Privacy Policy

Who we are and what this covers

This Privacy Policy explains how MedAmend (“MedAmend,” “we,” “us,” or “our”) handles information across this website and the MedAmend subscription service and related applications (together, the “Service”). The Service is intended for residents of the United States only.

Information we collect

Depending on how you use the Service, we collect:

• Waitlist email. If you join our waitlist, we collect the email address you submit. To protect the form from abuse, our server also records a one-way hashed form of your IP address and your browser’s user-agent string; we do not store your raw IP address.
• Account information. When you create an account, we collect information such as your name, email address, and login credentials.
• Healthcare and billing information you provide. To use the Service you may upload or enter protected health information — for example medical bills, explanations of benefits (EOBs), summaries of benefits and coverage (SBCs), and insurance or claims records. This is treated as protected health information (PHI). See “Protected health information (HIPAA),” below.
• Payment information. Paid subscriptions are processed by our payment processor, Stripe. We do not collect or store your full payment card number; Stripe handles it under its own terms. No health information is sent to Stripe.
• Limited technical and usage data. We use a cookieless, privacy-friendly analytics service to understand site usage in aggregate, and our systems log basic security and operational information. See “Cookies” and “Analytics,” below.

Protected health information (HIPAA)

The healthcare, billing, and insurance information you provide to the Service is protected health information, and we handle it in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable law.

We use your PHI only to provide and support the Service for you. We do not sell it, we do not use it for advertising, we never send it to our analytics provider, and we never send it to our payment processor. We restrict access to PHI to the systems and personnel that need it to operate the Service.

How we use information

We use the information we collect to:

• provide, operate, secure, and improve the Service;
• create and manage your account and process your subscription and payments;
• communicate with you about the Service, including early-access and launch updates if you joined the waitlist;
• protect against fraud, abuse, and security threats; and
• comply with our legal obligations.

Cookies

We use only strictly-necessary cookies — those required to sign you in, keep your session active, secure your account, and prevent payment fraud. We do not use advertising or third-party tracking cookies. Because we set no non-essential cookies, no cookie-consent banner is required. The marketing site is static and sets no cookies of its own. Our Cookies Policy lists the categories in detail.

Analytics

We use Plausible Analytics, a privacy-friendly service, to understand how visitors use the site in aggregate — for example page views and how many visitors join the waitlist. Plausible does not use cookies, does not collect personal information, and does not track you across other sites.

How we share information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only as follows:

• Service providers. We use Google Cloud / Firebase to host the Service and store data on our behalf, and Stripe to process payments, each under their own terms and only to perform services for us.
• Legal and safety. We may disclose information where required by law or to protect the rights, safety, and security of our users, the public, or MedAmend.
• Business transfers. If MedAmend is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

Data retention

We keep waitlist emails until we have invited you to early access plus a reasonable period, after which we delete or anonymize them. We retain account and Service data for as long as your account is active and as needed to provide the Service, and afterward only as required for legal, security, or recordkeeping purposes. You may ask us to delete your information as described below.

Your privacy rights

Depending on your state of residence, you may have rights under U.S. state privacy laws such as the California Consumer Privacy Act, as amended by the CPRA, including the right to know what personal information we hold about you, to request its deletion or correction, and to not be discriminated against for exercising these rights. We do not sell personal information or share it for cross-context behavioral advertising, so no opt-out of those activities is needed.

To exercise any of these rights, contact us using the details below. We will verify your request before acting on it, as the law allows.

Security

The Service is served over HTTPS, and data is transmitted over encrypted connections. We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including for PHI, and we restrict access to those who need it. No method of transmission or storage is completely secure, but we work to protect your information and to respond appropriately if an incident occurs.

Children

The Service is not directed to children under 18, and we do not knowingly collect their personal information. If you believe a child has provided us information, contact us and we will delete it.

Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, provide additional notice.

Contact

Questions or privacy requests: privacy@medamend.ai. [Full registered legal entity name and mailing address.]