Avofax

Legal

Privacy Policy

How Avofax handles personal data, security, and compliance for our online fax service.

Last updated: February 27, 2026

This Privacy Policy describes how Avo LLC (“AvoFax,” “we,” “us,” or “our”) collects, uses, discloses, and protects the personal information of users (“you” or “your”) of the AvoFax cloud fax platform, located at avofax.com (the “Service”). AvoFax is operated by Avo LLC, located at 5151 California Avenue, Irvine, CA.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, you should not use the Service.

For questions about this Privacy Policy, contact us at [email protected]. For general inquiries, contact [email protected].

1. Information We Collect

1.1 Account Information

When you create an AvoFax account, we collect:

  • Email address - used for authentication, notifications, and account recovery.
  • Username - your chosen display name within your workspace.
  • Password - securely hashed before storage; we never store plaintext passwords.

1.2 Fax Data

When you send or receive faxes through the Service, we process and store:

  • Sender and recipient fax numbers
  • Subject line and sender/recipient names
  • Page count and fax document content (PDF files)
  • Delivery status and transmission metadata
  • Tags and organizational labels you assign to faxes

1.3 Contact Information

If you use our contacts feature, we store the contact details you provide:

  • Name, fax number, email address
  • Company name and physical address
  • Notes and tags you assign to contacts

1.4 Billing Information

Payment processing is handled by a PCI-compliant third-party payment processor. AvoFax never receives, processes, or stores your credit card number, debit card number, or bank account details. We store only:

  • Payment amounts and billing cycle information
  • Plan type and subscription status

1.5 Workspace and Membership Data

For team and organizational features, we store:

  • Workspace name and URL slug
  • Member roles (owner, admin, member) and membership timestamps

1.6 Audit Logs

To support security monitoring and regulatory compliance, we automatically log:

  • User ID and timestamp of each action
  • IP address
  • Action performed (e.g., login, fax sent, settings changed)

1.7 Business Associate Agreement (BAA) Data

If you accept a BAA through the Service, we record:

  • Signer name, email address, and title
  • IP address at the time of acceptance
  • Timestamp of the agreement

1.8 Cookies and Analytics

AvoFax uses a minimal set of cookies for essential functionality such as keeping you logged in and remembering your preferences.

We also use analytics tools (Google Analytics 4 and PostHog) via Google Tag Manager to understand how visitors find and use our website. These tools collect anonymous usage data such as pages visited, referral source, and general location (country/region). We do not use advertising cookies, fingerprinting technologies, or share analytics data with advertisers.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service - send and receive faxes, store documents, manage contacts, and operate workspace features.
  • Authentication and security - verify your identity, enforce access controls, and maintain audit trails.
  • Billing - process payments and manage plan changes.
  • Communications - send transactional emails including fax delivery notifications, account security alerts, and billing receipts.
  • Compliance - meet legal obligations under HIPAA, California privacy laws, and other applicable regulations.
  • Service improvement - diagnose technical issues and improve reliability.

We do not use your information for advertising, profiling, or any purpose unrelated to providing and improving the Service.

3. Third-Party Service Providers

We share information with the following categories of service providers, strictly as necessary to operate the Service. We do not share your data with any advertising networks, data brokers, or marketing platforms.

  • Payment processing - a PCI-compliant payment processor handles all transactions. AvoFax never receives or stores your card details.
  • Fax transmission - licensed telecommunications providers deliver faxes over the public switched telephone network (PSTN). Fax content is transmitted to these providers as necessary to complete delivery.
  • Document storage - encrypted cloud storage providers store fax documents. All stored documents are encrypted at rest.
  • Email delivery - an email delivery provider sends transactional emails on our behalf, including fax notifications and account alerts.
  • Document conversion - document format conversion (e.g., Word to PDF) is performed on our own infrastructure and does not transmit your documents to any third party.
  • Analytics - with your consent, Google Analytics 4 and PostHog collect anonymous website usage data to help us improve our marketing site. No personally identifiable information is shared with these providers, and analytics are governed by Google Consent Mode v2.

All third-party providers are bound by data processing agreements and are prohibited from using your data for any purpose other than providing their services to AvoFax.

4. HIPAA Compliance and Protected Health Information

AvoFax recognizes that many of our customers operate in healthcare and other regulated industries. Fax transmissions may contain Protected Health Information (“PHI”) as defined by HIPAA.

4.1 Business Associate Status

When AvoFax processes PHI on behalf of a Covered Entity or another Business Associate, AvoFax acts as a Business Associate under HIPAA. The handling of PHI is governed by a Business Associate Agreement (“BAA”) that you may execute through the Service.

4.2 Safeguards

AvoFax maintains administrative, technical, and physical safeguards to protect PHI, including:

  • Role-based access control with workspace-level data isolation
  • Encryption at rest (AES-256) and in transit (TLS 1.2+)
  • Multi-factor authentication (MFA) support
  • Full audit logging of all data access
  • Minimum necessary access standards for internal personnel

5. Data Sharing and Disclosure

AvoFax does not sell, rent, or trade your personal information to any third party. We do not share your information for advertising or marketing purposes.

We may disclose your information only in the following circumstances:

  • Service providers - to the categories of providers listed in Section 3, solely as necessary to operate the Service.
  • Legal requirements - when required by law, subpoena, or court order.
  • Protection of rights - to protect the rights, safety, or property of AvoFax, our users, or the public.
  • Business transfers - in connection with a merger, acquisition, or sale of assets. You will be notified in such an event.
  • With your consent - for any other purpose with your explicit consent.

6. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know - request what personal information we have collected about you.
  • Right to Delete - request deletion of your personal information, subject to legal exceptions.
  • Right to Correct - request correction of inaccurate personal information.
  • Non-Discrimination - we will not discriminate against you for exercising your privacy rights.

AvoFax does not sell or share personal information as defined under the CCPA.

To exercise your rights, contact us at [email protected]. We will respond within 45 calendar days.

7. Data Retention

We retain your data as follows:

  • Fax documents, contacts, and account data - retained while your account is active. Deleted within 30 days of account closure.
  • Audit logs - 6 years (HIPAA requirement).
  • Billing records - 7 years (tax and financial record-keeping requirements).
  • BAA records - 6 years from termination (HIPAA requirement).

8. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information, including encryption at rest and in transit, secure password storage, role-based access control, and detailed audit logging.

No method of transmission over the Internet is 100% secure. If you have reason to believe your account has been compromised, contact us immediately at [email protected].

9. Breach Notification

In the event of a data breach involving your personal information, we will notify affected users without unreasonable delay, in compliance with HIPAA and California law. For breaches involving PHI, AvoFax commits to notifying affected parties within 72 hours of confirmation.

10. Email Communications

AvoFax sends transactional emails related to your use of the Service, including:

  • Security alerts (new logins, password changes)
  • Account management (confirmations, workspace invitations)
  • Billing notifications (receipts, payment alerts)
  • Fax delivery reports and incoming fax notifications (configurable in settings)

AvoFax does not send marketing emails or newsletters.

11. International Data Transfers

AvoFax is based in the United States and processes data primarily within the United States. By using the Service, you consent to the transfer and processing of your information in the United States.

12. Children's Privacy

AvoFax is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to AvoFax, please contact us at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date and notify registered users by email at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the changes.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us: