Privacy Policy

Navera Health Group LLC (doing business as Navera Health & Wellness; "Navera," "we," "us") respects your privacy. This Privacy Policy explains what information we collect, how we use, share, and protect it, and the choices and rights you have. It applies to our website, member portal, and coaching services.

Effective date: May 1, 2026

Last updated: May 1, 2026

About Navera and Your Information

Navera provides clinically adjacent mental-health support — coaching, psychoeducation, and family guidance — on an invite-only, out-of-pocket basis. Navera is not a clinical provider and does not bill health insurance. As a result, Navera is generally not a HIPAA covered entity, and this Privacy Policy is not a HIPAA Notice of Privacy Practices.

We voluntarily apply HIPAA-aligned administrative, physical, and technical safeguards to the information you share with us. Where Navera receives Protected Health Information (PHI) from a clinical provider under a Business Associate Agreement (BAA), that PHI remains governed by HIPAA and the terms of the applicable BAA in addition to this Policy.

Information We Collect

Information You Provide

• Identifiers: name, email, phone number, mailing address
• Account information: the Google account identifier used to log in, profile preferences
• Demographic and family information: provided during onboarding and the course of services
• Emergency contact information
• Billing information: processed by Stripe; we do not store full payment card numbers
• Coaching content: messages, session notes, goals, progress notes, and materials you share with your guide or coach
• Information about minors: when a parent or guardian engages our services on a minor's behalf

Information from Third Parties

• Clinical partners: with your authorization, we may receive assessment results, diagnoses, or treatment plans from your clinical provider so that we can support you between appointments
• Referrals: if you were referred to Navera, we may receive contact and referral details from the referring party

Information Collected Automatically

• Authentication and access logs: login timestamps, session activity, device and browser information, IP address
• Cookies and similar technologies: we use cookies to keep you signed in and to operate the portal. We do not use third-party advertising or behavioral-tracking cookies.

How We Use Your Information

We use the information we collect to:

• Provide our coaching, psychoeducation, and family support services
• Coordinate with clinical providers when you authorize us to do so
• Schedule sessions and send appointment reminders
• Process payments and manage subscriptions
• Communicate with you about your services and our practice
• Operate, secure, troubleshoot, and improve our portal
• Comply with legal obligations and enforce our Terms of Use

Use of Artificial Intelligence

Navera operates as an AI-first practice. We use AI tools to help our staff with summarization, drafting, scheduling, and personalization of educational content. Material decisions about your services are reviewed by humans; we do not rely on automated decision-making for material decisions about you. Where we use third-party AI services, those vendors are contractually limited to processing your information solely to provide services to Navera.

How We Share Information

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising. We share information only as described below:

• With your consent: when you authorize sharing with another provider, family member, or third party
• Coaching staff and contractors: internal team members and contractors who support your services, under confidentiality obligations
• Clinical partners: when you authorize coordination with your clinical provider
• Service providers: vendors that help us run the practice (listed below), under written contracts limiting their use of your information
• Legal and safety: when required by law, in response to a valid legal process, or to protect the rights, property, or safety of any person — including reporting suspected abuse, neglect, or imminent harm where required or permitted
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to continued protection of your information

Service Providers

• Google Cloud Platform: hosting, identity, and security infrastructure
• Google Workspace: email, calendar, document storage, and collaboration tools used to operate the practice
• Stripe: payment processing
• Spruce: HIPAA-compliant communications platform (SMS, voice, and secure messaging)

Where these providers may receive PHI on our behalf, we maintain Business Associate Agreements or equivalent contractual protections.

Mobile Information

Mobile phone numbers and SMS opt-in information are not shared with third parties or affiliates for marketing or promotional purposes. Sharing with subcontractors that support our SMS service (such as Spruce and its underlying carriers) is permitted strictly to deliver messages you have asked to receive.

SMS / Text Messaging

If you provide your mobile phone number, you may receive text messages from Navera Health Group LLC, sent through our SMS service provider, Spruce Health. These messages may include appointment reminders, appointment changes or cancellations, account or care-related notifications, and administrative messages related to your services. Message frequency may vary. Standard message and data rates may apply based on your mobile carrier and plan. You may revoke your consent at any time by texting STOP to (484) 916-4611, after which you will receive a confirmation message. For assistance, text HELP or contact us at (484) 916-4611. Consenting to receive text messages is not a condition of receiving Navera's services. SMS opt-in and consent data will not be shared with any third parties. SMS is not an encrypted channel; please avoid including sensitive information in your replies.

