Home Services About Contact Privacy Book Appointment
Legal

Privacy Policy

Medixo Health Inc. is committed to protecting your personal and health information with the highest standards of privacy and security.

Contents

Overview Information We Collect How We Use Information Information Sharing Data Security Cookies & Tracking Your Rights Children's Privacy HIPAA Compliance Third-Party Services Data Retention Policy Changes Contact Us
📅 Last Updated: January 15, 2025  |  Effective Date: January 15, 2025

1. Overview

Medixo Health Inc. ("Medixo," "we," "our," or "us") is deeply committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and health information when you use our website, mobile application, and healthcare services (collectively, the "Platform").

Please read this Privacy Policy carefully. By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

🔒 Quick Summary: We collect only what we need, protect it with industry-leading security, never sell your data, and give you full control over your health information.

2. Information We Collect

We collect several types of information to provide and improve our services:

2.1 Personal Information

When you register for an account or book an appointment, we collect:

  • Full name, date of birth, and gender
  • Email address, phone number, and mailing address
  • Government-issued ID for identity verification purposes
  • Insurance information and billing details
  • Emergency contact information

2.2 Health & Medical Information

To provide healthcare services, we may collect:

  • Medical history, current conditions, and diagnoses
  • Medications, allergies, and treatment plans
  • Lab results, diagnostic reports, and imaging files
  • Mental health information and therapy session notes
  • Vital signs and biometric data from connected devices
  • Prescription history and pharmacy records

2.3 Technical & Usage Information

When you use our Platform, we automatically collect:

  • IP address, browser type, and operating system
  • Device identifiers and mobile device information
  • Pages visited, features used, and time spent on the Platform
  • Clickstream data and navigation patterns
  • Crash logs and performance data

2.4 Communication Data

We retain records of your communications with us, including support tickets, chat transcripts, emails, and feedback submitted through the Platform.

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Providing Healthcare Services

  • Facilitating consultations between you and licensed healthcare providers
  • Processing appointment bookings, lab orders, and prescription requests
  • Coordinating medicine delivery and home care services
  • Maintaining and sharing your Electronic Health Record (EHR) with your care team

3.2 Improving Our Platform

  • Analyzing usage patterns to enhance user experience and service quality
  • Developing new features and health programs based on user needs
  • Training AI and machine learning models to improve diagnostic support
  • Conducting anonymized research to advance population health insights

3.3 Communications & Support

  • Sending appointment reminders, health alerts, and care follow-ups
  • Responding to inquiries and providing customer support
  • Sending newsletters, health tips, and service updates (with your consent)
  • Notifying you of important policy or service changes

3.4 Legal & Safety Obligations

  • Complying with applicable laws, regulations, and court orders
  • Detecting, investigating, and preventing fraudulent activity
  • Protecting the safety of patients, healthcare providers, and our staff

4. Information Sharing and Disclosure

We do not sell your personal or health information to third parties. We may share your information in the following limited circumstances:

4.1 Healthcare Providers

We share your health information with licensed physicians, specialists, nurses, and other healthcare professionals on our platform as necessary to provide your care. All providers are contractually bound to maintain the confidentiality of your data.

4.2 Service Providers

We work with vetted third-party vendors who assist us in operating the Platform, including cloud hosting providers, payment processors, lab testing partners, and pharmacy networks. These parties may access your data only as needed to perform their services and are bound by strict data processing agreements.

4.3 Insurance & Billing

With your authorization, we share necessary information with insurance companies and billing entities to process claims and reimbursements.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or when we believe disclosure is necessary to protect rights, property, or safety — including your own.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

⚠️ We will never sell, rent, or lease your health information to advertisers, data brokers, or marketing companies. Your health data is not a product.

