The short version: Pario never sells your personal data. Your employer sees only aggregate, anonymized program metrics — never individual health information. You can revoke access to your health account at any time.

1. Who we are

Pario ("we," "us," or "our") is a benefits technology company. Our platform helps self-insured employers reduce healthcare spending while rewarding employees for making cost-effective care decisions. Our primary service involves identifying savings opportunities when certain care orders are placed, notifying employees via SMS, and depositing HSA rewards for employees who act on those opportunities.

Our registered address is: Pario, Inc., Jacksonville, Florida. For privacy inquiries, contact us at privacy@getpario.com.

2. Information we collect

Information you provide

  • Name, work email address, and job title when you request a demo or contact us
  • Company name and employee headcount for employer onboarding
  • Phone number for SMS notifications (employee enrollment)
  • ZIP code for facility matching during enrollment

Information from your health account authorization

When you connect your health account during enrollment, we receive limited, read-only access to specific types of clinical orders associated with your account. We access only what is necessary to identify savings opportunities — specifically, scheduled imaging orders. We do not access your diagnosis history, medication records, mental health records, or any other clinical information beyond the order types we need to operate the program.

Information we generate

  • Records of SMS messages sent and received in connection with the program
  • Records of appointments confirmed and rewards issued
  • Program performance metrics (anonymized and aggregated)
  • Access logs and security audit records

3. How we use your information

  • To identify savings opportunities when applicable care orders are placed in your name
  • To send you SMS notifications about those opportunities
  • To facilitate appointment booking through our care navigator team
  • To process HSA reward deposits upon confirmed appointments
  • To provide employers with aggregate, anonymized program performance reports
  • To improve our platform and identify new savings opportunity categories
  • To comply with our legal obligations, including HIPAA

We do not use your health information for marketing purposes. We do not use it to build profiles for sale to third parties. We do not use it for purposes other than operating the program you enrolled in.

4. Health data — special protections

Any health information we access in connection with your enrollment is Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). We operate as a Business Associate under HIPAA and have signed Business Associate Agreements with every employer who uses our platform.

Specifically, we:

  • Encrypt all PHI in transit using TLS 1.2 or higher
  • Encrypt all PHI at rest using AES-256 encryption
  • Limit access to PHI to personnel who require it to operate the program
  • Conduct regular security assessments including annual penetration testing
  • Maintain audit logs of all access to PHI
  • Notify affected individuals and employers of any breach as required by HIPAA

Your authorization to access your health account can be revoked at any time through your health account's app settings or by contacting us at privacy@getpario.com. Revocation will prevent future access; it does not affect records already generated in connection with rewards previously processed.

5. What your employer sees

Your employer — who pays for the Pario program — receives aggregate, anonymized reporting only. This means:

  • Total number of imaging orders identified across the enrolled population
  • Total number of employees who received an offer
  • Total number of steered cases
  • Total gross savings, rewards paid, and net savings
  • Enrollment rate (percentage of employees enrolled)

Your employer does not receive your name in connection with any care order or case. Your employer does not receive information about what type of imaging was ordered, what condition it relates to, or any other clinical detail. If you have questions about what your employer sees, contact us at privacy@getpario.com and we will provide a specific description.

6. How we share information

We share information only in the following circumstances:

  • Care navigators: Our navigator team receives the information necessary to book your appointment — your name, phone number, order type, and chosen facility. This information is used solely to complete the booking.
  • HSA administrators: We share your employer-assigned employee ID and reward amount with your HSA administrator (such as HealthEquity or Fidelity) to process the reward deposit. We share no clinical information.
  • Technology vendors: We use third-party services to operate the platform (SMS delivery, cloud hosting, security monitoring). These vendors are bound by data processing agreements and are prohibited from using your information for any purpose other than providing the service to us.
  • Legal requirements: We may disclose information when required by law, court order, or to protect the rights and safety of individuals.

We do not sell your personal information. We do not share your health information with advertisers, data brokers, or insurers for underwriting purposes.

7. Your rights and choices

  • Opt out of SMS: Reply STOP to any Pario text message at any time. You will receive no further SMS notifications. This does not affect your enrollment or coverage.
  • Revoke health account access: Disconnect Pario from your health account at any time through your health account app or by contacting us.
  • Request your data: You may request a copy of the personal information we hold about you by contacting privacy@getpario.com.
  • Request deletion: You may request deletion of your personal information. We will honor this request subject to our legal obligations to retain certain records.
  • HIPAA rights: As a covered entity under HIPAA, you have the right to request access to, amendment of, and an accounting of disclosures of your PHI. Contact privacy@getpario.com to exercise these rights.

8. Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information we handle. Our security program includes encryption at rest and in transit, role-based access controls, multi-factor authentication for all system access, annual penetration testing, and continuous security monitoring. For full details, see our Security page.

9. Contact us

For any privacy-related question, request, or concern:

  • Email: privacy@getpario.com
  • Mail: Pario Privacy, Jacksonville, Florida
  • Response time: We respond to all privacy inquiries within 5 business days

If you believe your privacy rights have been violated, you may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr.