Privacy Policy
This Privacy Policy describes how Sova Chat Corp and its subsidiaries (collectively, “Sova Chat,” “we,” “us,” or “our”) collect, use, retain, and disclose personal information about you when you use our websites, our Sova Chat mobile and desktop applications (each an “App”), our API, and related services that link to this Policy (collectively, the “Platform” or the “Services”).
This Policy applies to:
- Customers — organizations or individuals (for example, healthcare organizations, pharmacies, providers, or their representatives) that hold an account or agreement with Sova Chat to use the Platform;
- Authorized Users — individuals who are authorized by a Customer to access and use the Platform, or who otherwise use the Platform; and
- other individuals who interact with Sova Chat or the Platform (“Interactions”).
Customers, Authorized Users, and other individuals are referred to as “you” or “your.”
Relationship to HIPAA and Business Associate Agreements. Where Sova Chat creates, receives, maintains, or transmits protected health information (“PHI”) on behalf of a Customer that is a HIPAA covered entity or business associate, that PHI is handled in accordance with the applicable Business Associate Agreement (“BAA”) and HIPAA, and not primarily under this Policy. In those circumstances, the Customer is responsible for providing any privacy notices required by HIPAA to the individuals whose information it transmits. This Policy describes how we handle the personal information we collect in operating the Platform (such as account, usage, and device information). To the extent of any conflict between this Policy and an executed BAA with respect to PHI, the BAA controls. We do not use PHI for advertising, and we do not sell PHI.
This Policy applies only to information we collect through the Platform, in communications between you and the Platform, and as otherwise described here. It does not apply to information collected by any third party (including third-party sites, apps, or content that may link to or be reachable from the Platform) that does not link to this Policy. Please review our Terms and Conditions, which also govern your use of the Platform.
By using the Platform or providing us your information, you agree to the practices described in this Policy. This Policy may change over time (see “Changes to This Policy”).
Accessibility. Alternative formats of this Policy are available to individuals with a disability. Please contact hi@sova.chat for assistance.
1. Scope and About This Policy.
This Policy governs personal information processed through the Platform as described above. It is intended to be read together with our Terms and Conditions and, where applicable, the master subscription agreement and BAA between Sova Chat and a Customer.
2. Children’s and Minors’ Data.
The Platform is intended for use by businesses and their authorized personnel and is not directed to, and we do not knowingly collect personal information from, children under the age of 13. If we learn we have collected personal information from a child under 13 without verified parental consent, we will delete it. If you believe a minor has provided us personal information, contact us at hi@sova.chat.
3. The Personal Information We Collect.
“Personal information” means information that identifies, relates to, describes, or could reasonably be linked with a particular individual or household. The categories we collect vary by your role.
Customers (e.g., organizations, providers)
- Account and contact information — name, business name, email, phone number, postal/physical address, job title, and profile photo.
- Commercial information — subscription and account records, account configuration and settings, and records of your use of the Services.
- Payment and financial information — payment card and bank account details and billing address.
- Internet/network activity — pages viewed, features used, links interacted with, IP address, browser type and plug-ins, operating system, and device data.
- Communications data — the content and metadata of your communications with us (for example, support requests, reviews, and feedback).
- Inferences — inferences we may draw from the above (for example, services you may be interested in).
Authorized Users (individuals)
- Identifiers — name, email, mobile number, profile photo, physical address, and (where the Customer or Applicable Law requires) role or credential information.
- Account and authentication information — username, access credentials, authentication and login data, and multi-factor authentication details, collected to verify your identity, secure your account, and prevent fraud.
- Usage and device information — features used, login times, IP address, device identifiers, app version, and similar technical data.
- Communications metadata — information necessary to route and deliver communications, such as sender, recipient, timestamps, and delivery status.
- Communications data — communications with us about the Platform.
- Inferences — for example, the features or services you may use.
Information contained in communications
Communications transmitted through the Platform may contain personal information or PHI about Customers’ patients or other individuals. We host, transmit, and store communications and message history as part of providing the Services. Where that information constitutes PHI handled on behalf of a Customer, we process it only as permitted by the applicable BAA and HIPAA and to provide the Services; we do not use it for our own purposes, for advertising, or to sell or share for cross-context behavioral advertising.
Everyone (collected automatically)
- Aggregated and de-identified data — statistics derived from personal information that do not identify you.
