Legal
Privacy Policy
Last updated: June 10, 2026
1. Who we are
Onvelas (“Onvelas,” “we,” “us”) provides a practice management platform for Applied Behavior Analysis (ABA) providers, covering scheduling, clinical documentation, billing, and revenue cycle management. This policy describes how we collect, use, and protect information on our website and platform.
2. Protected Health Information (PHI)
When customers use the Onvelas platform to manage patient care, Onvelas processes Protected Health Information as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). Our handling of PHI is governed by the Business Associate Agreement (BAA) executed with each customer — see our BAA page. We use PHI only as permitted by the BAA and applicable law, and we do not sell PHI or use it for advertising.
Please do not submit PHI through our public website forms (for example, the request-access form); those forms are intended for business contact information only.
3. Information we collect
- Account and contact information — name, work email, practice name, phone, and similar details you provide when requesting access or creating an account.
- Platform data — data customers enter into the platform in the course of operating their practice, processed on the customer’s behalf.
- Usage and device data — log data such as IP address, browser type, pages visited, and actions taken, used for security, troubleshooting, and product improvement.
4. How we use information
- To provide, maintain, and secure the Onvelas service.
- To respond to inquiries and provision workspaces.
- To send service communications (security notices, billing, support).
- To improve the product, using aggregated or de-identified data where possible.
- To comply with legal obligations, including HIPAA and applicable state law.
We do not sell your personal information.
5. Security
We maintain administrative, technical, and physical safeguards appropriate to the sensitivity of the information we process, including encryption in transit and at rest, role-based access controls, audit logging, and organization-level data isolation. No method of transmission or storage is completely secure; we encourage customers to use strong credentials and enable available security features.
6. Data retention & your choices
We retain account information for as long as your account is active or as needed to provide the service and meet legal obligations. Customers control the patient data in their workspace; retention and disposition of PHI follow the customer’s instructions and the BAA. You may request access to, correction of, or deletion of your personal information by contacting us.
7. Contact
Questions about this policy or our privacy practices: support@onvelas.com.