Effective Date: January 1, 2025

Last Updated: January 1, 2025

1. Introduction

VBC Risk Analytics, LLC ("VBC Risk Analytics," "we," "us," or "our"), a Delaware limited liability company, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.vbcriskanalytics.com (the "Website").

Scope: This Privacy Policy applies solely to information collected through this Website, which is designed to showcase our healthcare analytics solutions, enable you to schedule product demonstrations, and contact us for inquiries. This policy does not govern the collection or processing of data through our Precise Health Risk Compass platform or related services, which are subject to separate agreements including Master Service Agreements (MSA), Statements of Work (SOW), and Business Associate Agreements (BAA) as applicable.

By accessing or using this Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use this Website.

2. Information We Collect

No Account Required: This Website does not require you to create an account. You can browse all content, learn about our solutions, and access resources without registration.

2.1 Information You Provide Through the Website

We collect information that you voluntarily provide when you contact us or schedule a demo:

  • Contact Form Submissions: First name, last name, email address, phone number, company name, subject of inquiry, product interest, and message content. This information is used to respond to your inquiry and reach back to you.
  • Demo Scheduling (Calendly): Contact details and scheduling preferences collected through our integrated Calendly scheduling system. This information helps us prepare for your scheduled call and understand your interests.
  • Communication Records: Records of correspondence when you contact us via email or other channels for sales, support, or partnership inquiries.

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain information through server logs and analytics tools:

  • Log Data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and time spent on pages
  • Device Information: Device type, screen resolution, and unique device identifiers
  • Usage Data: Click patterns, scroll depth, form interactions, and navigation paths

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for website functionality, including session management and security
  • Analytics Cookies: Help us understand how visitors interact with our website through Google Tag Manager and Google Analytics
  • Preference Cookies: Remember your settings and preferences for future visits

You can control cookies through your browser settings. Disabling certain cookies may limit your ability to use some features of our website.

2.4 Third-Party Services

We use the following third-party services that may collect information:

  • Google Tag Manager (GTM): For managing website analytics and tracking scripts
  • Google Analytics: For website traffic analysis and user behavior insights
  • Calendly: For scheduling demo appointments (subject to Calendly's privacy policy)

3. How We Use Your Information

We use information collected through this Website for the following purposes:

  • Responding to Inquiries: To respond to your contact form submissions and reach back to you regarding your questions or interests
  • Demo Preparation: To prepare for scheduled demo calls and understand your organization's needs and interests
  • Communication: To follow up on inquiries and provide information about our solutions
  • Marketing: To send you information about our products and services (with your consent where required)
  • Analytics: To analyze website usage patterns and improve user experience
  • Security: To detect, prevent, and address technical issues and security threats
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist us in operating our website and services, subject to confidentiality obligations
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, where your information may be transferred as a business asset
  • Legal Requirements: When required by law, subpoena, or other legal process, or to protect our rights, privacy, safety, or property
  • Consent: With your explicit consent for any other purpose

5. Data Collection for Platform Services (Outside This Website)

When you engage VBC Risk Analytics for platform services beyond this Website, we collect additional information through email or other communication channels (not through this Website):

5.1 API Proof of Concept (POC) Access

Following a product demonstration, we may provide API proof of concept access subject to execution of appropriate agreements:

  • Required Agreements: Non-Disclosure Agreement (NDA) and Business Associate Agreement (BAA) must be executed before API POC access is granted
  • Information Collected: Basic customer organization details and contact person information, collected via email or other direct communication (not through this Website)
  • API Key Provisioning: API keys for trial and production use are provisioned in conjunction with applicable MSA, BAA, SOW, and NDA agreements

5.2 Platform Implementation Services

For platform implementations (customer on-premises, customer data center, or VBC SaaS on AWS), we collect:

  • Organization Details: Company name, address, and business information necessary to provide services
  • Contact Person Information: Name, title, email, and phone number of authorized contacts
  • Technical Information: As required for implementation and support

This information is collected via email or direct communication, governed by the applicable MSA, SOW, and BAA.

6. Healthcare Data and HIPAA Compliance

Website Data: This Website is designed for informational purposes, demo scheduling, and contact inquiries only. The information collected through this Website (contact forms, demo requests, general inquiries) is not Protected Health Information (PHI) and does not require HIPAA protections.

Platform Services: If you engage VBC Risk Analytics for healthcare analytics services through our Precise Health Risk Compass platform (whether deployed as VBC SaaS on AWS, customer on-premises, or customer cloud/data center), the handling of PHI will be governed by:

  • Business Associate Agreement (BAA): Required for all engagements involving PHI, executed prior to any PHI processing
  • Non-Disclosure Agreement (NDA): Required for API POC access and confidential information exchange
  • Master Service Agreement (MSA): Governing overall service terms and conditions
  • Statement of Work (SOW): Defining implementation scope, deliverables, and service levels

VBC Risk Analytics maintains HIPAA-compliant infrastructure and practices, including:

  • Administrative, physical, and technical safeguards to protect PHI
  • ISO 27001 certification for information security management
  • Regular security assessments and employee training
  • Documented incident response procedures

7. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: 256-bit SSL/TLS encryption for data in transit
  • Access Controls: Role-based access controls and authentication requirements
  • Infrastructure: Secure cloud infrastructure with regular security audits
  • Monitoring: Continuous monitoring for security threats and anomalies
  • Incident Response: Documented incident response procedures

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary based on:

  • The nature of the information and purpose of collection
  • Legal and regulatory requirements
  • Contractual obligations
  • Business necessity for record-keeping

When information is no longer needed, we securely delete or anonymize it.

9. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal requirements
  • Opt-Out: Unsubscribe from marketing communications at any time
  • Data Portability: Request your data in a structured, machine-readable format

To exercise these rights, please contact us at contact@vbcriskanalytics.com. We will respond to your request within the timeframe required by applicable law.

10. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by businesses
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

To submit a verifiable consumer request, contact us using the information provided below.

11. Children's Privacy

This Website is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

12. International Data Transfers

This Website is operated in the United States. If you are accessing this Website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using this Website, you consent to this transfer.

13. Third-Party Links

This Website may contain links to third-party websites or services that are not operated by us, including Calendly for demo scheduling and social media platforms. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on this page with a new "Last Updated" date. Your continued use of this Website after any changes indicates your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

VBC Risk Analytics, LLC

2844 Livernois Road, Suite 99553
Troy, MI 48099
United States

Email: contact@vbcriskanalytics.com

Phone: +1-248-247-6102