Privacy Policy
How Senvvo collects, uses, and protects information
Last updated: March 2026
Senvvo ("we," "our," or "us") operates the Senvvo platform at app.senvvo.care. This policy explains what data we collect, why, and how long we keep it.
01
What we collect
For practices (authenticated users)
- Name and email address (account creation)
- Practice name, phone, website
- Stripe billing information — handled by Stripe; we store only subscription status
- Knowledge base content you create
- Screener configuration you set up
For families (public screener and chat)
- Screener answers — aggregated only, no names attached
- Email address — screener only, used to send results link
- Contact information voluntarily provided in contact requests (name, email, phone) — transmitted to the practice, not stored by Senvvo long-term
- Priority list contact information (phone or email) — stored only until appointment is scheduled, then deleted automatically
02
What we never store
Never stored by Senvvo
- Chat message content — conversations are never saved to our database
- IP addresses — stripped by our middleware before reaching any API route
- Dates of birth — converted to age ranges during import, originals discarded
- Diagnostic information — screener answers are aggregated and de-identified
- Free-text notes — no open-ended fields that could contain PHI
- Child names — not collected at any point
- Insurance member IDs or policy numbers
- Social security numbers or government IDs
03
How data is used
- Screener answers → generate aggregated developmental domain scores
- Practice email (screener) → send results link one time
- Contact requests → notify practice so they can follow up
- Priority list contact info → shared with practice when a slot opens, then deleted
- Billing information → managed entirely by Stripe
04
Email communications
Senvvo sends these transactional emails only:
| Email | Recipient | Contains |
|---|
| Screener results | Parent / family | Results link only |
| New screener notification | Practice | Aggregated scores + family contact info |
| Contact request notification | Practice | Topic + family contact info |
| Slot opening notification | Practice | Family identity (color/emoji/label) + contact info if stored |
| Review request | Family | Practice name + response links |
| Account emails | Practice | Password reset, invite, billing |
All emails are sent via AWS SES (us-east-1). Senvvo does not send marketing emails.
05
Priority list and capacity intelligence
How families are identified
Families on the priority list are identified by an auto-generated color and emoji identity (e.g. 🌊 Ocean family), a smart label from non-identifying attributes (e.g. Speech · 3–4y · Private Pay), and an optional practice-defined reference (e.g. "Twin boys", "Chart #821").
Contact information handling
- Optional — only collected when families join via the public priority list form
- Stored separately from identity and clinical data
- Never displayed in the dashboard UI
- Included in slot opening emails to the practice only
- Automatically deleted when the family is scheduled or removed from the priority list
CSV import
During CSV import, Senvvo automatically detects and skips columns containing names and addresses. Phone and email columns can optionally be mapped to contact fields. Dates of birth are converted to age ranges and the original dates are discarded.
06
Data retention
| Data type | Retention |
|---|
| Screener results | Until practice deletes account |
| Family email (screener) | Until screener result expires (48 hours) |
| Contact request records | Until practice deletes account |
| Priority list contact info | Until family is scheduled or removed |
| Chat events | 30 days (aggregated counts only) |
| Anthropic API (chat AI) | 7 days maximum per Anthropic policy |
| Stripe billing data | Per Stripe's retention policy |
| Practice account data | Until account is deleted |
07
Your rights
Families can request
- Deletion of any screener results associated with their email
- Confirmation of what data is stored
- Correction of inaccurate information
Contact: privacy@senvvo.care
Practices can
- Export their data at any time
- Delete their account and all associated data from the Profile page
- Request complete data deletion by contacting support
08
Security measures
- ✓All data encrypted in transit (TLS 1.2+) and at rest (AES-256 via Supabase)
- ✓IP addresses stripped before reaching API routes
- ✓Row-level security on all database tables
- ✓Authentication via Supabase Auth (bcrypt password hashing)
- ✓Clinical language filter on all chat messages
- ✓No free-text fields that could capture unintended PHI
- ✓AWS SES for email delivery (SOC 2 Type II certified)
- ✓Stripe for payment processing (PCI DSS Level 1 certified)
- ✓Anthropic API with 7-day maximum retention
09
Contact
Senvvo is operated by [your legal entity name]. Last updated: March 2026.