy Policy

Last updated: March 18, 2026

1. Information We Collect

VentoFlo collects information necessary to provide Adult Family Home management services, including:

  • Account information: name, email address, phone number, and role
  • Facility information: facility name, address, license numbers, and settings
  • Resident information: demographics, medical records, medications, care plans, and related health data entered by authorized staff
  • Usage data: login times, feature usage, and device information for security and support

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the VentoFlo platform
  • Send medication reminders, compliance alerts, and operational notifications
  • Generate reports required for regulatory compliance (state licensing inspections and applicable regulations — WAC 388-76, OAR 411-050, IDAPA 16.03.22, 172 NAC 4)
  • Improve our services and develop new features
  • Respond to support requests

3. HIPAA Compliance

VentoFlo is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA). All protected health information (PHI) is encrypted at rest and in transit. We maintain administrative, physical, and technical safeguards as required by HIPAA. We will enter into a Business Associate Agreement (BAA) with each facility as required.

4. Data Security

  • All data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Infrastructure hosted on AWS with SOC 2 certified data centers
  • Role-based access controls enforce least-privilege access
  • Audit logs track all data access and modifications
  • Regular security assessments and monitoring

5. Data Sharing

We do not sell, rent, or share personal or health information with third parties for marketing purposes. Information may be shared only:

  • With authorized facility staff as configured by the facility administrator
  • With family members through the Family Portal, as permitted by the facility
  • As required by law or valid legal process
  • With service providers who assist in operating our platform (under strict data processing agreements)

6. Data Retention

We retain facility and resident data for as long as your account is active or as needed to comply with applicable state record retention requirements (WAC 388-76 in Washington, OAR 411-050 in Oregon, IDAPA 16.03.22 in Idaho, 172 NAC 4 in Nebraska). Upon account termination, data can be exported and will be securely deleted within 90 days upon request.

7. Your Rights

You have the right to:

  • Access your data at any time through the platform
  • Request data export in standard formats
  • Request deletion of your account and associated data
  • Receive notification of any data breach affecting your information

8. Contact

For privacy-related questions or requests, contact us at info@ventoflo.com or call +1 (402) 889-2966.