Privacy Policy
Last Updated: April 1, 2026
1. Introduction
RL4, LLC d/b/a Vetriq (“VETRIQ,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your information. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website, applications, and services (collectively, the “Services”).
VETRIQ provides a healthcare lockbox automation and revenue cycle management platform, including automated EOB-to-835 conversion, deposit reconciliation, correspondence routing, and related analytics capabilities to healthcare providers. Our platform receives healthcare data from insurance companies, financial institutions, and medical providers, including Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996, as amended by the HITECH Act (“HIPAA”), as well as financial transaction data, ACH routing and account information, lockbox data, deposit reconciliation data, and EOB payment information. We process this information to produce outputs that can be transmitted to financial institutions for payment reconciliation purposes. We do not process payments or handle funds directly. Because our Services involve the processing of PHI and financial data, we are required by law and contractual commitment to maintain robust privacy and security practices. For a detailed accounting of how we use and disclose PHI, see our Notice of Privacy Practices.
By using our Services, you agree to the terms of our policies and practices. If you do not agree, please do not use our Services.
2. Information We Collect
2.1 Information You Provide to Us
We collect information you voluntarily provide when using our Services. Through our public website, we may collect basic contact information such as your name, email address, phone number, company name, and job title when you request information about our Services or contact us.
Through our SaaS application, we may collect account information including your name, contact information, email address, phone number, mailing address, business name, username and password, and job title. We also collect Customer Data through the application, which includes healthcare revenue data, medical service cost information, patient billing records, related PHI, financial transaction data, ACH routing and account information, lockbox data, deposit reconciliation data, and EOB payment information. This may include patient billing records with diagnosis and procedure codes and other information necessary to categorize correspondence, convert unstructured data to standard formats (including EOB-to-835 conversion), and reconcile payment data.
Additionally, we collect information when we conduct customer and consumer interviews for product enhancements and marketing activities or you contact us for technical support.
2.2 Information Collected Automatically
When you access our Services, we automatically collect certain device and usage information, which may include your IP address and general location information, browser type and version, operating system, device identifiers, pages visited and features used, date and time of access, and referring URLs. We may also derive identifiers from your browser or device characteristics (such as browser configuration, installed plugins, and screen resolution) for the purpose of advertising attribution and analytics. We may also create server logs which record requests made to our systems, error reports, performance data, authentication attempts, and system access.
2.3 Information from Third Parties
We may receive information about you from third parties, including business partners, identity verification services, credit reporting agencies, and publicly available sources.
3. How We Use Your Information
We use the information we collect to operate, maintain, and provide the features of our Services, process transactions, and send related information. We use your information to respond to your comments, questions, and support requests, and to monitor and analyze usage patterns and trends in order to develop new products, services, and features. Your information helps us personalize and improve your experience with our Services.
We use your information to send you administrative communications such as service updates, security alerts, and support messages. With your consent where required by law, we may also send you marketing communications. We use your information to respond to inquiries and fulfill your requests.
Your information is essential for protecting against fraud, unauthorized transactions, and other liability. We use it to verify identity and prevent unauthorized access, comply with our legal obligations, enforce our agreements, and investigate and address violations of our Terms of Service.
We conduct research and analysis to improve our Services and generate aggregated, de-identified data for industry insights. When we de-identify data, we do so in accordance with the HIPAA Safe Harbor method (45 C.F.R. § 164.514(b)) or Expert Determination method (45 C.F.R. § 164.514(a)) such that the resulting data does not identify any individual. We use de-identified data to train, validate, and improve our machine learning models and algorithms to enhance the accuracy and efficiency of our automation services. Machine learning models, algorithms, and parameters developed or improved using such de-identified data are VETRIQ materials and not Customer Data or derivatives thereof. We also use your information to measure the effectiveness of our marketing efforts.
4. Our Role in Data Processing
For the Services described in this Privacy Policy, VETRIQ acts as an independent “business” or “controller” under applicable U.S. privacy laws (including the California Consumer Privacy Act, Virginia Consumer Data Protection Act, Texas Data Privacy and Security Act, and other state comprehensive privacy laws). In this capacity, VETRIQ determines the purposes and means of processing personal information collected through its website, marketing activities, and business operations.
Where VETRIQ processes personal information on behalf of a customer under a separate agreement (such as a Master Services Agreement or Terms of Service), VETRIQ acts as a “service provider” or “processor” under applicable law. In that capacity, VETRIQ processes data according to the customer’s instructions and the terms of the applicable agreement. The customer is the custodian of the data and system of record and is responsible for determining the purposes and means of processing their client data through our Services.
If you are a Covered Entity, Business Associate, or Business Associate Subcontractor as defined by HIPAA, the handling of PHI is governed by our Business Associate Agreement or Business Associate Subcontractor Agreement, which controls over this Privacy Policy with respect to PHI.
Our Master Services Agreement and Terms of Service include data processing provisions that govern our handling of Customer Data, including security commitments, breach notification obligations, data return and deletion procedures, and subprocessor management.
