Skip to content

Already have labs? Get a free clinical review Upload now

Privacy policy

Veedma Inc. ("Veedma," "we," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with our website, mobile applications, and online services (the "Service"). By using the Service, you agree to the practices described in this Privacy Policy.

Veedma is a LegitScript-certified telehealth service, a certification that confirms we operate legally and meet healthcare transparency and safety standards. You can verify our certification on LegitScript's website at any time.

Information we collect

We may collect the following categories of information when you use the Service:

  • Personal identifiers: name, email address, phone number, and date of birth.
  • Account information: username, password, and security credentials.
  • Payment information: limited payment card details and billing address (processed by our payment partners; we do not store full card numbers).
  • Health information: details you provide in connection with our services, including medical history, symptoms, treatment notes, and lab results uploaded by you for clinical review (including labs from third-party lab providers). All such information is treated as protected health information under HIPAA from the moment of upload, regardless of whether you ultimately enroll in paid treatment with Veedma.
  • Device and usage information: IP address, browser type, operating system, and interactions with the Service.
  • Communications: messages or inquiries sent to us, including through SMS or email.

We collect information directly from you, automatically through your device, and from third-party service providers supporting our operations.

How we use information

We use the information we collect to:

  • Provide, maintain, and improve the Service;
  • Facilitate telehealth services through AYA PCs;
  • Communicate with you about appointments, account activity, and updates;
  • Process payments and manage subscriptions;
  • Perform analytics, quality assurance, and product development;
  • Protect against fraud, misuse, or security threats;
  • Comply with legal and regulatory obligations.

We do not use or disclose personal information for purposes materially different from those described without notice and consent.

Use of AI tools

We use AI-assisted tools to support clinical operations, including lab pattern analysis, draft report preparation, and quality review. Before any patient information is sent to AI-assisted tools, we remove all 18 HIPAA Safe Harbor identifiers (such as name, address, contact details, exact dates, medical record numbers, and account numbers) and assign a unique internal code that is not derived from your personal information, as described in 45 CFR § 164.514(c). The AI processes only de-identified clinical and lab data, along with non-identifying demographic information such as age and gender. The AI's draft output is returned to our secure systems, where the unique code allows us to re-associate the draft with your record. A licensed provider then reviews, edits, and signs off on the draft before delivery to you. Because a licensed provider makes the final clinical determination on every report, no AI-only decisions are issued.

De-identified information

We may use de-identified patient information for educational, marketing, research, quality-improvement, or product-development purposes. De-identification follows HIPAA-compliant methods, removing all identifiers required by the Safe Harbor standard (45 CFR § 164.514(b)(2)) or applying Expert Determination as appropriate. Once de-identified in accordance with these methods, the information is no longer protected health information under HIPAA and may be used or shared by Veedma without further restriction. Veedma publicly commits not to attempt to re-identify de-identified information and to require any recipients of such information to agree to the same restriction.

Disclosure of information

We may share information as follows:

  • With AYA PCs for the purpose of providing medical services;
  • With service providers and contractors who process information on our behalf (for example, hosting, analytics, payment processing);
  • For legal compliance when required by law or to protect rights, safety, or property;
  • In business transfers such as mergers or acquisitions;
  • With your consent or as otherwise disclosed at the time of collection.

We do not sell or share personal information as defined by California law, and we do not use personal information for cross-context behavioral advertising.

Health information and HIPAA compliance

When you receive healthcare services through AYA PCs ("Medical Provider"), your health information is protected under the Health Insurance Portability and Accountability Act ("HIPAA") and the California Confidentiality of Medical Information Act ("CMIA").

Veedma acts as a Business Associate to AYA PCs and processes protected health information ("PHI") only as permitted by HIPAA, CMIA, and its agreement with the Medical Provider.

For more information about your rights under HIPAA, please contact AYA PCs at 1 Mid America Plaza 3rd Floor #5031, Oakbrook Terrace, IL 60181 to request its Notice of Privacy Practices.

Retention of information

We retain personal information for as long as necessary to provide services, comply with our legal obligations, resolve disputes, and maintain business records. Retention periods vary depending on the type of data and applicable laws.

For users who upload lab results for clinical review but do not enroll in paid treatment with Veedma, we retain the uploaded data and the associated clinical review for 6 years from the date of upload. After 6 years, the data is deleted unless we have a legal obligation to retain it longer or you have requested earlier deletion.

For patients who enroll in treatment, we retain medical records for at least 10 years from the patient's last encounter. After that period, records are securely destroyed unless a legal hold or applicable law requires longer retention, or you have requested earlier deletion where permitted by law.

Security

We implement technical and organizational safeguards designed to protect personal information from unauthorized access, loss, or disclosure. However, no system is completely secure, and we cannot guarantee absolute security of information transmitted through the internet.

Your privacy rights (California residents)

If you reside in California, you have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, use, or disclose;
  • Right to delete personal information, subject to legal exceptions;
  • Right to correct inaccurate personal information;
  • Right to opt out of the sale or sharing of personal information;
  • Right to limit the use of sensitive personal information;
  • Right to non-discrimination for exercising your privacy rights.

You may submit a request by contacting us. We will verify your identity before processing your request. You may designate an authorized agent to submit a request on your behalf.

Sensitive personal information

We collect limited sensitive personal information, such as health data, only as necessary to provide telehealth and wellness services. We do not use or disclose sensitive information for any unrelated purposes.

Children's privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal data, we will delete it promptly.

Do not sell or share my personal information

Veedma does not sell or share personal information as defined by California law. We also honor Global Privacy Control (GPC) signals and other legally recognized opt-out mechanisms.

Communications

If you subscribe to receive messages or updates, we may contact you by email or SMS. You may opt out of promotional messages by following the instructions in those communications or by contacting contact us. Transactional or service-related messages may still be sent.

Changes to this policy

We may update this Privacy Policy periodically. Any changes will be posted on our website with an updated effective date. Continued use of the Service after changes means you accept the revised policy.

Contact information

Veedma Inc.
1875 Mission St, Ste 103 #506
San Francisco, CA 94103
Contact us

AYA PCs
1 Mid America Plaza 3rd Floor #5031
Oakbrook Terrace, IL 60181