How we protect your data

PHI-safe by design — here's exactly how it works

Last updated: March 2026

Pediatric therapy practices handle sensitive information about children and families every day. We built Senvvo from the ground up with a single guiding principle: collect only what's necessary, keep it only as long as needed, and never store what you don't need.

The short version

  • Parent names and contact details are never stored in our database
  • Screener responses are never stored in identifiable form
  • Chat message content is never stored
  • Results links expire after 48 hours
  • All analytics are aggregated and de-identified

How the screener works

When a parent completes your screener:

Step 1
Parent answers questions

Responses are held in the browser session only. Nothing is written to our database at this point.

Step 2
Parent submits contact form

Name, email, and phone are used to send two emails:

  • Results email to the parent with their tokenized link
  • Notification email to your practice with the results summary

After these emails are sent, the contact information is discarded. It is never written to our database.

Step 3
What we store

We store only:

  • A randomized token linked to the screener result (expires 48 hours)
  • The age range selected (e.g. "18–24 months")
  • Domain-level scores (e.g. "3 of 6 milestones met") — no individual question responses
  • A timestamp
Never stored
  • Parent name
  • Email address
  • Phone number
  • Child's name or date of birth
  • Individual question responses
  • Chat message content
  • Any identifying information
What we store
  • Random session / result token
  • Age range (e.g. "2–3 years")
  • Domain scores (aggregated)
  • Timestamp
  • Anonymous session events

How the chat assistant works

Message content is processed in real time to generate a response and is never written to our database.

We store only anonymized session events:

  • Session started (random session ID, no identity)
  • Message sent (count only, no content)
  • Contact requested (topic tag if available, no personal details)

Your analytics dashboard shows conversation volumes, top topics, and contact rates — all derived from these anonymized events. No individual conversation is identifiable or retrievable.

Your analytics dashboard

Everything you see in your dashboard is aggregated across all families. When you see "Communication & Feeding was the top concern domain this month," that reflects a count of screener submissions — not a list of families. There is no way to drill down to an individual parent or child from your analytics.

Infrastructure security

  • All data transmitted over HTTPS/TLS encryption
  • Database hosted on Supabase with row-level security
  • Application hosted on Vercel with SOC 2 compliant infrastructure
  • Role-based access — practice managers see only their own practice data
  • No cross-practice data sharing or visibility

A note on HIPAA

Senvvo is designed to minimize PHI processing. Because we do not persistently store parent names, contact details, or health information, many of the standard HIPAA obligations that apply to systems storing PHI do not apply to Senvvo in the traditional sense.

That said, we take compliance seriously. Practices with specific BAA requirements should contact us at hello@senvvo.care — we are happy to discuss your compliance needs.

Questions?

If you have questions about how we handle data, contact us at hello@senvvo.care. We'll respond within one business day.