Effective Date: 01 August 2025
MedEasy.ai is operated by Bizionic Technologies Pvt. Ltd. (India) and Bizionic Technologies US (collectively, “MedEasy,” “we,” “our,” or “us”).
This Global Privacy Policy applies to all users outside the United States and is designed to comply with GDPR, the Indian IT Act, SPDI Rules, and other applicable international privacy laws.
SECTION 1 – DEFINITIONS
- Personal Data: Any information relating to an identified or identifiable natural person.
- Special Category Data: Data revealing racial/ethnic origin, political opinions, religious beliefs, health data, etc., as per GDPR Art. 9.
- Controller: The entity determining purposes and means of processing personal data.
- Processor: An entity processing data on behalf of a controller.
- Consent: Any freely given, informed, and unambiguous indication of a data subject’s wishes.
SECTION 2 – SCOPE OF SERVICES
Applies to MedEasy Vault, Consult, Finance, Reach, and Care internationally.
SECTION 3 – DATA COLLECTION (BY CATEGORY & SOURCE)
| Data Type | Examples | Source | Purpose | Legal Basis |
|-----------|----------|--------|---------|-------------|
| Identity Data | Name, DOB | User input | Account creation | Contract |
| Health Data | Medical records, test results | User, healthcare providers | Healthcare provision | Consent, Art. 9(2)(h) GDPR |
| Financial Data | Insurance, payment info | User, payment processors | Billing, financing | Contract |
| Technical Data | IP, device IDs | Devices | Security, analytics | Legitimate interest |
| Usage Data | Appointment history | Platform logs | Service improvement | Legitimate interest |
SECTION 4 – HOW WE USE DATA
- Service delivery and healthcare provision
- Financing and payment processing
- Maintaining medical and billing records
- Improving services and analytics
- Marketing (with consent)
- Compliance with legal requirements
SECTION 5 – VENDORS AND THIRD PARTIES
Our vendors comply with GDPR, Indian SPDI, and contractual safeguards:
- Hosting: Amazon Web Services (AWS)
- Communication: Leadnest.ai
- Payments: Stripe
- Telehealth integrations: eShare Meet
SECTION 6 – COOKIES & TRACKING
We use session, functional, analytics, and marketing cookies. Users may manage preferences via our cookie banner or browser settings.
SECTION 7 – RIGHTS OF USERS
GDPR: Access, rectification, erasure, restriction, portability, objection, withdraw consent.
India: Access, correction, grievance redressal.
SECTION 8 – EXERCISING RIGHTS
Email: privacy@medeasy.ai. We verify identity and respond within statutory timelines.
SECTION 9 – CHILDREN’S PRIVACY
Compliant with GDPR-K (minimum age 16, or as defined by country) and Indian IT Rules. Parental consent required for minors.
SECTION 10 – SECURITY MEASURES
Encryption, role-based access, regular security audits, confidentiality agreements.
SECTION 11 – DATA RETENTION & DISPOSAL
Data retained only as long as necessary for lawful purposes or as required by healthcare regulations.
SECTION 12 – CROSS-BORDER TRANSFERS
Safeguarded by Standard Contractual Clauses (SCCs), adequacy decisions, and vendor compliance.
SECTION 13 – GRIEVANCE & CONTACT
Grievance Officer (Global): Hasan Tariq, hasan@bizionictech.com
Email: privacy@medeasy.ai
Effective Date: 01 August 2025
MedEasy.ai is operated by Bizionic Technologies LLC (collectively, “MedEasy,” “we,” “our,” or “us”). This Privacy Policy applies to individuals in the United States and is designed to comply with HIPAA, CCPA/CPRA, and other applicable state privacy laws.
SECTION 1 – DEFINITIONS
- Personal Information (PI): Information that identifies, relates to, describes, or could reasonably be linked to an individual.
- Protected Health Information (PHI): Individually identifiable health information as defined under HIPAA.
- Business Associate: An entity performing activities involving PHI on behalf of a Covered Entity under HIPAA.
- Controller / Processor: Roles defined under privacy laws relating to data responsibility.
- Consent: Any freely given, specific, informed, and unambiguous indication of an individual’s wishes.
SECTION 2 – SCOPE OF SERVICES
Covers MedEasy Vault, Consult, Finance, Reach, and Care services.
SECTION 3 – DATA COLLECTION (BY CATEGORY & SOURCE)
| Data Type | Examples | Source | Purpose | Legal Basis |
|-----------|----------|--------|---------|-------------|
| Identity Data | Name, date of birth | User input | Account setup | Contract |
| PHI | Medical history, prescriptions | User, providers | Treatment | HIPAA |
| Financial Data | Insurance, payment info | User, payment processors | Billing | Contract |
| Technical Data | IP, device ID | Devices | Security, analytics | Legitimate interest |
SECTION 4 – HOW WE USE DATA
Treatment, payment, healthcare operations, compliance, security, research (de-identified data), and marketing (with consent).
SECTION 5 – VENDORS AND THIRD PARTIES
We use third parties bound by HIPAA-compliant Business Associate Agreements (BAAs) and state privacy contracts:
- Hosting: Amazon Web Services (AWS)
- Communication: Leadnest.ai (patient and provider messaging)
- Payments: Stripe/PayPal equivalents
- Telehealth integrations: eShare Meet
SECTION 6 – COOKIES & TRACKING
Session cookies, analytics cookies, and marketing pixels are used. Users may opt out via browser settings or our cookie preference tool.
SECTION 7 – RIGHTS OF USERS
- HIPAA: Access, amendment, accounting of disclosures
- CCPA/State Laws: Right to know, delete, correct, opt-out of sale/sharing
SECTION 8 – EXERCISING RIGHTS
Contact privacy@medeasy.ai. We will verify identity and respond within legally required timeframes.
SECTION 9 – CHILDREN’S PRIVACY
COPPA compliance for under-13 users. Services generally not directed to minors without parental consent.
SECTION 10 – SECURITY MEASURES
Encryption, access controls, security audits, staff training.
SECTION 11 – DATA RETENTION & DISPOSAL
PHI retained for 6+ years per HIPAA; secure deletion when no longer needed.
SECTION 12 – CROSS-BORDER TRANSFERS
PHI stored primarily in the US; if transferred abroad, safeguarded with HIPAA BAAs and contractual clauses.
SECTION 13 – GRIEVANCE & CONTACT
Grievance Officer (USA): Hasan Tariq, hasan@bizionictech.com
Email: privacy@medeasy.ai