Legal

Privacy Policy

Last updated: May 2026

1. Information We Collect

We collect information you provide directly:

Account information: name, email address, professional role, and practice details when you sign up.
Patient information: contact details, insurance information, and demographic data as entered by your care team.
Clinical data: encounter notes, prescriptions, lab results, and other medical records entered into the platform.
Billing information: payment details processed securely through Stripe. We do not store card numbers.
Usage data: pages visited, features used, and session duration to improve the platform. This data is anonymized and never linked to PHI.

2. Protected Health Information (PHI)

PHI is handled in strict accordance with HIPAA regulations. We act as a Business Associate under a signed Business Associate Agreement (BAA) with each covered entity.

Encryption: all PHI is encrypted at rest using AES-256 and in transit using TLS 1.3.
Access controls: role-based permissions ensure only authorized users can access patient data.
Audit trail: every access to PHI is logged in an immutable HIPAA audit trail, including who accessed the data, when, and what action was performed.
Key management: encryption keys are managed through a dedicated key management service with regular rotation.

3. How We Use Your Information

To provide, maintain, and improve the MedAgento platform.
To process payments and generate invoices via Stripe.
To send appointment reminders, notifications, and transactional emails.
To provide customer support and respond to your inquiries.
To improve our AI models using only de-identified, aggregated data.
To detect and prevent fraud, abuse, and security incidents.
To comply with legal obligations and regulatory requirements.

4. AI Data Processing

When you use AI features (AI Scribe, coding suggestions, lab interpretation, clinical summaries), your inputs are processed in real-time to generate outputs. Important details:

Your raw clinical data is never used for model training.
AI inputs are processed in real-time and are not retained by AI providers beyond the generation request.
AI-generated content is clearly labeled and must be reviewed by a licensed provider before being finalized.
All AI operations create HIPAA audit log entries.
Model improvements use only de-identified, aggregated data that cannot be traced back to individual patients.

6. Data Storage and Security

We implement administrative, physical, and technical safeguards to protect your data:

Technical: AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, multi-factor authentication, automated vulnerability scanning.
Administrative: background checks for all employees, mandatory HIPAA training, incident response procedures, regular security risk assessments.
Physical: SOC 2 Type II certified data centers with 24/7 monitoring, biometric access controls, and redundant infrastructure.

7. Data Retention

Clinical records: retained for the duration required by applicable state and federal law (minimum 7 years for adult records, longer for pediatric records).
Account data: retained while your account is active and for 30 days after a deletion request, during which you may reactivate.
Audit logs: retained for a minimum of 6 years as required by HIPAA.
Billing records: retained as required by tax and financial regulations.

8. Your Rights

You have the right to:

Access the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data (subject to legal retention requirements).
Export your data in standard, machine-readable formats.
Request restrictions on how your data is used or shared.
Patients may request their health records under HIPAA.
Withdraw consent for optional data processing at any time.

To exercise these rights, contact us at privacy@medagento.com.

9. Cookies

We use essential cookies for authentication and session management. These cannot be disabled as they are required for the platform to function. We use privacy-friendly analytics that do not track individual users. We do not use third-party tracking cookies or advertising pixels.

10. Breach Notification

In the unlikely event of a data breach affecting your information, we will notify you within 72 hours as required by HIPAA and applicable state laws. Notifications will include the nature of the breach, the data affected, steps we are taking to address it, and recommended actions for you.

11. Children

MedAgento accounts are intended for licensed healthcare providers, practice staff, and adult patients. We do not knowingly collect personal information from children under 18 as account holders. Pediatric patient records are managed by authorized providers in compliance with applicable law.

12. Contact

For privacy-related questions, HIPAA inquiries, or data access requests, contact our Privacy Officer at privacy@medagento.com. For general questions, reach us at hello@medagento.com.

Legal

Privacy Policy

Last updated: May 2026

1. Information We Collect

We collect information you provide directly:

Account information: name, email address, professional role, and practice details when you sign up.
Patient information: contact details, insurance information, and demographic data as entered by your care team.
Clinical data: encounter notes, prescriptions, lab results, and other medical records entered into the platform.
Billing information: payment details processed securely through Stripe. We do not store card numbers.
Usage data: pages visited, features used, and session duration to improve the platform. This data is anonymized and never linked to PHI.

2. Protected Health Information (PHI)

PHI is handled in strict accordance with HIPAA regulations. We act as a Business Associate under a signed Business Associate Agreement (BAA) with each covered entity.

Encryption: all PHI is encrypted at rest using AES-256 and in transit using TLS 1.3.
Access controls: role-based permissions ensure only authorized users can access patient data.
Audit trail: every access to PHI is logged in an immutable HIPAA audit trail, including who accessed the data, when, and what action was performed.
Key management: encryption keys are managed through a dedicated key management service with regular rotation.

3. How We Use Your Information

To provide, maintain, and improve the MedAgento platform.
To process payments and generate invoices via Stripe.
To send appointment reminders, notifications, and transactional emails.
To provide customer support and respond to your inquiries.
To improve our AI models using only de-identified, aggregated data.
To detect and prevent fraud, abuse, and security incidents.
To comply with legal obligations and regulatory requirements.

4. AI Data Processing

When you use AI features (AI Scribe, coding suggestions, lab interpretation, clinical summaries), your inputs are processed in real-time to generate outputs. Important details:

Your raw clinical data is never used for model training.
AI inputs are processed in real-time and are not retained by AI providers beyond the generation request.
AI-generated content is clearly labeled and must be reviewed by a licensed provider before being finalized.
All AI operations create HIPAA audit log entries.
Model improvements use only de-identified, aggregated data that cannot be traced back to individual patients.

6. Data Storage and Security

We implement administrative, physical, and technical safeguards to protect your data:

Technical: AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, multi-factor authentication, automated vulnerability scanning.
Administrative: background checks for all employees, mandatory HIPAA training, incident response procedures, regular security risk assessments.
Physical: SOC 2 Type II certified data centers with 24/7 monitoring, biometric access controls, and redundant infrastructure.

7. Data Retention

Clinical records: retained for the duration required by applicable state and federal law (minimum 7 years for adult records, longer for pediatric records).
Account data: retained while your account is active and for 30 days after a deletion request, during which you may reactivate.
Audit logs: retained for a minimum of 6 years as required by HIPAA.
Billing records: retained as required by tax and financial regulations.

8. Your Rights

You have the right to:

Access the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data (subject to legal retention requirements).
Export your data in standard, machine-readable formats.
Request restrictions on how your data is used or shared.
Patients may request their health records under HIPAA.
Withdraw consent for optional data processing at any time.

To exercise these rights, contact us at privacy@medagento.com.

9. Cookies

10. Breach Notification

11. Children

12. Contact

For privacy-related questions, HIPAA inquiries, or data access requests, contact our Privacy Officer at privacy@medagento.com. For general questions, reach us at hello@medagento.com.

Privacy Policy

1. Information We Collect

2. Protected Health Information (PHI)

3. How We Use Your Information

4. AI Data Processing

5. Data Sharing

6. Data Storage and Security

7. Data Retention

8. Your Rights

9. Cookies

10. Breach Notification

11. Children

12. Contact

Privacy Policy

1. Information We Collect

2. Protected Health Information (PHI)

3. How We Use Your Information

4. AI Data Processing

5. Data Sharing

6. Data Storage and Security

7. Data Retention

8. Your Rights

9. Cookies

10. Breach Notification

11. Children

12. Contact