Privacy Policy
This is a placeholder draft pending legal review. Do not treat as binding until reviewed and approved by counsel. The text below is standard, generic boilerplate, not Medrecords AI's reviewed, final privacy policy.
This policy describes, in general terms, the kind of information Medrecords AI collects and how it is typically used. It is a template pending review by qualified counsel and does not yet reflect a finalized, legally reviewed policy.
Information we collect
We collect account information you provide directly (such as name, work email, and organization), usage information about how the platform is used, and the documents and files you or your organization upload for processing. This may include protected health information (PHI) contained in medical records.
How we use it
Information is used to operate and improve the platform, provide support, secure accounts, and meet legal and contractual obligations. Uploaded records are used only to deliver the requested output back to your organization, not for any other purpose.
PHI and HIPAA handling
Where Medrecords AI processes protected health information on behalf of a covered entity or business associate, that processing is governed by a signed Business Associate Agreement (BAA). Medical record data is never used to train any AI model, a commitment that applies across the platform, not only to BAA-covered accounts. See our HIPAA page and DPA / BAA page for more detail.
Data retention
Data is retained for as long as needed to provide the service and to meet legal, contractual, or audit requirements, after which it is deleted or de-identified in line with the retention terms agreed with your organization. Specific retention periods will be defined in the final, counsel-reviewed policy.
Your rights
Depending on applicable law and your relationship with Medrecords AI, you may have rights to access, correct, export, or request deletion of your information. Requests can be directed to us using the contact details below, and will be handled according to the applicable law and any agreement in place with your organization.
Cookies
This website does not set its own cookies and does not use analytics or advertising cookies. If you book a demo through the scheduling widget on our site, our scheduling provider (Cal.com) may set cookies strictly needed to provide that booking functionality. We do not use cookies to sell your information or serve third-party advertising.
Sub-processors
We use a limited set of vetted sub-processors (such as cloud infrastructure and monitoring providers) to deliver the service. A current sub-processor list is available on request and will be published or linked here once finalized.
Contact
For privacy questions or requests, contact us via our contact page.
Effective date: July 5, 2026