Privacy Policy — Medpilot App

Effective date: 15.05.2023

Last updated: 09.01.2026

1) Who we are

Medpilot App (“Medpilot”, “we”, “us”, “our”) provides AI-powered patient engagement and workflow tools for healthcare and home-care services. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website (medpilot.app), products, and related services.

2) Scope

This Policy applies to:

  • Visitors to medpilot.app and any subdomains.
  • Users of our apps, portals, or communication tools.
  • Business contacts interacting with Medpilot (e.g., clinics, hospices, caregivers, partners).

This Policy does not apply to third-party sites or platforms that we do not control. Please review their privacy policies separately.

3) Information we collect

We collect data in three ways: you provide it, we collect it automatically, and we receive it from third parties.

3.1 Information you provide directly

  • Identity data: name, role/title, organization, and contact details (email, phone).
  • Account data: login credentials, profile settings, communications preferences.
  • Patient interaction/context data: appointment requests, self-reported symptoms, care preferences, and messages (as applicable to features you use).
  • Support data: bug reports, tickets, and feedback.
  • Marketing/demo forms: inquiries, call/demo scheduling details.

3.2 Information collected automatically

  • Device and usage data: IP address, browser type, OS, device identifiers, pages viewed, time on page, referring/exit URLs.
  • Cookies and similar technologies: to operate the site, remember preferences, measure performance, and (if enabled) personalize content or marketing. See our Cookie Notice for details and controls.

3.3 Information from third parties

  • Service providers and integrators (e.g., scheduling, messaging, analytics).
  • Healthcare providers/organizations you are affiliated with (where permitted by contract and law).
  • Public sources or social media (limited to business contact enrichment and anti-fraud checks).

Health-app guidance recognizes that even sensor/output-derived data or combined data used to infer health status can be considered “health data,” requiring heightened privacy care. [termsfeed.com]

4) How we use your information

We process personal information for the following purposes:

  • Provide and improve services: operate portals, AI-assisted triage/engagement, appointment handling, messaging, and analytics to enhance user and patient experiences.
  • Account management: authenticate logins, manage roles, permissions, and security.
  • Customer support: respond to inquiries, troubleshoot, and resolve issues.
  • Product safety and security: monitor, detect, and prevent fraud, abuse, and security incidents.
  • Legal and compliance: fulfill contractual obligations, enforce terms, comply with applicable laws, and respond to lawful requests.
  • Communications: send service-related notices. With consent or where permitted, send marketing or educational content (you can opt out anytime).
  • Research and development: de-identify/anonymize data to improve models and features, subject to applicable legal bases and safeguards.

5) Our legal bases (GDPR/UK GDPR)

Where these laws apply, we rely on:

  • Consent (Art. 6(1)(a)): for certain cookies, marketing, and specific data uses.
  • Contract (Art. 6(1)(b)): to provide services you request.
  • Legal obligation (Art. 6(1)(c)): where laws require processing.
  • Legitimate interests (Art. 6(1)(f)): to improve services, ensure security, prevent fraud, and operate business communications—balanced against your rights.
  • Special category data (health data): only with an appropriate Art. 9 condition (e.g., explicit consent or healthcare provision by/for a provider), plus safeguards.

6) HIPAA context (US only, if applicable)

If Medpilot acts as a Business Associate to a Covered Entity (e.g., healthcare providers), we will:

  • Enter into Business Associate Agreements (BAAs).
  • Safeguard Protected Health Information (PHI) and limit uses/disclosures to permitted purposes (treatment, payment, healthcare operations, and as authorized/required).
  • Implement administrative, technical, and physical safeguards and support individual rights to access and amendment as applicable.

7) CCPA/CPRA (California residents)

If the CCPA/CPRA applies to Medpilot, California residents have:

  • Right to know/access: categories and specific pieces of personal information collected, sources, purposes, and disclosures in the preceding 12 months (with new rules expanding access when data is retained longer).
  • Right to delete: request deletion of personal information (subject to exceptions).
  • Right to correct: request correction of inaccurate personal information.
  • Right to opt out of sale/share: opt out of “sale” or “sharing” (including certain cross-site behavioral advertising).
  • Right to limit use/disclosure of sensitive personal information.
  • Non-discrimination: no adverse treatment for exercising rights.

8) Personalization, cookies & analytics

We use first-party and third-party cookies and similar technologies to:

  • Operate core site features.
  • Remember user preferences.
  • Measure performance and improve content.
  • (If enabled) personalize experiences or marketing.

You can manage cookies via our Cookie Notice or your browser settings. Where required, we will obtain consent for non-essential cookies.

9) Sharing your information

We share personal information with:

  • Service providers/contractors: hosting, security, analytics, support, communications, scheduling, and integrations—bound by contracts and confidentiality.
  • Healthcare organizations: when you use features that connect to your provider or facility (per your instructions and applicable law).
  • Professional advisors and authorities: for compliance, audit, legal processes, or to protect rights, safety, and security.
  • Business transfers: if we undergo a merger, acquisition, or asset transfer, subject to legal protections.

We do not sell personal information in the common sense. If “sale” or “sharing” under CPRA could apply to certain advertising flows, we provide opt-out mechanisms.

10) International transfers

If we transfer personal information to countries without an adequacy decision, we implement appropriate safeguards (e.g., Standard Contractual Clauses) and conduct transfer assessments as required.

11) Data retention

We retain personal information only as long as needed for the purposes described, to meet legal, contractual, and security obligations, and then delete or anonymize it. Specific retention periods may vary by data type and context.

12) Your rights

Depending on your location and law, you may have rights to:

  • Access your data.
  • Rectify inaccuracies.
  • Erase (delete) data.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time (does not affect prior lawful processing).
  • Complain to a supervisory authority.

To exercise rights, contact us at: [Insert email/form]. We may need to verify your identity before acting on requests.

13) Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, or alteration. However, no method of transmission or storage is 100% secure.

14) Children’s privacy

Our services are intended for adults and professional caregivers. We do not knowingly collect personal information from children under the age required by applicable law without appropriate consent or authorization. If you believe a child provided personal information, contact us to delete it.

15) Automated decision-making (ADMT) & AI

We use AI features to assist with triage, messaging, and workflow automation. We implement human oversight and quality controls. Where local law grants additional rights (e.g., to request information about logic, contest decisions, or opt out of certain ADMT), we will honor those rights and provide disclosures.

16) Changes to this Policy

We may update this Privacy Policy from time to time. We will post changes here with a new “Effective date.” If changes materially affect your rights, we will provide additional notice (e.g., email or banner).

17) How to contact us