- Technical/usage data — clickstream data, pages and features viewed, response times, errors, session length, and interaction data (scrolling, clicks).
If we combine non-personal data with personal information so that it identifies you, we treat the combined data as personal information.
4. How We Collect Information.
- Directly from you — when you or your organization create or manage an account, configure or use the Services, communicate with us, or otherwise provide information.
- Automatically — through cookies, web beacons, embedded scripts, and similar technologies as you use the Platform (see Cookies and Tracking Technologies).
- From third parties — for example, a Customer may provide information about its Authorized Users; identity-verification, security, and analytics providers; payment processors; and public sources, consistent with this Policy.
5. Cookies and Tracking Technologies.
We and our service providers use technologies that automatically collect information when you use the Platform:
- Strictly necessary cookies — required for the Platform to function (login, forms, saving privacy preferences); always active.
- Functional cookies — remember preferences and enable enhanced features.
- Performance/analytics cookies — help us measure and improve the Platform; data is aggregated and pseudonymized.
We do not use cookies or other tracking technologies to deliver cross-context behavioral advertising, and we do not sell or share personal information for that purpose. Because the Platform is designed for healthcare and other regulated communications, we do not deploy third-party advertising or social-media tracking technologies that would disclose PHI or other Platform information to advertising partners. Note on sensitive personal information. We collect information that may be “sensitive” under applicable law, including account log-in credentials and the contents of communications. Where required by law, we collect and process sensitive information only with your consent, and use it only as reasonably necessary to provide the Services, ensure security and integrity, prevent fraud, and for other purposes permitted by law and, where applicable, the BAA. We do not use sensitive information to infer characteristics about you, and we do not use the contents of communications for advertising.
You can control cookies through your browser or our cookie preference center. Disabling some cookies may limit Platform features. Do Not Track: because there is no common standard, we do not currently respond to browser DNT signals; instead, use the controls described below. Global Privacy Control (GPC): where required by law, we will treat a GPC opt-out signal as a request to opt out of any sale/sharing and targeted advertising.
6. How We Use Your Information.
We use personal information to:
- Provide, operate, and maintain the Platform and the communications services you request, perform, or receive;
- Create, verify, and manage accounts, and verify identity, secure accounts, and prevent fraud;
- Transmit, route, and deliver communications, and maintain message history as configured;
- Process payments, invoicing, and account administration;
- Communicate with you, provide customer support, and respond to requests and feedback;
- Personalize and improve the Platform, including research, testing, analytics, and developing new features, using account, usage, technical, and de-identified or aggregated data rather than the contents of your communications (except as permitted by an applicable BAA);
- Send service and administrative messages, and — where you have not opted out and have provided any required consent — communications about the Platform;
- Detect, prevent, and investigate fraud, security incidents, and misuse;
- Enforce our agreements and protect the rights, safety, and property of Sova Chat, our users, and others; and
- Comply with law, legal process, and regulatory and reporting obligations.
We process personal information only for the purposes disclosed at collection or for compatible purposes, and we collect only what is reasonably necessary for those purposes. We do not use the contents of your communications or PHI for advertising, and we do not sell them. We do not use the contents of your communications or PHI to train machine learning or artificial intelligence models, except as necessary to provide the Services to you and as permitted by the applicable BAA and Applicable Law.
7. How We Disclose Your Information.
We may disclose aggregated or de-identified information without restriction. We may disclose personal information as follows:
- Between users to deliver communications — we transmit communications and related metadata between the Customers and Authorized Users who are party to them so that messages can be delivered and tracked.
- Service providers — vendors that help operate the Platform (hosting, identity verification, payments, analytics, anti-fraud, customer support, communications), bound by contract to use the data only for those purposes.
- Affiliates and investors — our parent, subsidiaries, and affiliates, and current/prospective investors during due diligence, subject to appropriate confidentiality protections.
- Business transfers — in connection with a merger, financing, acquisition, restructuring, or sale of assets, including in bankruptcy or liquidation.
- Legal and safety — to comply with law, court orders, subpoenas, and government/regulatory requests; to enforce our terms; and to protect rights, safety, property, and security, and to address fraud or security issues.
- With your consent or as otherwise disclosed at collection.
PHI. We disclose PHI only as permitted by the applicable BAA and HIPAA.
No sale or sharing for advertising. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We do not knowingly sell or share the personal information of consumers under 13.
