SMS Two-Factor Authentication (2FA) Privacy Policy

Last Updated: 3/18/2026
Effective Date: 1/1/2020

1. Overview

Cordata Healthcare Innovations, Inc ("we," "us," or "our") uses SMS-based Two-Factor Authentication (2FA) to enhance the security of your account. This policy explains how we collect, use, store, and protect your mobile phone number and related data in connection with our SMS 2FA service.

2. Information We Collect

When you enroll in SMS Two-Factor Authentication, we collect:

Mobile phone number — The phone number you provide for receiving verification codes
Verification activity logs — Timestamps of when verification codes were sent and whether authentication was successful or failed

We do not collect the content of any messages beyond the verification transaction itself.

3. How We Use Your Information

Your phone number and associated data are used solely for the following purposes:

Sending one-time passcodes (OTP) to verify your identity during login
Maintaining security logs for fraud prevention and compliance purposes

We will not use your phone number for marketing, promotional, or advertising communications.

By enrolling in SMS 2FA and providing your mobile phone number, you expressly consent to receive automated SMS messages from us solely for account verification purposes, in compliance with the Telephone Consumer Protection Act (TCPA) and applicable carrier regulations.

4. SMS Message Frequency & Charges

You will only receive SMS messages when a login or verification event is triggered by you or detected on your account
Message frequency varies based on your account activity
Standard message and data rates from your mobile carrier may apply
Cordata Healthcare Innovations is not responsible for charges imposed by your mobile carrier

5. Third-Party Service Providers

We use Amazon Web Services (AWS) End User Messaging and/or Twilio to transmit SMS verification codes on our behalf. AWS and/or Twilio acts as a data processor under our direction and is contractually prohibited from using your phone number for any purpose other than delivering messages on our behalf.

For more information, please review:

We do not sell, rent, or share your phone number with any other third parties.

6. Data Retention

Data Type	Retention Period
Mobile phone number	Retained while your account is stored within our system. You may contact support to remove your number at any time.
Verification attempt logs	Retained indefinitely for security auditing purposes
Failed authentication records	Retained for [90 days / 1 year] for fraud prevention

After the applicable retention period, data is securely deleted or anonymized.

7. How We Protect Your Information

Encryption of phone numbers at rest and in transit
Access controls limiting who within our organization can view authentication records
AWS infrastructure security and compliance certifications (SOC 2, ISO 27001)
Regular security assessments of our authentication systems

8. Your Rights & Choices

Opt out of SMS 2FA — You may disable SMS-based two-factor authentication in your account settings at any time
Opt out of SMS 2FA — You may disable SMS-based two-factor authentication from your mobile phone by sending STOP back to the message
Update your phone number — You may update the phone number associated with your account at any time
Request deletion — Contact us at support@cordatahealth.com
Access your data — Request a copy of authentication data associated with your account

Message and data rates may apply. Message frequency varies based on account activity. Reply STOP to opt out. Reply HELP for support.

SMS Opt-Out: You may reply STOP to any SMS verification message to opt out of SMS-based 2FA. You may reply HELP to receive support contact information. Note that opting out of SMS 2FA may affect your ability to access your account if SMS is your only configured 2FA method.

State-Specific Rights: Depending on your state of residence, you may have additional privacy rights under applicable state law, including the California Consumer Privacy Act (CCPA). To exercise such rights, please contact us at support@cordatahealth.com.

9. Children's Privacy

Our SMS 2FA service is not directed at individuals under the age of 13. We do not knowingly collect phone numbers from children under 13. If you believe a child has provided us with their phone number, please contact us immediately at support@cordatahealth.com.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Continued use of SMS 2FA following notice of changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this policy or our SMS data practices, please contact us:

Cordata Healthcare Innovations, Inc.
Attn: Privacy & Security
📧 support@cordatahealth.com