Last updated: January 1, 2026
ODA Wellness Trust ("we," "our," or "us") operates this Secure Document Portal to facilitate the collection and management of health benefit–related documents on behalf of the ODA Wellness Trust. We are committed to protecting the privacy and security of all personal information entrusted to us.
We collect the following categories of information through this portal:
Member Information: Email address and name, provided by Trust administrators when adding members to the system.
Uploaded Documents: Files you submit through secure upload links, which may include insurance cards, medical records, lab results, prescriptions, benefit enrollment forms, identification documents, and other health benefit–related materials.
Technical Data: IP addresses, browser type, and access timestamps are logged for security and audit purposes. We do not use cookies for tracking or advertising.
Your information is used exclusively for the administration of health benefit programs through the ODA Wellness Trust. Specifically, we use it to receive, store, and manage benefit-related documents you submit; to notify you when a secure upload link is available; to confirm receipt of your documents when an administrator reviews them; and to maintain audit logs for security and compliance purposes.
We implement robust security measures to protect your data:
Encryption at Rest: All uploaded documents are encrypted using AES-256-GCM encryption before being stored. Files cannot be read without the encryption key, even if storage is compromised.
Encryption in Transit: All data transmitted between your browser and our servers is protected using TLS/HTTPS encryption.
Access Controls: Administrator access requires multi-factor authentication (MFA). All document access, previews, and downloads are recorded in a tamper-evident audit log.
Time-Limited Upload Links: Secure upload links expire after 24 hours and can only be used once, preventing unauthorized access.
Rate Limiting: Automated protections prevent abuse of the upload request system.
We do not sell, rent, or trade your personal information or uploaded documents to any third party. Your documents are accessible only to authorized administrators of the ODA Wellness Trust who require access for the administration of your health benefits. We may use third-party email delivery services (such as SendGrid) to send transactional emails; these services process only email addresses and message content, not your uploaded documents.
Uploaded documents are retained for as long as they are needed for benefit administration purposes. Administrators may delete documents when they are no longer required. When a document is deleted, the encrypted file is permanently removed from our servers. Audit log entries are retained for compliance and security review purposes.
You have the right to know what personal information we hold about you. You may request information about your data by contacting the Trust administrator. You may also request correction of inaccurate information or deletion of your personal data, subject to any legal or regulatory retention requirements.
To the extent that information processed through this portal constitutes Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA), we handle such information in accordance with applicable HIPAA requirements. Filenames containing potentially identifiable information are masked in email communications to reduce the risk of inadvertent PHI disclosure.
We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. Continued use of the portal following changes constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy or how your information is handled, please contact the ODA Wellness Trust administration team.