Valian
Sign up
// LEGAL · PRIVACY

Privacy Policy

Last updated: May 6, 2026

About This Policy

This Privacy Policy explains how Valian Systems LLC (“Valian,” “we,” “us”) collects, uses, stores, and shares information when you visit our website or use our Medical Revenue Operating System. By using the Service, you agree to this Policy.

Information We Collect

Account & Practice Information

  • Name, email, phone number
  • Practice name, location, PMS type, providers, hours of operation
  • Authentication credentials (passwords are hashed, never stored in plaintext)
  • OAuth tokens for Google Workspace + PMS integrations

Payment Information

Payment processing is handled by Stripe. We do not receive, see, or store your full credit card number. We retain only the last 4 digits, card brand, and expiration date as Stripe returns them for billing display.

Operational Data

  • Call recordings and transcripts
  • SMS and email content sent through the platform
  • Patient memory records (preferences, prior visits, escalation history)
  • Audit logs of every read, write, and API call

Patient Health Information (PHI)

When your practice signs our Business Associate Agreement (BAA), Valian processes PHI on your behalf as a HIPAA Business Associate. PHI is encrypted, tenant-isolated, and audit- logged. We do not use PHI for AI model training, analytics, advertising, or any purpose outside delivering the Service.

Usage & Device Data

Standard server logs (IP address, user-agent, request timestamp, response status), plus Google Analytics events on this marketing website (page views, button clicks). The dashboard application does not include third-party analytics.

How We Use Information

  • To deliver the Service (answer calls, schedule appointments, send communications)
  • To process payments and prevent fraud
  • To maintain security, debug issues, and provide support
  • To send transactional notifications (account, billing, service)
  • To improve the Service in aggregate, never with PHI

HIPAA & Business Associate Agreements

Valian acts as a Business Associate to its practice customers (Covered Entities). A signed BAA is required before any Protected Health Information flows into our system. Sub-processors that touch PHI (hosting, voice, SMS, email) have signed BAAs with us and are listed below.

Sub-Processors

The following service providers process data on our behalf, under signed agreements:

  • Supabase, database, authentication, file storage (US-region)
  • Vercel, web hosting (US-region)
  • Vapi, voice AI infrastructure (US-region)
  • Twilio, SMS and telephony
  • Resend, transactional email
  • OpenAI + Anthropic, language model APIs (zero-retention enterprise tier)
  • Stedi, insurance eligibility (X12 270/271)
  • Stripe, payment processing
  • Cal.com, demo scheduling (no PHI)
  • Sentry, error monitoring (PII scrubbed)

We do not sell, rent, or trade your personal information. We share data only with the sub-processors above, only as necessary to deliver the Service, and only under data processing agreements.

Data Security

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Tenant-isolated via row-level security on every database table
  • Every read, write, and API call logged in an immutable audit ledger
  • Role-based access control with least-privilege defaults
  • Annual security review and incident response procedures

Data Residency

All compute, databases, and backups are hosted in US regions only. No offshore replicas. No sub-processors store PHI outside US boundaries. Data residency is contractually enforced.

Data Retention

We retain account, billing, and operational data for the duration of your subscription plus a reasonable period afterward to satisfy legal, tax, and audit obligations. Call recordings, transcripts, and patient memory are retained for the period defined in your BAA, then deleted on schedule. You may export your data and request deletion at any time.

Your Rights

You may request access to, correction of, export of, or deletion of your personal information at any time. Contact privacy@valiansystems.com. We respond within 30 days. Practice customers retain ownership of all PHI; export is provided in standard formats on request.

Cookies & Analytics

Our marketing website (valiansystems.com) uses essential cookies for session continuity and Google Analytics for aggregate usage metrics. The dashboard application uses only session cookies required for authentication, no third-party analytics or advertising cookies. You can disable non-essential cookies via your browser settings.

SMS / Text Messaging

When you provide your phone number and consent to receive text messages from Valian Systems LLC, you may receive the following types of messages depending on your relationship with us:

If you requested a product demo

  • Demo scheduling confirmations, confirming your demo date and time
  • Demo appointment reminders, reminders before your scheduled demo
  • Demo rescheduling notifications, notifications if your demo is rescheduled

If you are a patient of a practice using Valian

  • Appointment reminders, confirmations, rescheduling notifications, and upcoming visit reminders
  • Missed call follow-ups, text messages sent after a missed call to help you book an appointment
  • Service notifications, updates about your appointments and care

Message frequency: Message frequency varies based on your interaction with our service. You may receive up to 10 messages per month during onboarding, and ongoing messages based on your appointment activity and service usage.

Message and data rates: Standard message and data rates may apply depending on your mobile carrier and plan. Valian Systems LLC is not responsible for any charges from your mobile carrier.

Opt-out: You can opt out of text messages at any time by replying STOP to any message you receive from us. After opting out, you will receive a final confirmation message and no further texts will be sent.

Help: For help with text messages, reply HELP to any message or contact us at support@valiansystems.com.

Carriers: Carriers are not liable for delayed or undelivered messages. Supported carriers include AT&T, T-Mobile, Verizon, and all other major US carriers.

Consent: Consent to receive text messages is not a condition of purchase. You may use our services without opting in to text messages.

Opt-in data sharing: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Your phone number is shared only with the healthcare practice you are communicating with and with our SMS delivery provider (Twilio) solely for the purpose of delivering the messages described above. All of the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

For full details on how we collect SMS consent, see our Demo SMS Consent Policy or Patient SMS Consent Policy.

Children's Privacy

Valian is intended for use by healthcare practices and adults ages 18 and over. We do not knowingly collect personal information from children under 13. PHI of pediatric patients is processed only on behalf of practices under their direct authorization and their own privacy practices.

Changes to This Policy

We may update this Policy as our Service evolves. Material changes will be communicated via email to account holders and posted at the top of this page with a new “Last updated” date.

Contact

For privacy inquiries, contact privacy@valiansystems.com. For HIPAA matters, contact our Privacy Officer at the same address.