Skip to content

EVV Privacy Policy

Last updated: February 20, 2026

This Privacy Policy describes how we collect, use, store, and protect information when you use the EVV Mobile application (“App”) and related services. The App provides Electronic Visit Verification for care workers and is intended for use in the United States only, in conjunction with PNB (Personal Needs and Benefits) services offered by CozziTech LLC. By using the App, you agree to this policy.

1. Who We Are

“We,” “our,” or “us” refers to CozziTech LLC, which operates the EVV Mobile app and the backend EVV services that the App connects to. The App is used in conjunction with PNB by CozziTech LLC. Your employer or the agency that provides you access to the App may also have access to visit data for their operations; their privacy practices are described in their own policies.

2. Scope

This policy applies to:

  • The EVV Mobile app on iOS and Android
  • Data collected through the App and transmitted to our servers
  • Data stored on your device by the App

It does not apply to third-party websites or apps you may open from links, or to your employer’s or agency’s handling of data outside this App.

3. Information We Collect

3.1 Account and Authentication

  • Username and password: You provide these to sign in. Passwords are verified by our servers (or by an integrated identity provider) and are not stored in plain text. We do not store your password on your device.
  • Account identifiers: After login, we receive and store on the device a secure token and identifiers such as worker ID and tenant/organization ID so the App can access your assigned consumers and record visits.

3.2 Biometric Data

The App may offer sign-in using Face ID, Touch ID, or device fingerprint. Biometric data is processed only on your device by the operating system. We do not collect, transmit, or store your actual biometric data. We only store a preference on the device that you have chosen to use biometric sign-in, and we use the device’s secure storage to keep your session token for re-authentication after a successful biometric check.

3.3 Location Data

Location is required for Electronic Visit Verification. We collect:

  • When in use: Your device’s location when you check in or check out of a visit, and when you request features that depend on location (e.g., nearby consumers, check-in addresses).
  • Background location: During an active check-in, the App may collect location in the background (when the app is in the background or the screen is off) to verify and record your presence for the visit. This is used only for visit verification and related compliance.

Location data (latitude, longitude, and timestamps) is sent to our servers and stored in association with check-in/check-out records and, where applicable, location history for the visit.

3.4 Visit and Check-In Data

We collect and store:

  • Check-in and check-out dates and times
  • Consumer/client identifiers and visit type
  • Selected service location (e.g., known address) and related identifiers
  • Optional notes you enter for a visit
  • Location at the time of check-in, check-out, and (during an active visit) periodic location points

3.5 Signature and Signer Information

When you provide a signature for a visit (e.g., consumer or authorized representative signature), we collect:

  • Signer name and title (as entered by you)
  • Signature image (stored on our servers in association with the visit)
  • Location and time at which the signature was captured

3.6 Notifications

The App uses local notifications (e.g., check-out reminders). Notification scheduling is done on your device. If the App uses push notifications in the future, we may collect a device token to deliver them; we will update this policy and obtain any required consents before doing so.

3.7 Device and Technical Data

When you use the App, we may receive or store:

  • Device type and operating system (e.g., for compatibility and support)
  • App version and API base URL (which may be configurable and stored only on the device)
  • Log data on our servers (e.g., request logs, errors) which may include IP address, timestamps, and request details

We do not use this information to track you across other apps or websites.

4. How We Use Your Information

  • To authenticate you and manage your session
  • To provide Electronic Visit Verification (check-in/check-out, location verification, visit history)
  • To show you assigned consumers, visit types, and service locations relevant to your role
  • To store and display signatures and visit notes for compliance and care documentation
  • To send you reminders (e.g., to check out) via local notifications
  • To operate, secure, and improve our services and to comply with legal and contractual obligations

We do not sell your personal information. We do not use your data for advertising or for building profiles for non–EVV purposes.

5. Legal Basis for Processing

The App is offered in the United States. We process your data where necessary to provide the EVV service, fulfill our contract with you or your employer, comply with applicable U.S. and state law (including EVV and Medicaid-related requirements), protect security and prevent fraud, and, where applicable, with your consent for optional features (which you may withdraw at any time).

6. Data Sharing and Disclosure

We may share data:

  • With your employer/agency: Visit data, check-in/check-out times, location data, and signatures are available to the organization that manages your account and the consumers you serve, for scheduling, billing, and compliance.
  • With service providers: We may use vendors that host our systems, manage databases, or provide support, under contracts that require them to protect your data and use it only as we instruct.
  • With integrated systems: If your agency uses integrated software (e.g., Alpha Anywhere or other EVV/HR systems), we may exchange data necessary for login and visit verification as configured by your agency.
  • For legal reasons: We may disclose data when required by law, court order, or government request, or to protect our or others’ rights, safety, or property.

We do not sell or rent your personal information to third parties for their marketing purposes.

7. Data Retention

We retain your data for as long as necessary to provide the EVV service, comply with legal and regulatory requirements (including those applicable to home care and EVV), resolve disputes, and enforce our agreements. Visit and location records may be retained for periods required by Medicaid, state EVV rules, or your agency’s policies. When data is no longer needed, we delete or anonymize it in accordance with our retention schedule.

8. Data Security

We use technical and organizational measures to protect your data, including:

  • Encryption of data in transit (e.g., HTTPS)
  • Secure storage of credentials and tokens on the device (e.g., secure storage/keychain)
  • Access controls and authentication on our servers
  • Restricting access to personal data to those who need it for their role

No system is completely secure. If you believe your account or data has been compromised, please contact us and your supervisor promptly.

9. Your Rights

Depending on where you live, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal and contractual exceptions
  • Restriction or object: In certain circumstances, request that we restrict processing or object to processing
  • Portability: In some jurisdictions, receive your data in a structured, machine-readable format
  • Withdraw consent: Where we rely on consent, withdraw it at any time
  • Complain: Lodge a complaint with a supervisory authority in your country

To exercise these rights, contact us using the details in Section 12. Your employer or agency may also be a data controller; you may need to contact them for data they hold. We will respond within the time required by applicable law.

10. Children

The App is not directed at children. We do not knowingly collect personal data from individuals under the minimum age required for employment or use of the App in your jurisdiction. If you believe we have collected such data, please contact us so we can delete it.

11. Data Location

Your data is processed and stored in the United States. Our service providers may also process data within the United States. The App is not intended for use outside the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the “Last updated” date. For material changes, we may notify you via the App or by email if we have your contact information. Continued use of the App after the updated date constitutes acceptance of the revised policy, except where your consent is required by law.

13. Contact Us

For questions about this Privacy Policy, your personal data, or to exercise your rights, contact:

CozziTech LLC
EVV Mobile / PNB Support
support@cozzitech.com

If your access to the App is provided by an agency or employer, you may also contact their privacy or HR contact for questions about how they use EVV data.

Last updated: February 20, 2026