Find a Provider Community Forum
For Providers For Attorneys
Sign In Attorneys
Legal

Privacy Policy

Effective: April 30, 2026

1. Introduction

Medximity ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you use our website at medximity.com, associated subdomains, mobile applications, and related services (collectively, the "Platform").

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with these practices, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when using the Platform, including:

  • Account Information: Name, email address, phone number, date of birth, and password when you create a patient or provider account.
  • Provider Profile Information: Professional credentials, National Provider Identifier (NPI), practice name, specialties, office addresses, insurance networks accepted, education, board certifications, and professional photographs.
  • Patient Information: Contact details, demographic information, insurance information, medical history, and other health-related information you choose to provide when booking appointments or using the patient portal.
  • Communications: Messages exchanged between Patients and Providers through the Platform's secure messaging system, contact form submissions, and correspondence with our support team.
  • Payment Information: Billing address and payment card details when making payments through the Platform. Full payment card numbers are processed by our third-party payment processor and are not stored on our servers.
  • User-Generated Content: Reviews, ratings, forum posts, and other content you submit to the Platform.

2.2 Information Collected Automatically

When you access the Platform, we automatically collect certain information, including:

  • Device Information: Device type, operating system, browser type and version, screen resolution, and unique device identifiers.
  • Usage Information: Pages visited, features used, search queries, click patterns, time spent on pages, and referring/exit pages.
  • Location Information: Approximate geographic location based on your IP address, used to show nearby providers and customize search results.
  • Log Data: IP address, access dates and times, error logs, and server response times.
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, and similar technologies as described in our Cookie Policy.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Public databases for provider credential verification (e.g., NPI Registry, state licensing boards).
  • Business partners who offer co-branded services or joint offerings.
  • Analytics providers who help us understand Platform usage patterns.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing Services: To operate, maintain, and improve the Platform, including provider directory listings, appointment booking, patient portal features, and communication tools.
  • Account Management: To create and manage your account, authenticate your identity, and process transactions.
  • Personalization: To customize your experience, including personalized search results, recommendations, and content relevant to your location and preferences.
  • Communications: To send appointment confirmations, reminders, account notifications, security alerts, and customer support responses.
  • Marketing: To send newsletters, promotional offers, and updates about our services, with your consent where required by law. You may opt out at any time.
  • Analytics and Improvement: To analyze usage trends, measure the effectiveness of our features, and improve the Platform's functionality and user experience.
  • Safety and Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • Provider Verification: To verify healthcare provider credentials, licensing status, and professional qualifications.

We process your personal information based on the following legal grounds:

  • Consent: Where you have given us explicit consent to process your information for specific purposes, such as marketing communications.
  • Contract Performance: Where processing is necessary to fulfill our contractual obligations to you, such as providing the services you requested.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, and ensuring platform security, provided these interests do not override your fundamental rights and freedoms.
  • Legal Obligation: Where processing is necessary to comply with applicable laws and regulations.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • With Providers: When you book an appointment or communicate with a Provider, your relevant contact and health information is shared with that Provider to facilitate care.
  • Service Providers: We share information with third-party service providers who perform services on our behalf, including hosting, data analytics, payment processing, email delivery, and customer support. These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, search warrants, or governmental requests.
  • Protection of Rights: We may disclose information when we believe disclosure is necessary to protect our rights, enforce our Terms and Conditions, investigate fraud or security issues, or protect the safety of our users or the public.
  • Business Transfers: In connection with any merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
  • With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.
  • Aggregated or De-identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you, for research, analytics, industry benchmarking, and other purposes.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specific retention periods depend on the type of information and the purpose for which it was collected:

  • Account Information: Retained for the duration of your account's existence and for a reasonable period thereafter to comply with legal obligations and resolve disputes.
  • Health-Related Information: Retained in accordance with applicable federal and state healthcare records retention requirements, which may require retention for a minimum of six (6) to ten (10) years.
  • Transaction Records: Retained for a minimum of seven (7) years for tax, accounting, and legal compliance purposes.
  • Log and Analytics Data: Generally retained for up to twenty-four (24) months.
  • Marketing Preferences: Retained until you withdraw consent or modify your preferences.

When personal information is no longer needed, we securely delete or anonymize it using commercially reasonable methods.

7. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols.
  • Encryption of sensitive data at rest.
  • Access controls and authentication mechanisms to restrict access to authorized personnel.
  • Regular security assessments and vulnerability testing.
  • Employee training on data protection and security best practices.
  • Incident response procedures for addressing data breaches.

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: The right to request a copy of the personal information we hold about you.
  • Correction: The right to request correction of inaccurate or incomplete personal information.
  • Deletion: The right to request deletion of your personal information, subject to certain exceptions (e.g., legal retention requirements).
  • Portability: The right to receive your personal information in a structured, commonly used, machine-readable format.
  • Objection: The right to object to the processing of your personal information for certain purposes.
  • Restriction: The right to request that we restrict the processing of your personal information under certain circumstances.
  • Withdrawal of Consent: Where processing is based on consent, the right to withdraw your consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the timeframes required by applicable law. We may need to verify your identity before processing your request.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA") provides you with additional rights:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use or disclosure of your sensitive personal information.
  • Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To submit a CCPA request, contact us at [email protected] or call us at (833) 633-9464. You may designate an authorized agent to make a request on your behalf by providing a signed written authorization.

In the preceding twelve (12) months, we have collected the following categories of personal information: identifiers, commercial information, internet or network activity, geolocation data, professional or employment-related information (for Providers), and health-related information (for Patients who provide it).

10. HIPAA and Protected Health Information

To the extent that Medximity receives, creates, maintains, or transmits Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations, we comply with applicable HIPAA requirements as a Business Associate.

We enter into Business Associate Agreements ("BAAs") with healthcare Providers who use our Platform, as required by HIPAA. These BAAs govern our use and disclosure of PHI and require us to implement appropriate safeguards.

We do not use or disclose PHI for marketing purposes without your express written authorization. We promptly report any breach of unsecured PHI as required by the HIPAA Breach Notification Rule.

11. Children's Privacy

The Platform is not intended for children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with the Platform. For detailed information about the types of cookies we use, how we use them, and how you can manage your cookie preferences, please refer to our Cookie Policy.

13. International Users

The Platform is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. By using the Platform, you consent to the transfer of your information to the United States and other jurisdictions that may have different data protection laws than your country of residence.

For users in Canada, we comply with applicable provisions of the Personal Information Protection and Electronic Documents Act ("PIPEDA") and applicable provincial privacy legislation.

The Platform may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to such third-party services. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Material changes will be indicated by updating the "Effective" date at the top of this page. We encourage you to review this Privacy Policy periodically.

If we make material changes that significantly affect the way we handle your personal information, we will provide prominent notice on the Platform or notify you by email (if we have your email address) prior to the changes taking effect.

16. Contact Information

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

This Privacy Policy is designed to comply with the following laws and regulations, among others:

Other Legal Pages

Terms & Conditions Privacy Policy Cookies Policy Medical Disclaimer Linking Policy Newsletter Disclaimer

We use first-party cookies to run this site and understand how patients find us. Privacy