This Privacy Policy describes how MederiAI (“MederiAI,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with our AI-assisted clinical tools, websites, and services (collectively, the “Services”). Because our Services support healthcare providers, portions of this policy address Protected Health Information (PHI) governed by the Health Insurance Portability and Accountability Act (HIPAA).
Information We Collect
We collect information in a few different ways depending on how you interact with us:
- Account & contact data you provide when you request a demo, sign up as a clinical partner, or contact us (name, role, email, institution).
How We Use Information
We use the information we collect to operate, maintain, and improve our Services, including to:
- Deliver AI-assisted analysis of clinical imaging and related workflows to authorized users.
How We Use AI and Protected Health Information
When a healthcare provider uses our Services to process PHI, MederiAI acts as a HIPAA Business Associate of that provider. We use PHI solely to perform the services described in the underlying agreement and BAA. We do not sell PHI, we do not use PHI for advertising, and we do not use identifiable PHI to train general-purpose AI models without an explicit, written authorization from the covered entity.
Where we improve our AI models using clinical data, we do so in accordance with the terms of the relevant BAA — typically using de-identified data meeting the HIPAA Safe Harbor or Expert Determination standard.
How We Share Information
We do not sell personal information or PHI. We share information only as needed to operate the Services:
- Service providers (e.g., cloud hosting, monitoring) bound by confidentiality, security, and — where applicable — BAA obligations.
Your Rights
Depending on your jurisdiction (including the EU/UK under GDPR and certain U.S. states under laws such as the CCPA/CPRA), you may have the right to access, correct, delete, export, or restrict processing of your personal information, and to object to certain uses. To exercise these rights, contact us using the details below. Patients whose PHI has been processed through the Services should contact the relevant healthcare provider, who controls that information as the HIPAA covered entity.
Data Security
We maintain administrative, technical, and physical safeguards designed to protect information in our custody. Controls include encryption in transit and at rest, least-privilege access, audit logging, workforce training, vendor risk management, and an incident response program that meets or exceeds HIPAA breach notification requirements.
Data Retention
We retain information only as long as needed for the purposes described in this policy, to meet our legal or contractual obligations, resolve disputes, and enforce our agreements. PHI is retained according to the terms of the applicable BAA and the retention policies of the covered entity.
Cookies and Similar Technologies
Our marketing website uses cookies and similar technologies to understand how the site is used and to improve our content. You can control cookies through your browser settings. Our clinical Services do not use advertising cookies.
Children's Privacy
Our marketing Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 outside a clinical care context governed by HIPAA.
International Data Transfers
MederiAI is based in the United States. If you access the Services from outside the U.S., your information may be transferred to, stored, and processed in the U.S. under appropriate safeguards, such as standard contractual clauses where required.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, for material changes, provide additional notice through the Services or by email.
Contact Us
Questions about this Privacy Policy or our privacy practices can be directed to privacy@mederi.ai. For PHI-related requests, please contact your healthcare provider, who acts as the HIPAA covered entity for that information.