Effective Date: June 10, 2026
This Privacy Policy explains how MedGrid, LLC ("MedGrid," "we," "us," or "our") collects, uses, discloses, and protects information in connection with the MedGrid platform, websites, and related services (the "Services"). By using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services.
Relationship to HIPAA. When MedGrid handles protected health information on behalf of a physician, clinic, or other covered entity, MedGrid acts as a business associate under the Health Insurance Portability and Accountability Act ("HIPAA"), and that information is governed by HIPAA and the applicable Business Associate Agreement rather than this Privacy Policy. This Privacy Policy governs information that is not protected health information subject to a Business Associate Agreement.
We collect the following categories of information:
We use information to: provide, operate, and improve the Services; create and manage accounts and verify provider credentials; process and fulfill orders; provide customer support; communicate with you about the Services; maintain the security and integrity of the Services; comply with legal, regulatory, and contractual obligations; and, where permitted, conduct research and analytics using de-identified information. We do not use protected health information except as permitted by the applicable Business Associate Agreement and HIPAA.
We may share information as follows:
We do not sell your personal information or your health information for monetary consideration, and we do not use or disclose protected health information for marketing, except as permitted by HIPAA and pursuant to a valid authorization.
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), provides you the right to know what personal information we collect, use, disclose, and (if applicable) sell or share; the right to request deletion; the right to correct inaccurate personal information; and the right not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under the CCPA. To exercise these rights, contact us using the information in Section 11.
California Confidentiality of Medical Information Act. Medical information about California residents is also protected by the California Confidentiality of Medical Information Act (Cal. Civ. Code Sections 56 to 56.37), which restricts the disclosure of medical information without authorization and which may provide additional rights and remedies.
If you are a Washington resident, the Washington My Health My Data Act (RCW 19.373) governs consumer health data that is not regulated by HIPAA. Our collection, use, and sharing of such consumer health data, and the rights available to you (including the rights to access, withdraw consent, and request deletion), are described in our separate Consumer Health Data Privacy Policy, which is incorporated by reference into this Privacy Policy.
Residents of certain other states may have rights to access, correct, delete, or obtain a copy of their personal information, and to opt out of certain processing, under applicable state privacy laws. To exercise any such right, contact us using the information in Section 11. We will verify and respond to requests as required by applicable law.
We and our service providers use cookies, pixels, and similar technologies to operate the Services, remember your preferences, measure usage, and improve the Services. You can control cookies through your browser settings, although disabling cookies may affect the functionality of the Services. We respond to recognized opt-out preference signals where required by applicable law.
The Services are intended for users located in the United States. We do not intend to offer the Services to, or collect personal data from, individuals located in the European Economic Area, the United Kingdom, or other jurisdictions whose data-protection laws would apply to such processing. If you access the Services from outside the United States, you do so on your own initiative and are responsible for compliance with local law, and you consent to the transfer and processing of your information in the United States.
The Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of eighteen (18). If we learn that we have collected personal information from a person under eighteen (18), we will delete it. Where a parent or legal guardian holds an account on behalf of a minor for a permitted purpose, the guardian is responsible for that account and the information submitted through it. If you believe a minor has provided us personal information, contact us using the information in Section 11.
We maintain administrative, physical, and technical safeguards designed to protect information against unauthorized access, use, alteration, and destruction. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. We retain information for as long as necessary to provide the Services, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements, after which we delete or de-identify it.
We may update this Privacy Policy from time to time. We will post the updated policy with a revised effective date and, where required by law, provide additional notice. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:
MedGrid, LLC
MedGrid, LLC, 1691 Michigan Ave, Ste 360, Miami, Florida, USA
privacy@medgrid.com