This Privacy Policy applies to the MedTec Health website at medtec.ai. It does not govern Protected Health Information processed within the MedTec EHR platform, which is handled under HIPAA and separate agreements (see Section 2).
1. Introduction
MedTec Health (“MedTec,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect through our website at https://medtec.ai and related marketing pages, online store, contact and demo request forms, and appointment scheduling (collectively, the “Site”), how we use and protect it, and the choices and rights you have.
By using the Site, you acknowledge that you have read and understood this Privacy Policy.
2. Scope — and Health Information (HIPAA)
This Privacy Policy applies only to information collected through the Site. It does not apply to:
- Protected Health Information (PHI) processed within the MedTec electronic health record (“EHR”) platform and related clinical products. When MedTec provides its EHR software to a healthcare provider, MedTec acts as a Business Associate under the U.S. Health Insurance Portability and Accountability Act (“HIPAA”). Our use and disclosure of PHI in that role is governed by HIPAA, the Business Associate Agreement (“BAA”) between MedTec and the provider, and the provider’s own Notice of Privacy Practices — not by this Privacy Policy.
- If you are a patient of a healthcare provider that uses MedTec, please contact that provider regarding their handling of your health information, and refer to that provider’s Notice of Privacy Practices. As a Business Associate, MedTec does not issue its own Notice of Privacy Practices.
MedTec makes a Business Associate Agreement (BAA) available to its healthcare-provider customers and enters into BAAs with its own subcontractors that may create, receive, maintain, or transmit PHI on our behalf.
The Site is a marketing and commercial website intended for healthcare providers, practice administrators, and prospective customers. We do not intend to collect PHI through the Site and ask that you not submit PHI through website forms.
2.1 HIPAA and Security (Business Associate role)
When MedTec handles PHI on behalf of a provider, we act in accordance with our obligations as a HIPAA Business Associate, including maintaining administrative, physical, and technical safeguards for electronic PHI under the HIPAA Security Rule, limiting uses and disclosures to those permitted by the applicable BAA, supporting individual rights, requiring our subcontractors to agree to the same protections, and notifying the covered entity of any breach of unsecured PHI without unreasonable delay and no later than 60 days after discovery, as required by law.
Prospective customers: to request a Business Associate Agreement or information about MedTec’s HIPAA and security practices, contact us at support@medtec.ai.
3. Information We Collect
3.1 Information you provide to us
- Contact & demo requests: name, email address, phone number, practice/company name, specialty, and any message content you submit through our contact forms, demo requests, or appointment scheduling.
- Account & purchase information: if you create an account or purchase a plan or integration package through our online store, we (and our payment processors) collect your name, billing and contact details, and order history. Payment card details are processed directly by our payment processors, Stripe and PayPal, and are not stored on MedTec’s servers.
- Subscriptions & communications: email address and preferences when you subscribe to updates, newsletters, or respond to marketing.
- Support communications: information you provide when you contact support.
3.2 Information collected automatically
When you visit the Site, we and our service providers automatically collect certain technical and usage data through cookies and similar technologies, including: IP address, browser type and language, device and operating system, referring/exit pages, pages viewed, links clicked, and timestamps (“Usage Data”).
3.3 Information from third parties
We may receive information from analytics and advertising providers, and from social or business platforms you interact with, consistent with their policies and your settings.
4. Cookies and Tracking Technologies
We use cookies, pixels, tags, and similar technologies to operate the Site, remember preferences, measure performance, and support advertising. Categories:
- Strictly necessary — required for core Site and store functionality (e.g., cart, checkout, security via Google reCAPTCHA).
- Analytics/performance — help us understand Site usage (e.g., Google Analytics 4).
- Advertising/targeting — used to deliver and measure ads and remarketing (e.g., Google Ads, Microsoft Advertising/Bing).
- Functional — remember choices and improve experience.
You can control cookies through your browser settings — most browsers let you block or delete cookies — and through the advertising opt-outs described in Section 8. Blocking some cookies may affect Site functionality.
5. How We Use Your Information
We use the information we collect to:
- Provide, operate, and secure the Site and online store, and fulfill orders and subscriptions;
- Respond to inquiries, demo requests, and support requests, and schedule appointments;
- Send administrative and, where permitted, marketing communications (you may opt out at any time);
- Measure and improve the Site, our products, and our marketing;
- Deliver and measure advertising, including remarketing (see Section 8);
- Detect, prevent, and address fraud, abuse, and security issues; and
- Comply with legal obligations and enforce our terms.
Where we rely on your consent (for example, for marketing communications or non-essential cookies), you may withdraw that consent at any time.
6. How We Share and Disclose Information
We do not sell your personal information for money. We share information only as described here:
- Service providers / processors who perform services on our behalf under contract, such as: website hosting (Liquid Web / Nexcess), payment processing (Stripe, PayPal), analytics (Google), advertising (Google, Microsoft), email/marketing, and customer relationship tools. These providers may process personal information only per our instructions.
- Advertising and analytics partners as described in Section 8.
