Privacy Policy | LumenHealth

Last updated: April 2026

Overview

LumenHealth (“we,” “us,” “our”) respects your privacy. This policy explains how we collect, use, and protect information when you visit our website or use our services, including our AI governance assessments.

HIPAA and protected health information

LumenHealth does not collect, store, or process protected health information (PHI). Our AI governance assessments collect organizational-level information about policies, practices, and governance structures — not individual patient data or health records. No individually identifiable health information is requested, transmitted, or retained at any point in the assessment process.

Information we collect

Assessment responses. When you complete an AI governance assessment, we collect your name, email address, role, organization name, and your responses to governance-related questions. This information is used to generate your assessment results, enable follow-up engagement, and improve our assessment methodology.

Contact form submissions. When you submit our contact form, we collect the information you provide: your name, email address, organization name, role, and any additional details you include. This information is used solely to respond to your inquiry.

Analytics. We use Google Analytics (GA4) to understand how visitors use our site. GA4 collects anonymized usage data including pages visited, time on site, and general geographic region. We do not use this data to identify individual visitors, and we do not sell analytics data to third parties.

How we use your information

We use assessment responses to generate governance maturity scores and recommendations for your organization. We use contact form submissions to respond to inquiries. We may use aggregated, de-identified assessment data to improve our methodology and publish industry benchmarks. We do not add you to marketing lists without your explicit consent.

Data handling

Assessment and contact data is stored in secure, encrypted databases. We do not sell organizational data. We do not share your individual assessment responses with other organizations or third parties. Aggregated, de-identified data may be used to develop industry benchmarks and improve our assessment frameworks.

Data retention

Assessment responses and contact information are retained to support ongoing engagement and for reasonable business record-keeping purposes. You may request deletion of your data at any time.

Your rights

You may request access to, correction of, or deletion of your personal information at any time by contacting us through our contact page. We will respond to data requests within 30 days.

Changes to this policy

We may update this policy from time to time. Material changes will be noted on this page with an updated revision date.

Contact

Questions about this privacy policy can be directed to us via our contact page.