How We Protect Your Information

• Identity-Aware Proxy (IAP): only authenticated, authorized users can reach the portal
• Encryption in transit: all traffic is encrypted using TLS 1.2 or higher
• Encryption at rest: data is encrypted on Google Cloud infrastructure
• Access controls: staff access is limited to what is necessary for their role
• Audit and monitoring: account access and administrative actions are logged
• Business Associate Agreements: in place with vendors that may receive PHI

No system can be guaranteed to be completely secure. If we become aware of a security incident that affects your information, we will notify you as required by applicable law.

How Long We Keep Your Information

We retain your information for as long as needed to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. Coaching records are typically retained for the period required by applicable state law for similar records, generally 7 to 10 years after your last engagement, and longer where the engagement involved a minor (commonly until the minor reaches the age of majority plus the applicable retention period). Billing and tax records are retained for the period required by financial and tax laws (typically 7 years).

Your Rights

Subject to applicable law, you have the right to:

• Access: request a copy of the personal information we hold about you
• Correction: request that we correct information that is inaccurate or incomplete
• Deletion: request that we delete your information, subject to legal retention requirements
• Portability: request your information in a portable format
• Restriction: ask us to limit certain uses of your information
• Withdraw consent: withdraw any consent you previously gave
• Complain: file a complaint with us or with your state's attorney general

To exercise these rights, contact us at privacy@naverahealthandwellness.com. We will respond within the timeframe required by applicable law (generally within 45 days, with one extension where permitted). We may need to verify your identity before fulfilling your request. You may authorize an agent to make a request on your behalf, and we may verify the agent's authority.

State-Specific Privacy Rights

California Residents (CCPA / CPRA, CMIA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you specific rights regarding your personal information. These rights are summarized in the "Your Rights" section above and additionally include the right to know the categories and specific pieces of personal information we have collected, the right to opt out of any "sale" or "sharing" of personal information, and the right to limit the use or disclosure of "sensitive personal information."

Categories of personal information we have collected in the past 12 months: identifiers; customer records; characteristics of protected classifications; commercial information (transactions); internet or other electronic network activity (portal usage); general geolocation; audio or electronic information (where you provide it); professional information (where applicable); inferences; and sensitive personal information (account credentials and contents of communications, and information about health or mental health).

Sources: directly from you; from clinical partners with your authorization; from service providers; and automatically through your use of our portal.

Purposes: as described in "How We Use Your Information."

Disclosures for a business purpose: to the categories of service providers listed in "How We Share Information."

We do not sell or share personal information, including for cross-context behavioral advertising. We honor browser-based opt-out signals such as the Global Privacy Control (GPC). California residents may also have rights under the Confidentiality of Medical Information Act (CMIA), which protects medical information held by us irrespective of HIPAA status.

To submit a request, email privacy@naverahealthandwellness.com. We will not discriminate against you for exercising your rights.

Other US State Residents

If you are a resident of a US state with a comprehensive consumer privacy law — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Jersey, New Hampshire, Kentucky, Maryland, Minnesota, or Rhode Island — you have rights similar to those described in the "Your Rights" section, including the right to access, correct, delete, and port your personal data, and the right to opt out of targeted advertising, sales of personal data, and certain types of profiling. Navera does not engage in any of those opt-outable activities. To exercise your rights, contact us at privacy@naverahealthandwellness.com. If we deny your request, you may appeal by replying to our response; we will issue an appeal decision within the time required by applicable law (typically 60 days).

Children and Minors

Navera serves families and may collect information about adolescents and young adults when a parent or guardian engages our services on their behalf. Our services are intended for users at least 14 years of age, with parental or guardian consent for minors. We do not knowingly collect personal information from children under 13. We do not "sell" or "share" personal information about anyone we know to be under 16. Parents and guardians may review, request correction of, or request deletion of their child's information by contacting privacy@naverahealthandwellness.com.

International Users

Navera is operated from the United States and our services are intended for US residents. By using our services from outside the United States, you consent to the transfer and processing of your information in the United States.

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date above indicates when the policy was most recently revised. Significant changes will be communicated to active members via email or through a notice in the portal. Continued use of our services after the effective date of an update means you accept the revised policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Navera Health Group LLC
doing business as Navera Health & Wellness
Privacy Officer
30 N Gould St, Ste N
Sheridan, WY 82801
Phone: +1 (484) 916-4611
Email: privacy@naverahealthandwellness.com