1. Who We Are

Genbu Health ("Company," "we," "us," or "our") is a healthcare technology company incorporated in California. We provide an AI-powered patient outreach platform to health plans, provider groups, and other healthcare organizations. Our principal place of business is in California.

For questions about this Privacy Policy, contact us at privacy@genbuhealth.com.

2. Information We Collect

From website visitors (genbuhealth.com):

• Information you voluntarily provide when contacting us by email (name, email address, company name, message content)
• Standard web server logs (IP address, browser type, pages visited, referral URL) retained for security purposes
• No advertising cookies, behavioral tracking, or third-party analytics are used on this website

From business customers and their authorized users:

• Account registration information (name, business email address, organization name, job title)
• Usage data related to platform activity (login times, features used, dashboard interactions)
• Communications with our support team

Protected Health Information (PHI): Our platform processes PHI on behalf of our healthcare customers under the terms of a Business Associate Agreement (BAA). PHI is governed by our HIPAA Policy and applicable federal and state law — not by this general Privacy Policy. See our HIPAA Policy for details.

3. How We Use Your Information

• To respond to your inquiries and provide customer support
• To provide and improve our platform and services
• To send service-related communications (account notices, security alerts, policy updates)
• To comply with legal obligations and protect our legal rights
• To detect and prevent fraud, abuse, and security incidents

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We do not use your information for advertising or behavioral profiling.

4. Legal Basis for Processing (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information.

Your California privacy rights include:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions
• Right to Correct: You may request correction of inaccurate personal information
• Right to Opt-Out: We do not sell or share your personal information. If this ever changes, you will have the right to opt out
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights

To exercise these rights, contact us at privacy@genbuhealth.com. We will respond within 45 days as required by law.

5. Cookies and Tracking Technologies

This website (genbuhealth.com) uses only essential technical cookies necessary for basic website operation. We do not use advertising cookies, cross-site tracking cookies, or behavioral analytics cookies.

We use Google Fonts, a service provided by Google LLC, to display typography. When your browser loads our website, it may make a request to Google's servers to load font files. Google's privacy policy governs any data collected in this process. You can learn more at policies.google.com/privacy.

Do Not Sell or Share My Personal Information: We do not sell or share your personal information as defined under the CCPA/CPRA. No opt-out mechanism is required at this time because no such selling or sharing occurs.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. Website inquiry data is retained for up to 3 years. Account and platform data is retained for the duration of the customer relationship plus 7 years as required for healthcare regulatory compliance.

7. Data Security

We implement administrative, physical, and technical safeguards appropriate to the sensitivity of the information we process. Our platform uses AES-256 encryption for data at rest and TLS 1.3 for data in transit. Access to personal information is restricted to authorized personnel on a need-to-know basis. We maintain detailed audit logs of all data access events.

8. Third-Party Service Providers

We use third-party service providers who may process personal information on our behalf as data processors. All processors are bound by data processing agreements requiring them to process data only on our instructions and to maintain appropriate security measures. Key categories of processors include:

• Cloud infrastructure and hosting providers
• Speech recognition and voice synthesis services (under HIPAA BAA where applicable)
• AI language model providers (under HIPAA BAA where applicable)
• Telephony infrastructure providers

9. Children's Privacy

Our platform and website are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@genbuhealth.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website or platform after changes are posted constitutes acceptance of the updated policy.

11. Contact Us