This Privacy Policy explains how Salus Exams, Inc. ("Salus," "we," "our," or "us") collects, uses, shares, and protects personal information in connection with our website and platform.
Salus Exams operates a software platform that streamlines the operational layer of medical evidence collection for life insurance underwriting. Our customers are typically life insurance carriers, paramedical firms, and financial advisors. This Privacy Policy applies to:
This Policy does not apply to information that our customers independently collect, control, or process outside of the Salus platform. When Salus processes Protected Health Information ("PHI") on behalf of a HIPAA Covered Entity or Business Associate customer, we do so as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and pursuant to a Business Associate Agreement ("BAA") with that customer. In those cases, the customer's own privacy notice and instructions, together with our BAA obligations, govern our use and disclosure of that PHI.
We collect personal information you provide directly when you:
When you visit our Site or use the platform, we and our service providers may automatically collect:
In the course of providing the platform, we receive personal information about applicants for insurance, insureds, and others from our customers and from third parties acting on our customers' behalf (for example, paramedical firms, laboratories, and physicians' offices submitting evidence). This information may include sensitive categories such as PHI, and is processed under the terms of our customer agreements and BAAs.
Where applicable, "Sensitive Personal Information" under state privacy laws may include health information, government identifiers, precise geolocation, and similar categories. We process Sensitive Personal Information only as needed to provide the platform, as directed by our customers, or as permitted or required by law.
We use personal information for the following purposes:
We share personal information in the following ways:
We do not "sell" personal information for money, and we do not share personal information for cross-context behavioral advertising, in each case as those terms are defined under applicable state privacy laws.
We and our service providers use cookies, pixels, local storage, and similar technologies on our Site and platform for purposes including session management, security, preference storage, analytics, and limited marketing measurement. You may control cookies through your browser settings and, where required, through cookie-management tools on our Site. Disabling certain cookies may affect platform functionality.
We do not currently respond to "Do Not Track" browser signals. Where required by state law, we honor recognized opt-out preference signals such as the Global Privacy Control (GPC) for purposes of opt-out rights described in Section 8.
We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, and disclosure. These include encryption of data in transit and at rest, role-based access controls, audit logging, and periodic security testing. Our security program is designed to meet the standards expected of platforms handling PHI under HIPAA and the financial-services data protected by the Gramm-Leach-Bliley Act ("GLBA") and its implementing safeguards rules. No system can be guaranteed fully secure; we encourage Authorized Users to safeguard their account credentials and to notify us promptly of suspected unauthorized access.
We retain personal information for as long as needed to provide the platform, to comply with our legal and contractual obligations, to resolve disputes, and to enforce our agreements. Retention periods for customer-provided data, including PHI, are governed primarily by our customer agreements and BAAs. When personal information is no longer required for these purposes, we delete or de-identify it consistent with our policies and applicable law.
When personal information constitutes PHI processed by Salus on behalf of a Covered Entity or Business Associate customer, your rights with respect to that PHI — including rights of access, amendment, accounting of disclosures, and restriction — generally arise under HIPAA and are exercised through the Covered Entity that holds the relationship with you. Please direct HIPAA-related requests to that Covered Entity. Salus will support our customers in responding to those requests as required by HIPAA and our BAAs.
Depending on your state of residence, you may have specific rights under state privacy law. We honor these rights as required by applicable law for information we process as a controller. Rights may include:
These rights and their precise scope vary by jurisdiction. They are provided, where applicable, under laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"); the Virginia Consumer Data Protection Act ("VCDPA"); the Colorado Privacy Act ("CPA"); the Connecticut Data Privacy Act ("CTDPA"); the Utah Consumer Privacy Act ("UCPA"); the Texas Data Privacy and Security Act ("TDPSA"); and similar laws in other states as they take effect.
To submit a request, contact us using the information in Section 11 below. We will verify your identity in a manner appropriate to the sensitivity of the request and the data involved. You may use an authorized agent to submit requests on your behalf, subject to verification of the agent's authority. If we decline a request in whole or in part, we will explain why and how you may appeal where appeals are required by applicable law.
Where Salus processes personal information as a service provider, processor, or Business Associate on behalf of a customer, we will refer your request to that customer and assist them in responding as required by law and our agreements with them.
To the extent we receive nonpublic personal information of consumers of a financial institution within the meaning of the Gramm-Leach-Bliley Act, we use and protect that information consistent with our obligations under GLBA, its implementing regulations, and our agreements with the financial institutions providing that information.
Our Site and platform are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act ("COPPA"). If you believe we have collected personal information from a child under 13, please contact us using the information in Section 11 and we will take appropriate steps to delete that information.
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date above and, where required by law or otherwise appropriate, provide additional notice (for example, by email or by posting a notice on the Site). Your continued use of the Site or platform after the effective date of an updated Policy constitutes your acceptance of the updated Policy.
Questions about this Policy or our privacy practices may be directed to:
Salus Exams, Inc.
Attn: Privacy
[Street Address]
[City, State ZIP]
Email: privacy@salusexams.com
The information in this Privacy Policy is provided as a template and does not constitute legal advice. Consult qualified counsel before publishing or relying on this policy in any business or regulatory context.