5. Data Security

We implement industry-leading security measures to protect your information from unauthorized access, disclosure, alteration, and destruction:

  • Encryption: All data is encrypted using AES-256 at rest and TLS 1.3 in transit
  • Access Controls: Strict role-based access ensures only authorized personnel access your data
  • Multi-Factor Authentication: Required for all healthcare providers and admin access
  • Regular Audits: We conduct quarterly security audits and annual penetration testing
  • SOC 2 Type II Certified: Our infrastructure is independently audited for security, availability, and confidentiality
  • Incident Response: A dedicated security team monitors for breaches 24/7 with a documented incident response plan

Despite these measures, no method of electronic transmission or storage is 100% secure. We encourage you to use strong, unique passwords and enable two-factor authentication on your account.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and gather analytics:

Types of cookies we use:

  • Essential Cookies: Required for the Platform to function (login sessions, security tokens). Cannot be disabled.
  • Functional Cookies: Remember your preferences, language settings, and saved information.
  • Analytics Cookies: Help us understand how users interact with the Platform (e.g., Google Analytics). All health data is excluded from analytics tracking.
  • Marketing Cookies: Only used if you have explicitly opted in. We do not run behavioral advertising on health-related content.

You can manage cookie preferences through your browser settings or our Cookie Preference Center, accessible in the website footer. Note that disabling essential cookies may affect platform functionality.

7. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal information:

  • Right to Access: Request a copy of the personal data we hold about you in a portable format
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your data, subject to legal and clinical record-keeping requirements
  • Right to Restrict Processing: Request limitations on how we process your data
  • Right to Data Portability: Receive your health records in a structured, machine-readable format (e.g., FHIR, PDF)
  • Right to Object: Object to processing for marketing purposes at any time
  • Right to Withdraw Consent: Withdraw previously given consent without affecting lawful processing prior to withdrawal

To exercise any of these rights, contact our Privacy Officer at privacy@medixo.health or through the "My Data" section in your account settings. We will respond within 30 days (or as required by applicable law).

8. Children's Privacy

Our Platform is not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13. Pediatric services are facilitated through accounts held by parents or legal guardians.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at privacy@medixo.health and we will promptly delete such information.

9. HIPAA Compliance

Medixo is a HIPAA-covered entity and a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We handle Protected Health Information (PHI) in accordance with HIPAA's Privacy Rule and Security Rule.

You have specific rights under HIPAA, including:

  • The right to access and obtain a copy of your health records
  • The right to request restrictions on certain uses of your PHI
  • The right to request confidential communications
  • The right to request corrections to your health information
  • The right to receive a Notice of Privacy Practices (available upon request)
  • The right to file a complaint with the U.S. Department of Health & Human Services

For international patients, we also comply with applicable regional health data laws including GDPR (EU), PIPEDA (Canada), and the Health Records Act (Australia).

10. Third-Party Services & Links

Our Platform may contain links to third-party websites, applications, or services. This Privacy Policy applies only to Medixo's Platform and services. We are not responsible for the privacy practices of third-party services and encourage you to review their privacy policies before providing any information.

Third-party services integrated with our Platform include payment processors (Stripe), cloud infrastructure (AWS), analytics (Google Analytics, with PHI excluded), and communication tools (Twilio). Each provider maintains their own privacy and security standards, and we contractually require them to meet our data protection requirements.

11. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

  • Active Account Data: Retained for the duration of your account plus 7 years after account closure
  • Medical Records: Retained for a minimum of 7 years as required by federal and state regulations (longer for pediatric records)
  • Billing Records: Retained for 7 years for tax and accounting purposes
  • Analytics Data: Aggregated, anonymized data may be retained indefinitely for research
  • Deleted Accounts: Personal data is fully purged within 90 days of verified deletion request

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify registered users via email for material changes
  • Display a prominent notice on the Platform for significant updates
  • Request renewed consent where legally required

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform following the posting of changes constitutes your acceptance of those changes.

13. Contact Our Privacy Team

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our dedicated Privacy Officer:

Medixo Health Inc. — Privacy Office

123 Medical Plaza, Health District
New York, NY 10001, USA

📧 privacy@medixo.health

📞 +1 (800) 624-9460 (press 4 for Privacy)

Response time: Within 30 business days

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority or, in the United States, with the Department of Health & Human Services Office for Civil Rights.