Legal

Data Usage Policy

The categories of data we process, the lawful basis for that processing, the security controls we apply, and the responsibilities you take on as a user.

Last updated April 27, 2026

Jump to section
01

Purpose of This Policy

This Data Usage Policy explains how VonnX collects, processes, stores, and discloses data within our platform and services. It supplements our Privacy Policy and applies to all users of the VonnX dashboard, admin portal, and DME fulfillment workflows.
02

Categories of Data

  • Account data — names, emails, roles, clinic affiliations, and authentication metadata.
  • Clinical data — prescription details, device selections, and patient-level information needed to fulfill an order.
  • Claim data — claim numbers, payer information, adjuster and case-manager contacts, authorization documents.
  • Operational data — orders, deliveries, follow-ups, communications, and audit logs.
  • Technical data — IP addresses, device identifiers, browser metadata, and product telemetry used to keep the Services secure and reliable.
03

Lawful Basis for Processing

We process data based on (a) the contract between VonnX and your clinic or organization, (b) our legitimate interests in operating and improving the Services, (c) compliance with legal and regulatory obligations, and (d) where applicable, the consent of the data subject. Where HIPAA applies, processing is governed by the corresponding Business Associate Agreement.
04

How Data Is Used

  • To create and authenticate user accounts and sessions.
  • To process device requests, generate authorizations, and coordinate delivery and follow-up.
  • To produce documentation required by Workers' Compensation and Personal Injury workflows.
  • To run audit logs, lockout protections, and other security measures.
  • To analyze aggregate, de-identified usage to improve features, performance, and reliability.
  • To meet regulatory, legal, and contractual reporting obligations.
05

Data We Do Not Use

VonnX does not sell personal information, does not use Protected Health Information for advertising, and does not train third-party AI models on customer or patient data without explicit, separate authorization.
06

Sharing With Third Parties

Data is shared only with parties necessary to deliver the Services — device manufacturers, shipping carriers, payers, attorneys and case managers involved in the case, and vetted infrastructure providers (cloud hosting, monitoring, email delivery). Each subprocessor is bound by written confidentiality and security obligations.
07

Storage and Location

Data is hosted on secure cloud infrastructure within the United States. Backups are encrypted and access is restricted to authorized personnel only. We use logical separation between customer environments and apply role-based access controls throughout.
08

Retention

We retain operational data for the lifetime of the engaging account plus the period required by applicable medical, claim, and tax retention rules. Audit logs are retained for the period required to meet our compliance obligations. Backups are rotated under defined schedules.
09

De-Identification and Aggregation

We may de-identify or aggregate data in a manner consistent with HIPAA and other applicable rules. De-identified or aggregated data may be used to monitor performance, perform research, and improve the Services, and is not subject to the use limitations that apply to identifiable data.
10

Security Controls

  • Encryption in transit (TLS 1.2+) and at rest.
  • Role-based access control with least-privilege defaults and quarterly access reviews.
  • Login lockout, password complexity, and session controls.
  • Continuous audit logging across authentication, role changes, and sensitive data access.
  • Vulnerability management, penetration testing, and ongoing security monitoring.
11

Your Responsibilities

Users are responsible for safeguarding their account credentials, promptly reporting suspected unauthorized access, configuring appropriate roles for team members, and using the Services in accordance with applicable law and clinical standards.

Need clarification on anything above?

Chat with our assistant on vonnxdme.com for instant answers. You can also email info@vonnxdme.com, or call 1 (800) 936-7553 for further assistance.