! Our official website will be restored soon at www.medera.ai— Thank you for your patience! ✨
HomeLegalPrivacy Policy

Privacy Policy

Last Updated: January 9, 2025

HIPAA Compliant
SOC 2 Type II

Quick Navigation

IntroductionInformation We CollectHow We Use InformationData Protection MeasuresInformation SharingHIPAA ComplianceData RetentionYour Rights

Introduction

Medera is committed to protecting the privacy and security of all personal information entrusted to us. This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI-powered behavioral health platform.

Information We Collect

Healthcare Provider Information

  • Professional credentials and licensing information
  • Contact information (name, email, phone)
  • Organization affiliation
  • Usage data and platform interactions

Patient Health Information

  • Clinical notes and assessments
  • Treatment plans and progress notes
  • Diagnostic information
  • Voice recordings (with explicit consent)

Technical Information

  • IP addresses and device identifiers
  • Browser type and operating system
  • Session logs and timestamps
  • Performance metrics

How We Use Information

Service Provision

To deliver AI-powered clinical insights, generate treatment recommendations, and facilitate behavioral health assessments.

Platform Improvement

To enhance our algorithms, improve accuracy, and develop new features based on aggregated, de-identified data.

Compliance & Safety

To meet regulatory requirements, prevent fraud, and ensure the security of our platform.

Data Protection Measures

Encryption

AES-256 encryption at rest and TLS 1.3 in transit

Access Controls

Role-based access with multi-factor authentication

Audit Logs

Comprehensive logging of all data access and modifications

Regular Testing

Quarterly penetration testing and security assessments

Information Sharing

We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:

  • With your explicit consent
  • To comply with legal obligations or court orders
  • With service providers under strict confidentiality agreements
  • In connection with a merger or acquisition (with notice)
  • To protect rights, safety, or property

HIPAA Compliance

As a Business Associate under HIPAA, we:

  • Execute Business Associate Agreements with all covered entities
  • Implement required administrative, physical, and technical safeguards
  • Report any security incidents as required by law
  • Ensure all subcontractors maintain HIPAA compliance
  • Provide individuals access to their PHI upon request

Data Retention

We retain personal information only as long as necessary to provide our services and comply with legal obligations. Retention periods vary based on data type and regulatory requirements. Upon termination, we securely delete or return all PHI within 30 days.

Your Rights

1

Access

Request copies of your personal information

2

Correction

Request corrections to inaccurate information

3

Deletion

Request deletion of your information (subject to legal requirements)

4

Portability

Receive your data in a machine-readable format

5

Restriction

Limit how we process your information

Privacy Questions or Concerns?

Our Data Protection Officer is available to address any privacy-related inquiries.

Contact Privacy TeamView Compliance