NewWe now read the actual MRI and CT imaging — not just the radiologist's one-page report. See how →
Trust & compliance

Data Processing Agreement

A DPA sets out, in writing, how Medrecords AI handles the data you send us. Here's what ours covers and how to get one in place.

This page describes our DPA process. The DPA itself is a legal document executed directly with customers and is pending final legal review.

What our DPA covers.

In plain language, not fake legal text. The signed agreement is negotiated directly with your organization; this is the shape it takes.

Roles and responsibilities

Defines who is the data controller and who is the data processor, and what each party is responsible for when handling PHI and other personal data.

Sub-processor disclosure

A current list of the sub-processors we use to deliver the platform, so you know exactly who else touches your data and why.

Security commitments

The technical and organizational controls we commit to: encryption in transit and at rest, case-level access control, and PHI audit logging.

Breach notification

How and when we notify you if a security incident affects your data, so your team can meet its own regulatory obligations.

Your records never leave your control and are never used to train any AI model.

Ready to put a DPA in place?

Tell us about your organization and your legal team's requirements, and we'll start the process with you directly.

Request our DPA →

Want the full picture?

The DPA is one part of how Medrecords AI handles your data. See the full trust center for encryption, access control, sub-processors, and our HIPAA posture.

Visit the Security & Trust Center →