5. How We Share Your Information
We do not sell your personal information.
5.1 Service Providers and Subprocessors
We share information with third-party service providers and subprocessors who perform services on our behalf, including cloud hosting and infrastructure providers, customer support platforms, analytics providers, and email delivery services. These providers are contractually obligated to use your information only for the services they provide to us and to maintain appropriate security measures. We maintain a list of subprocessors available upon request and will notify customers of material changes to our subprocessor list. Subprocessors handling financial institution credentials, banking API integrations, or transaction data are subject to security obligations consistent with applicable financial data protection requirements.
5.2 Financial Institution Transmissions
We transmit financial data to certain business partners and financial institutions for payment reconciliation purposes at the direction of our customers. We do not process payments or handle funds on your behalf, and we are not responsible for the actions of any financial institution to which data is transmitted at your request.
5.3 Business Transfers
If VETRIQ is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.
5.4 Legal Requirements
We may disclose your information if required by law, in response to legal action (e.g., court orders, subpoenas, or legal process), in response to requests from government authorities, to protect our rights, privacy, safety, or property, to enforce our Terms of Service, or to avert or in response to an emergency proclamation or disaster.
5.5 Aggregated and De-Identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you. All de-identification is performed in accordance with the HIPAA Safe Harbor method (45 C.F.R. § 164.514(b)) or Expert Determination method (45 C.F.R. § 164.514(a)). This data may be used for industry analysis, research, improving our Services, and other purposes.
6. Data Security
We implement appropriate administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of your information, consistent with industry standards, applicable Healthcare Laws (including HIPAA), and applicable financial data protection laws, including the Gramm-Leach-Bliley Act (“GLBA”) and PCI DSS, to the extent applicable to the data processed.
Our technical safeguards include encryption of data at rest using AES-256 (or equivalent approved algorithm) and in transit using TLS 1.2 or higher, consistent with VETRIQ’s Information Security Policy and Data Encryption Policy; firewalls and intrusion detection/prevention systems; regular security assessments and penetration testing (at least annually); multi-factor authentication for system access; role-based access controls; and continuous security monitoring and alerting.
Our organizational safeguards include employee background checks; security awareness training for all employees; confidentiality and nondisclosure agreements; HIPAA Business Associate and Business Associate Subcontractor Agreements; incident response procedures, including a documented data breach response plan; and regular security audits.
Our physical safeguards include hosting data in SOC 2 certified data centers with physical access controls and monitoring, as well as environmental controls and redundancy.
To the extent the Services involve the processing of financial data, including lockbox data, ACH transactions, deposit reconciliation, EOB payment information, or data transmitted through banking API integrations, we maintain safeguards consistent with the GLBA and its implementing Safeguards Rule (16 C.F.R. Part 314), to the extent applicable, and comply with PCI DSS requirements to the extent Customer Data includes payment card data. Banking API credentials, financial institution access credentials, and transaction data are protected with the same level of security applied to PHI.
While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
6.1 Breach Notification
We maintain a data breach response plan and will notify affected parties of any suspected breach of security involving personal information or Customer Data within forty-eight (48) hours of initial detection. We will provide a detailed notification without unreasonable delay (and in no event more than seventy-two (72) hours) after confirmation of a breach. Such detailed notification will include, to the extent known: (a) the nature of the breach; (b) the categories of data affected; (c) the measures taken to address the breach; and (d) the measures recommended to mitigate potential harm. Additional notification to regulatory authorities will be made in accordance with applicable law, including HIPAA breach notification requirements and applicable state data breach notification laws.
6.2 Reporting Security Incidents
If you become aware of or suspect a security incident involving the Services or your data, please report it immediately to infosec@vetriq.com. For privacy-related concerns, including questions about your data or requests to exercise your privacy rights, contact privacy@vetriq.com.
7. Data Retention
We retain your information for as long as necessary to provide our Services to you, comply with legal obligations, resolve disputes and enforce agreements, and fulfill the purposes described in this Privacy Policy. Specific retention periods for different categories of data are set forth in VETRIQ’s Data Retention Policy and Data Retention Schedule, which are maintained separately and updated as required.
Upon termination or expiration of a customer agreement, we will make Customer Data available for export for thirty (30) days. After this period, we will delete Customer Data except as required for legal compliance or per our standard backup retention schedule, which may result in retention of encrypted backup copies for approximately twelve (12) months following deletion, consistent with our Backup and Restore Policy then in effect. We will continue to protect any such retained data in accordance with the applicable customer agreement.
Upon written request following expiration of the backup retention period, we will provide written certification confirming that all Customer Data, including backup copies, has been securely destroyed in accordance with industry-standard destruction methods.
When information is no longer needed and all applicable retention periods have expired, we securely delete or anonymize it in accordance with industry-standard destruction methods.
Notwithstanding the foregoing, following termination or expiration of a customer agreement, VETRIQ’s license to retain and use Resultant Data (as defined in our Terms of Service and Master Services Agreement) shall survive and shall remain subject to the de-identification requirements described in this Privacy Policy and VETRIQ’s then-current Data Retention Policy and Data Retention Schedule.
8. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information.
You may request access to the personal information we hold about you and receive a copy in a portable format. You may request that we correct inaccurate or incomplete personal information. You may request that we delete your personal information, subject to certain exceptions such as legal retention requirements. Upon a verified deletion request, we will delete the applicable personal information and, upon your written request following expiration of any applicable backup retention period, provide written certification confirming destruction.
You may opt out of receiving marketing communications by clicking the “unsubscribe” link in our emails, contacting us at privacy@vetriq.com, or updating your account preferences.
If applicable laws grant you the right to opt out of “sharing” for targeted advertising, you may exercise this right by contacting us. We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, please contact us using the information in Section 13. We will respond to your request within the timeframe required by applicable law.
9. State-Specific Privacy Rights
9.1 California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act. You have the right to know the categories and specific pieces of personal information we have collected about you, the sources of collection, our purposes for collection, and the categories of third parties with whom we share information. You have the right to request deletion of your personal information, subject to certain exceptions, and the right to request correction of inaccurate personal information. You may opt out of the sale or sharing of personal information and limit the use of sensitive personal information to purposes necessary to provide the Services.
The categories of personal information we collect include identifiers, commercial information, internet activity, professional information, and inferences drawn from this information. We collect this information directly from you, automatically through your use of our Services, and from third parties for the purposes described in Section 3 of this Privacy Policy. We disclose personal information to service providers and subprocessors as described in Section 5.
To submit a request, contact us at privacy@vetriq.com or call the number provided on our website. We may verify your identity before processing your request.
9.2 Other State Privacy Laws
Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws may have similar rights. Please contact us at privacy@vetriq.com to exercise your rights under applicable state law.
10. Cookies and Tracking Technologies
We use cookies, localStorage, sessionStorage, and similar technologies to enhance your experience and measure the effectiveness of our marketing efforts. When you first visit our website, we present a cookie notice banner that informs you of our use of cookies. Non-essential cookies are enabled by default to ensure full site functionality and analytics. You may adjust your preferences at any time, including opting out of analytics and marketing cookies, by clicking the “Cookie Settings” link in the footer of any page.
Essential cookies are required for the operation of our Services, including authentication and security. Functional cookies enable enhanced functionality and personalization. Analytics cookies help us understand how visitors interact with our Services. Marketing cookies are used to deliver relevant advertisements and measure campaign effectiveness. These cookies are active by default and may be disabled through your cookie preferences at any time.
The following cookies and storage technologies may be used on our website:
| Name | Purpose | Duration | Type |
|---|---|---|---|
| vetriq_gclid | Google Ads click attribution | 90 days | First-party cookie |
| vetriq_attribution | UTM campaign parameters for session attribution | Session | sessionStorage |
| __hstc | HubSpot visitor tracking | 6 months | First-party cookie |
| hubspotutk | HubSpot visitor identity | 6 months | First-party cookie |
| __hssc | HubSpot session tracking | 30 minutes | First-party cookie |
| __hs_cookie_cat_pref | Cookie consent preferences | 6 months | First-party cookie |
| _ga, _gid | Google Analytics visitor identification | 2 years / 24 hours | First-party cookie |
You can manage cookies through your browser settings. Most browsers allow you to view cookies stored on your device, delete cookies individually or in bulk, block all cookies or only third-party cookies, and set preferences for specific websites. Note that disabling certain cookies may affect the functionality of our Services.
Some browsers offer a “Do Not Track” setting. We currently do not respond to DNT signals, but we honor opt-out preferences expressed through our cookie settings and the “Do Not Sell or Share My Personal Information” link available on every page.
11. Third-Party Links and Services
Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.
12. Children’s Privacy
Our Services are not directed to children under the age of 16 and we do not knowingly or intentionally collect information directly from children. However, we may receive data from and process data for our business partners for services rendered to children under 16.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
RL4, LLC d/b/a Vetriq
1623 W. Fulton Street
Chicago, IL 60612
Privacy Matters and Rights Requests: privacy@vetriq.com
Security Incidents and Concerns: infosec@vetriq.com
General and Legal Inquiries: legal@vetriq.com
For privacy-related complaints, you may also contact the U.S. Department of Health and Human Services or other government authority in your jurisdiction.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will publish the updated Privacy Policy on our website and update the “Last Updated” date at the top of this Privacy Policy. For material changes, we will provide notice via our website and, where appropriate, by email prior to the change becoming effective. Your continued use of our Services after any changes constitutes acceptance of the updated Privacy Policy.
15. Additional Information for Business Customers
Customer Data is stored in the United States. By using the Services, customers consent to such storage.
For additional information regarding Vetriq’s data processing commitments, security controls, and compliance obligations, please refer to our Master Services Agreement, Terms of Service, or Business Associate Agreement as applicable to your relationship with Vetriq.
RL4, LLC d/b/a Vetriq
A Delaware Limited Liability Company