Privacy Policy
Last updated: December 2025
Introduction
At Medaius, we are committed to protecting your privacy and the security of health information. This Privacy Policy explains how we collect, use, and protect personal information when you use our Electronic Health Record (EHR) platform.
Information We Collect
We collect information you provide directly to us, including: • Personal information (name, email, phone number) • Professional information (credentials, clinic details) • Usage data and analytics • Patient health information entered by authorized healthcare providers
How We Use Information
We use the information we collect to: • Provide and maintain our EHR platform • Process transactions and send service notifications • Respond to questions and provide support • Improve our platform and develop new features • Comply with applicable legal obligations
Our Security Approach
Medaius follows industry security best practices and is designed around strict healthcare privacy standards. Our security measures include: • Encryption for data in transit and at rest • Role-based access controls and authentication • Patient-level access permissions (ACL) • Regular security reviews • Audit logging of access and changes
Data Sharing
We do not sell or trade your personal information. We may share information: • With your consent or at your direction • With service providers who assist platform operations (under appropriate agreements) • As required by law or legal process • To protect rights, safety, or property
Data Controller and Data Processor
In the context of patient health data, the healthcare organisation (clinic, hospital, or practitioner) using Medaius acts as the Data Controller — they determine the purpose and means of processing patient information. Medaius acts as a Data Processor, processing patient data solely on behalf of and under the instructions of the healthcare organisation. For account and administrative data (such as user profiles and billing information), Medaius acts as the Data Controller. Healthcare organisations are responsible for: • Obtaining appropriate patient consent before entering data into the system • Ensuring their use of Medaius complies with applicable local healthcare and data protection laws • Responding to patient requests regarding their data Medaius will support healthcare organisations in meeting their data protection obligations and can enter into a Data Processing Agreement (DPA) upon request.
Your Rights
Depending on your jurisdiction, you may have rights to: • Access and review your personal information • Request corrections to inaccurate data • Request deletion of your data (subject to legal requirements) • Object to certain processing activities • Data portability where technically feasible
Data Storage and International Transfers
Your information may be processed and stored in various locations. We implement appropriate safeguards for international data transfers in accordance with applicable data protection requirements.
AI Features
Medaius includes AI-powered features (such as clinical summaries and documentation assistance) that are processed by third-party AI services. When you use these features, clinical data is transmitted to and processed by those services. AI features are invoked only when you explicitly request them — there is no background AI processing of patient data without user action.
Data Retention
We retain account and clinical data for as long as your organisation's account remains active and as required to fulfil the purposes described in this policy. We are developing formal data retention schedules that will align with applicable healthcare regulations and legal requirements. When an account is closed, we will work with you to export your data and will delete it from our systems in accordance with our standard off-boarding process. Specific retention periods may be updated as our policies mature.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify users through the platform or by email before the changes take effect. The 'Last updated' date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically. Continued use of Medaius after changes are posted constitutes acceptance of the revised policy.
Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at [email protected]