Last updated: March 8, 2026
TeleVerify ("we," "our," or "the Service") is a telehealth compliance verification tool that helps healthcare providers confirm location-based regulatory compliance during virtual visits. This Privacy Policy explains how we collect, use, store, and protect your information.
Provider Information: National Provider Identifier (NPI), name, credentials, licensed states, email address, and hashed password for account authentication.
Patient Information: Approximate geographic location (state-level only) determined via IP address geolocation or voluntary self-report. We do not collect patient names, medical records, or health information.
Session Data: Compliance check results, session timestamps, provider and patient state codes, and exception flags (emergency consultation, established patient). Sessions are automatically deleted after 4 hours.
Zoom Integration Data: When you connect your Zoom account, we store encrypted OAuth access and refresh tokens, your Zoom user ID, and Zoom email address. We access meeting context (meeting ID, participant role) only when the app is actively used during a meeting.
We use the information collected to: verify that healthcare providers are authorized to treat patients across state lines; generate compliance check results and audit logs; maintain your account and authentication; and integrate with Zoom for in-meeting compliance verification.
TeleVerify integrates with the following external services:
Zoom Video Communications: OAuth authentication and meeting context via the Zoom Apps SDK. Subject to Zoom's Privacy Policy.
IP-API: IP-based geolocation to approximate provider and patient state. Only IP addresses are transmitted; no personal information is shared.
NPI Registry (CMS): National provider lookup via the NPPES API to verify provider credentials. This is a public government database.
OpenStreetMap / Nominatim: Reverse geocoding for GPS coordinates when available. No personal data is transmitted.
Data is stored in PostgreSQL databases hosted on Railway with SSL encryption in transit. Zoom OAuth tokens are encrypted at rest using AES-256-GCM. Passwords are hashed with bcrypt. All connections use HTTPS with HSTS enforcement.
Compliance sessions are automatically deleted after 4 hours. Audit logs are retained for regulatory compliance purposes. Provider accounts persist until manually deleted. When you disconnect TeleVerify from Zoom (uninstall the app), all associated tokens and session data are automatically deleted.
You may request access to, correction of, or deletion of your personal data by contacting us. Providers can delete their accounts through the application. When you revoke TeleVerify's access through Zoom, we automatically delete your Zoom-related data.
TeleVerify is intended for use by licensed healthcare professionals and is not directed at children under 13. We do not knowingly collect information from children.
We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page.
For privacy-related inquiries, contact us at: support@televerify.org