Privacy policy
Last updated: January 2026
1. Information we collect
We collect the details you give us when you request a demo or contact us, such as your name, work email, company, and role. When a plan engages us, we also handle claims data and protected health information under a signed Business Associate Agreement.
2. How we use information
We use your contact details to respond to you and to run our services. We use claims data only to audit claims and recover overpayments for the plan that engaged us.
3. Protected health information and HIPAA
Any protected health information we handle is governed by a Business Associate Agreement and by HIPAA. We use it for one purpose: the audit. We do not sell it, use it for marketing, or fold it into other products.
4. How we share information
We do not sell your information. We share it only with the service providers we need to run the audit, and only under agreements that require them to protect it.
5. Security
We encrypt data in transit and at rest, limit access to the people who need it, and log that access. Our full safeguards are described on our HIPAA and security page.
6. Retention
We keep information only as long as we need it for the audit and for legal or contractual obligations. After that we return or destroy it, with written certification when a plan requests it.
7. Your choices
You can ask us what we hold about you, correct it, or ask us to delete it. Email maximus@soro.health and we will respond.
8. Cookies
Our website uses only the cookies needed to make it work. We do not use it to build advertising profiles.
9. Changes to this policy
If we change this policy, we will post the new version here with an updated date.
10. Contact
Questions about privacy go to maximus@soro.health.