- Legal and safety — to comply with law, respond to lawful requests, or protect the rights, property, or safety of MedTec, our users, or others.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
7. Data Storage and Security
We maintain reasonable and appropriate administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS/SSL), access controls, and network protections. Data is stored on servers located in the United States. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security; you share information with us at your own risk. If we become aware of a security incident affecting your personal information, we will notify you and authorities as required by applicable law.
8. Advertising, Analytics, and Your Choices
We use third-party analytics and advertising services, including Google Analytics 4, Google Ads (including remarketing/retargeting), and Microsoft Advertising. These partners use cookies and identifiers to help us understand Site usage and to show you relevant ads on other sites and platforms.
- Google: We and Google use first-party cookies (such as the Google Analytics cookie) and third-party cookies together to inform, optimize, and serve ads based on past visits to the Site. You can control Google ad personalization at adssettings.google.com and opt out of Google Analytics at tools.google.com/dlpage/gaoptout.
- Microsoft: You can manage Microsoft advertising preferences at account.microsoft.com/privacy/ad-settings.
- Industry opt-outs: Network Advertising Initiative (optout.networkadvertising.org) and the Digital Advertising Alliance (optout.aboutads.info).
- Global Privacy Control (GPC): Where required, we honor recognized opt-out preference signals such as GPC.
Opting out does not mean you will stop seeing ads — only that they may be less personalized.
9. Data Retention
We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Policy — including to provide the Site and online store, maintain accounts and order records, comply with legal, tax, and accounting obligations, resolve disputes, defend legal claims, and enforce our agreements — after which we delete or de-identify it. Our general retention schedule is set out below.
| Category of information | Retention period |
|---|---|
| Order, transaction, and financial/tax records | Up to 7 years to meet tax, accounting, and legal requirements |
| Account information | Life of your account plus a short wind-down period (generally 30–90 days), except records we must keep longer for legal or financial reasons |
| Marketing and email contact data | Until you opt out or unsubscribe, and no longer than approximately 24 months after your last engagement |
| Marketing consent and opt-out records | At least 4–5 years, consistent with applicable statutes of limitation |
| Contact, demo request, and lead form submissions | Generally up to 2–3 years after our last interaction |
| Website server and access logs | Generally up to 90 days; security-related logs up to 12 months |
| Analytics data (e.g., Google Analytics 4) | Event/user-level data up to 14 months; aggregated reporting may be kept longer |
| Payment card details | Not stored by MedTec — processed and retained by our payment processors under PCI DSS |
Healthcare information (HIPAA). Retention of any Protected Health Information processed within the MedTec EHR platform is not governed by this schedule. As a Business Associate, our retention of PHI is governed by HIPAA, the applicable Business Associate Agreement, and the healthcare provider’s own record-retention obligations. HIPAA compliance documentation is retained for at least 6 years as required by 45 CFR § 164.316.
10. Your Privacy Rights
Depending on where you live, you may have some or all of the following rights regarding your personal information:
- Access / know what personal information we hold about you;
- Correct inaccurate information;
- Delete your information;
- Portability — receive a copy in a portable format;
- Restrict or object to certain processing;
- Withdraw consent where processing is based on consent;
- Opt out of targeted advertising, “sale,” or “sharing” of personal information; and
- Non-discrimination for exercising your rights.
To exercise any of these rights, contact us using the details in Section 15. We will verify your request and respond within the timeframe required by applicable law. You may use an authorized agent where permitted.
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, provides additional rights: to know/access, delete, correct, and to opt out of the sale or sharing of personal information and limit the use of sensitive personal information, and the right to non-discrimination.
- The categories of personal information we collect are described in Section 3 (identifiers, commercial information, internet/usage activity, and inferences).
- Sale / Sharing: MedTec does not sell your personal information, and does not “share” it for cross-context behavioral advertising as those terms are defined under California law. You can still control advertising cookies and interest-based ads using the opt-outs described in Section 8.
- To submit a request, use the details in Section 15. We will verify your identity before responding and will not discriminate against you for exercising your rights.
12. Other U.S. State Privacy Rights
Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, and others) may have rights to access, correct, delete, obtain a copy of, and opt out of targeted advertising and the sale of personal data, and to appeal a denied request. To exercise these rights, contact us as described in Section 15.
13. International Users and Data Transfers
The Site is intended for users in the United States, and all information is processed and stored in the United States. MedTec does not target or market the Site to individuals in the European Economic Area or the United Kingdom. If you access the Site from outside the United States, you understand that your information will be transferred to and processed in the U.S., which may have different data protection laws than your country.
14. Children’s Privacy
The Site is not directed to children, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us and we will delete it.
15. Contact Us
For privacy questions or to exercise your rights:
MedTec Health
9711 Washingtonian Blvd, Suite 550, Gaithersburg, MD 20878, United States
Phone: 1.888.674.5334
Email: support@medtec.ai
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version on this page with a revised “Last updated” date and, where required, provide additional notice. Your continued use of the Site after changes take effect constitutes acceptance of the updated Policy.
