1. Introduction

This Privacy Policy describes how OsteoMemo Inc. (“OsteoMemo,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you visit osteomemo.com and use any of our software, services, and web-based EMR systems (collectively, the “Service”). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

• Personal Information: Name, email, phone number, job title, healthcare practice info
• Payment Information: Credit card or ACH billing info, securely stored using encryption
• Login Data: IP address, device type, browser type, login timestamps
• EMR Data: Patient records, SOAP notes, appointment history, lab results, PHI
• Technical Data: Cookies, session identifiers, error logs, analytics, usage interactions

3. How We Use Your Information

• To register and manage your account
• To process billing and payments
• To deliver, maintain, and improve our service
• To ensure HIPAA-compliant data handling
• To respond to support and technical requests
• To send notifications and updates
• To prevent fraud or security issues

4. Cookies and Tracking Technologies

We use cookies and similar technologies to remember user preferences, collect aggregate usage data, and improve experience. You may disable cookies via browser settings, though some features may be limited.

5. Data Sharing and Disclosure

• We do not sell or rent your personal information.
• We share data with trusted vendors (e.g., payment processors, cloud providers) under confidentiality agreements.
• We may disclose data to comply with legal obligations or protect rights and safety.
• We may share anonymized or de-identified data for research, analytics, or product improvement.

6. Data Security

• Encryption in transit and at rest
• Role-based access control
• Audit logs and session tracking
• Routine security reviews and updates

7. Your Rights and Choices

• Access: Request a copy of your personal information.
• Correction: Request updates to incorrect data.
• Deletion: Request data deletion, where legally permissible.
• Marketing Opt-Out: Unsubscribe from promotional emails.

To exercise any of these rights, contact us at privacy@osteomemo.com.

8. Data Retention

We retain data as long as your account is active or as needed to deliver services. Inactive accounts may be deleted after 3 years of inactivity, following prior notice.

9. Protected Health Information (PHI)

PHI is handled according to HIPAA standards. Our platform is built to meet HIPAA privacy, security, and breach notification rules.

10. International Transfers

We are based in the U.S. If you access our services from outside the U.S., your data will be processed in the U.S. By using our services, you consent to this transfer.

11. Changes to This Privacy Policy

We may update this policy. Material changes will be announced via email or posted on our site before taking effect.

12. Contact Us

Privacy Officer
OsteoMemo Inc.
privacy@osteomemo.com
www.osteomemo.com