ELH Health is a B2B platform. We process two distinct categories of personal data: (1) customer admin data — names, emails, billing details of the people at Customer Orgs who use ELH Health; and (2) member data — including PHI — submitted by Customer Orgs about their end users (members).
Used to provide the Service, send transactional and account emails, and analyze aggregate product usage. Retained for the contract term + 30 days. Never sold; never used for cross-customer ML training.
ELH Health acts as a Processor / Business Associate for member data. The Customer Org is the Controller / Covered Entity. Member data is processed only to provide the Service, on Customer instructions. Members exercising their rights (access, correction, deletion) should contact their Org admin first; we will assist as Processor.
Supabase, Render, Resend, Sentry, Stripe (billing only). Full list in the DPA.
US-East default. EU and Canadian regions available on Enterprise Plus, with data localization. Cross-border transfers covered by SCCs.
See /security.