8. Your Rights and Choices.
Marketing emails. Unsubscribe via the link in any marketing email; we will still send transactional and account messages.
Text messages. Opt out by replying STOP; standard rates may apply (see Text Messaging (SMS) below). Push notifications. Control these in your device settings.
Account information. Review and update certain account details by logging in. To request removal of content you posted, contact hi@sova.chat.
Authorized Users. If you are an Authorized User of a Customer, the Customer generally controls the personal information processed through its account. Please direct requests to access, correct, or delete that information to the relevant Customer; we will assist the Customer as required by Applicable Law and any applicable BAA.
State Privacy Rights
Depending on your state of residence, you may have the right to:
- Know / access the personal information we process about you and obtain a portable copy;
- Correct inaccurate personal information;
- Delete personal information, subject to legal exceptions;
- Opt out of the sale of personal information, sharing for cross-context behavioral advertising, targeted advertising, and certain profiling;
- Limit the use of sensitive personal information; and
- Appeal a denial of a request, and not be discriminated against for exercising your rights. The scope of these rights and available exceptions vary by state.
How to submit a request. Please email us at hi@sova.chat. We will ask you to provide your full name, state of residence, email, and the phone number on your account so we can verify and process your request. We verify identity by matching the data points you provide against our records (more data points for higher-risk requests), and may require a signed declaration. Authorized agents may submit requests with a valid power of attorney or signed authorization. To appeal, please email us at hi@sova.chat.
California residents. Additional disclosures apply; see our California Privacy Notice (CCPA/CPRA) addendum.
Nevada. Nevada residents may submit a request to opt out of certain sales to hi@sova.chat.
9. Text Messaging (SMS).
We use SMS/text messaging only for transactional purposes related to the Services — for example, account and identity verification, security alerts, and service notifications. We do not send marketing or promotional text messages.
Consent. By providing your mobile number to Sova Chat, you agree that we may send you transactional text messages at that number in connection with the Services. Message frequency varies based on your activity. Message and data rates may apply.
Opt out / help. You can opt out at any time by replying STOP; you may receive a confirmation message. Reply HELP for help, or contact us at hi@sova.chat. Opting out of transactional messages may affect certain features.
We do not share your mobile information or SMS consent. Mobile opt-in and consent information and phone numbers are not shared with third parties or affiliates for their marketing or promotional purposes. We share phone numbers with service providers (such as our SMS/messaging provider) only as needed to send these messages, and with other users solely to deliver communications as described above.
10. How We Protect Your Information.
We use commercially reasonable administrative, physical, and technical safeguards designed to protect personal information against loss and unauthorized access, use, alteration, and disclosure, including encryption and access controls. No system is completely secure, and email, text, and chat may not be secure; transmit information at your own risk. You are responsible for safeguarding your own account credentials.
11. How Long We Keep Your Information.
We retain personal information for as long as reasonably necessary to provide the Services, operate our business, comply with legal and contractual obligations, resolve disputes, and prevent fraud — generally for the duration of your relationship with us and for a period thereafter, subject to longer periods required by law. At the end of the retention period, we delete, destroy, or de-identify the information. Communications and message history. The retention of communications and message history transmitted through the Platform is governed by the Customer’s configuration and, where the information constitutes PHI, by the applicable BAA and HIPAA. On termination, we handle and return or delete such information as provided in the applicable agreement and BAA.
Even after you close your account, we may retain certain information (e.g., account records, transaction history, payment records) as needed for legal, regulatory, and fraud-prevention purposes, after which data may be anonymized and aggregated.
12. Third-Party Links and Social Features.
The Platform may link to or include third-party sites and features. We do not control these third parties, and their practices are governed by their own policies. Inclusion of a link is not an endorsement.
13. Changes to This Policy.
We may update this Policy to reflect changes in our practices or the law. The effective date at the top reflects the latest revision, and we will post the updated Policy on the Platform. If we make material changes, we will notify you by posting a notice on the Platform, and where required we will obtain your consent. Please review this Policy periodically.
14. Contact Us.
To exercise your rights or ask about this Policy or our practices, contact us at hi@sova.chat, or write to Sova Chat Corp, Attn: Privacy, 110 East Broward Blvd, Suite 1260, Fort Lauderdale, FL 33301.
Sova Chat Corp · Privacy Policy · Effective June 3, 2026