DRAFT TEMPLATE, counsel-pending review
This document is a structural draft for investor data-room visibility.
Outside counsel will finalize all binding language.
Do not execute without counsel review.
PRIVACY POLICY, RŌVN, INC.
Entity: Rōvn, Inc. ("Rōvn", "we", "us") Jurisdiction: State of Delaware · United States Effective Date: [On adoption] Version: Draft v0.1 · 2026-05-14 Audience: Workers (Passport users) and Facility Customers (facility workflow layer users)
1. OVERVIEW
Rōvn provides healthcare workforce trust infrastructure. We hold ourselves to high standards because we handle credentialing data, identity information, and (under defined scopes) Protected Health Information (PHI).
This Privacy Policy describes: - What we collect. - How we use it. - Whom we share it with. - Your control over your data. - How HIPAA, CCPA, and GDPR-style rights interact with our services.
This Privacy Policy applies to workers using Passport and to facility customers and their authorized users of facility workflow layer and the Verified API.
2. INFORMATION WE COLLECT
2.1 Account Information
Name, email, phone number, role (worker or facility user), facility affiliation, password (hashed), MFA tokens.
2.2 Profile Information
Worker profile fields including specialties, license numbers, work history, education, and self-reported attestations. Facility profile fields including organization details and authorized contacts.
2.3 Credential Information
Uploaded credential documents (licenses, certifications, training records), verification results from authoritative sources (e.g., NPDB, Nursys, state boards), and audit metadata (who issued, when verified, expiration).
2.4 Document Uploads
PDFs, images, and structured records submitted for OCR and verification.
2.5 Usage Information
Pages viewed, features used, timestamps, IP address, browser type, device identifiers. Used for security, debugging, and aggregate analytics.
2.6 Communications
Messages between workers and facilities exchanged via Rōvn, support tickets, and similar.
2.7 PHI (Limited Scope)
Where a facility customer engages facility workflow layer features that involve PHI (e.g., onboarding integrations referencing patient-care assignments), PHI is handled exclusively under the executed Business Associate Agreement (BAA). PHI is never used for marketing, training third-party models, or sold.
3. HOW WE USE INFORMATION
3.1 Service Delivery
To operate, maintain, and provide Passport, facility workflow layer, and Verified API features.
3.2 Verification
To verify worker credentials against authoritative third-party sources at the worker's or facility's request.
3.3 Compliance
To meet legal, regulatory, and audit requirements, including HIPAA, healthcare credentialing standards, and applicable state laws.
3.4 Improvement
To improve, train, and evaluate Rōvn's internal models and features. PHI is excluded from this use. De-identified, aggregated insights may be used.
3.5 Security
Fraud prevention, abuse detection, identity-proofing, audit logging.
3.6 Communications
Service announcements, security alerts, account updates. Marketing communications only with consent and with easy unsubscribe.
3.7 Receipts and Audit
Rōvn maintains source receipts (canonical citations to verifying authority) and audit logs for credential checks. These receipts persist for regulatory retention windows.
4. SHARING
4.1 With Facilities (Per Worker Consent)
Workers control what is shared with facilities. Facilities receive only the data the worker authorizes, supplemented with verified attestations sourced through Rōvn.
4.2 With Source Authorities (Per Verification Request)
When verifying credentials, Rōvn submits minimum-necessary information to the relevant authority (e.g., NPDB, Nursys, state licensing boards) to obtain a verified result.
4.3 With Sub-Processors (Under BAA / DPA)
Rōvn engages sub-processors for cloud hosting, AI model execution, document processing, and similar functions. All sub-processors are subject to BAA where PHI may be processed, plus DPA terms. See the SUB_PROCESSOR_REGISTRY in the data room for the current list.
4.4 With Legal Authorities
We disclose information when required by law, court order, or government request, after reasonable verification. Where not legally prohibited, we notify affected users.
4.5 In Business Transactions
In connection with a merger, acquisition, or asset sale, information may be transferred to a successor entity subject to equivalent privacy protections.
4.6 Never Sold
Rōvn does not sell personal information. Rōvn does not share personal information for cross-context behavioral advertising.
5. WORKER CONTROL
Workers have the following rights:
5.1 Access
View your profile, credentials, and audit history within Passport.
5.2 Export
Export all Passport data in structured machine-readable format.
5.3 Correction
Correct errors in your profile and contest verification results that you believe are inaccurate.
