Privacy Policy — AgudApp

1. INTRODUCTION

AgudApp, LLC operates the AgudApp platform, a SaaS solution for health insurance agencies. This Privacy Policy describes how we collect, use, disclose, and protect information, including PHI. We comply with HIPAA, HITECH, and the Florida Information Protection Act (FIPA, F.S. § 501.171).

2. INFORMATION WE COLLECT

2.1 From Tenants and Users

  • Account Data: Business name, contact info, NPN, agency identifiers.
  • Credentials: Usernames, hashed passwords (bcrypt), encrypted 2FA secrets.
  • PHI: Customer demographics, insurance data, SSNs, DOBs, medical indicators, application data.
  • Documents: Uploaded IDs, applications, supporting files, electronically signed documents.
  • Electronic Signatures: Canvas signature images, signing metadata (timestamps, IP addresses, identity verification data), and document hashes.
  • Communications: Notes, tasks, internal messages.

2.2 Automatically Collected

  • Access Logs: IPs, browser, OS, timestamps, pages, actions.
  • Session Data: Session IDs, login/logout times, duration.
  • PHI Access Logs: User, timestamp, IP, action per PHI record.
  • Signature Audit Trails: Complete chronological record of document creation, link distribution, identity verification, viewing, and signing events.

2.3 What We Do NOT Collect

No advertising cookies. No biometric data. No data broker purchases.

3. HOW WE USE INFORMATION

Solely for: providing the Platform; authentication and access control; data processing as directed by Tenant; audit logging; system notifications; security; facilitating electronic signatures and document management; legal compliance.

WE DO NOT USE CUSTOMER DATA OR PHI FOR MARKETING, ADVERTISING, OR ANY PURPOSE BEYOND PLATFORM SERVICES.

4. HOW WE SHARE INFORMATION

WE DO NOT SELL, RENT, OR TRADE DATA.

Limited disclosures only: service providers bound by BAAs; legal requirements; business transfers (with same protections); with Tenant consent.

5. DATA SECURITY

AES-256-GCM encryption at rest (envelope encryption, per-tenant keys); TLS 1.2+ in transit; RBAC; 2FA available for all accounts (configurable as mandatory by Tenant Administrator); isolated tenant databases; bcrypt password hashing per industry-standard policies; immutable audit trails; U.S.-only servers; incident response plan.

6. DATA RETENTION

During Subscription Term + 30-day export. Destruction per HIPAA/NIST SP 800-88. PHI audit logs retained minimum six (6) years. Electronically signed documents retained minimum six (6) years or as required by applicable law.

7. YOUR RIGHTS

HIPAA rights: contact your Tenant (Covered Entity). State privacy rights: contact privacy@agudapp.com. Right to file HHS/OCR complaint; no retaliation.

8. CHILDREN

Not directed at individuals under 18 except as dependents processed by Tenants.

9. CHANGES

30 days’ notice for material changes.

10. CONTACT

AgudApp, LLC
Privacy Officer: Andrey Olivar
8975 SW 17th Ct, Miramar, Florida 33025
privacy@agudapp.com

Version: v1.0  |  Last updated: April 10, 2026
Terms of Service Privacy Policy Cookie Policy