Back to Home
Your Privacy Matters

Privacy Policy

Learn how we protect and manage your personal and health information

Effective Date: December 26, 2025

MedAi ("we" or "us") is committed to protecting the privacy and security of our users' personal and health information. This policy explains what data we collect, how we use and protect it, and the rights of our users under applicable laws. It applies to all MedAi users in India, the United States (subject to HIPAA and U.S. privacy laws), and the European Union (subject to the GDPR).

1. Information We Collect

  • Personal Information: Contact and account information such as name, professional title, email, mailing address, phone number, and login credentials.
  • Health and Patient Data: Patient-related data (medical history, diagnoses, clinical notes) provided for medical coding purposes. We adhere to HIPAA's "minimum necessary" principle.
  • Usage and Technical Data: IP addresses, browser types, session logs, and technical identifiers collected via cookies and tracking technologies (e.g., Google Analytics). PHI is excluded from these tracking tools.

2. Account Creation and Data Storage

  • Healthcare professionals must create an account to use the service.
  • Data is stored securely, encrypted at rest and in transit, and retained as long as the account is active or required by law.
  • Cloud hosting environments meet HIPAA security standards.

3. Use of Cookies and Tracking Technologies

  • Essential cookies are used for login sessions and preferences.
  • Analytics cookies measure site traffic without storing PHI.
  • Users can manage cookie preferences via browser settings.

4. Data Sharing and Third-Party Service Providers

  • Service Providers: Trusted vendors (cloud, storage, etc.) process data under strict controls. Business Associate Agreements (BAAs) are signed for any handling of PHI.
  • Legal/Safety: Disclosures may occur if required by law or to protect rights and safety.
  • Consent: Data may be shared with explicit user consent.

5. HIPAA Compliance

  • Implements administrative, physical, and technical safeguards for ePHI.
  • Maintains audit logs and restricts system access.
  • Supports individual rights (access/corrections) and follows the Breach Notification Rule.

6. GDPR Compliance (for EU Users)

  • Processes data on lawful grounds (consent or contract).
  • Follows principles of fairness, transparency, and data minimization.
  • EU users have rights to access, correction, erasure ("right to be forgotten"), and data portability.

7. Data Security Practices

  • TLS/SSL encryption, firewalls, intrusion detection, and multi-factor authentication for administrative access.
  • Regular vulnerability assessments and patch management.

8. Your Rights and Choices

  • Account Access: Users can update or delete profile information.
  • HIPAA/Medical Rights: MedAi assists providers in fulfilling patient requests for health records.
  • CCPA/CPRA (California): Rights to know, delete, correct, and limit use of sensitive personal info (non-sale of data).

9. Contact Information

For inquiries or exercising rights:

Email: info@medai.co.in

10. Updates to this Policy

Changes will be notified via the platform or email. Continued use of MedAi constitutes acceptance of updates.

Our Commitment to Privacy

We are dedicated to maintaining the highest standards of data protection and privacy. Your trust is paramount, and we continuously work to ensure your information is safe and secure.

Last Updated: December 26, 2025