5.4 Deletion
Request account deletion. Subject to (a) legal retention obligations for audit logs and verification receipts, and (b) facility-side retention policies for data shared with an authorized facility, Rōvn deletes personal information within 30 days of request.
5.5 Consent Revocation
Revoke previously granted facility access at any time. Revocation does not retroactively un-share data that has already been transmitted, but the facility loses ongoing access.
5.6 Audit History
View a complete record of who accessed your data, when, and for what purpose.
6. COOKIES AND TRACKING
6.1 Minimal Cookies
Rōvn uses only first-party cookies necessary for authentication, session management, and security.
6.2 No Advertising Trackers
Rōvn does not use advertising trackers, retargeting pixels, or third-party analytics that share with ad networks.
6.3 Opt-Outs
Even though strict legal opt-outs (CCPA/GDPR) may not always apply to a US healthcare-vertical service like Rōvn, we offer CCPA-style and GDPR-style opt-outs uniformly as a matter of policy.
7. PHI HANDLING (HIPAA)
7.1 BAA-Aligned
Rōvn's posture is "BAA-available." For facility workflow layer features that touch PHI, Rōvn executes a Business Associate Agreement with the covered entity prior to PHI exchange.
7.2 Least Privilege
Access to PHI is restricted to authorized personnel on a least-privilege, role-based basis with full audit logging.
7.3 Retention
Audit logs and receipts for PHI-related actions retained for at least seven (7) years consistent with HIPAA and healthcare retention norms.
7.4 Breach Notification
Any breach of PHI is notified to the covered entity per HIPAA timelines (without unreasonable delay, no later than 60 days after discovery).
8. CHILDREN
Rōvn services are not intended for individuals under 18. We do not knowingly collect data from minors. If we learn we hold data from a minor, we will delete it promptly.
9. INTERNATIONAL
Rōvn services are designed for and offered to US-based customers and workers. All data is stored in US data centers. We do not currently serve EU or UK markets, and EU/UK personal data should not be submitted.
10. SECURITY
Rōvn implements technical and organizational measures appropriate for a healthcare-vertical service, including encryption in transit (TLS 1.2+), encryption at rest, MFA on administrative access, audit logging, vulnerability management, and incident response procedures. See SECURITY documentation in the data room for current posture.
No system is perfectly secure. We notify affected users of material security incidents per applicable law.
11. RETENTION
| Data Category | Retention |
|---|---|
| Worker profile (active accounts) | While account active + 90 days after closure |
| Audit logs | 7 years (HIPAA/healthcare-aligned) |
| Verification receipts | 7 years |
| Communications | While account active + 1 year |
| Backups | Up to 90 days rolling |
12. CCPA / CPRA DISCLOSURES (CALIFORNIA RESIDENTS)
12.1 Categories Collected. Identifiers, professional information, employment-related information, internet activity, sensory data (uploaded documents).
12.2 Purposes. As described in Section 3.
12.3 Rights. California residents have rights to know, access, correct, and delete personal information, and to opt-out of sale or sharing for cross-context behavioral advertising (Rōvn does neither). To exercise rights: privacy@rovn.to.
12.4 Non-Discrimination. We do not discriminate against users exercising privacy rights.
13. GDPR-STYLE DISCLOSURES (POLICY MATTER)
While Rōvn is currently US-only, we extend the following GDPR-style rights as a matter of policy: - Right to access. - Right to rectification. - Right to erasure (subject to legal retention). - Right to data portability. - Right to object to processing. - Right to withdraw consent.
Submit requests to privacy@rovn.to. We respond within 30 days.
14. HIPAA DISCLOSURES
For uses involving PHI, the executed BAA governs. This Privacy Policy describes Rōvn's general practices but does not modify the BAA. In conflict, the BAA controls for PHI.
15. CONTACT
Email: privacy@rovn.to Postal: Rōvn, Inc. · [Address pending] · Delaware, USA
For HIPAA-specific concerns: privacy@rovn.to (BAA-bound channel)
16. CHANGES TO THIS POLICY
We will post material changes prominently with at least 30 days' notice prior to effective date. Continued use after the effective date constitutes acceptance.
Change Log
- v0.1 · 2026-05-14, Draft template for data room.
17. GOVERNING LAW
This Privacy Policy is governed by Delaware law without regard to conflicts principles.
End of Draft v0.1 · 2026-05-14 Outside counsel review required prior to publication. CCPA and HIPAA disclosures to be confirmed.