Privacy Policy

Effective Date: April 27, 2026 Last Updated: April 27, 2026

Introduction

MedLaunch (“we,” “our,” or “us”) is a healthcare IT solutions company operating at medlaunch.health. We provide AI-powered tools and technology services to clinics and healthcare practices, including an AI Medical Receptionist, AI Clinical Documentation, an Instagram AI-Powered Bot for patient engagement, and an AI-Powered PHQ-9 Screening tool.

Because our work sits at the intersection of technology and healthcare, we handle sensitive information — both about the clinics we work with and, in some cases, the patients those clinics serve. This Privacy Policy explains clearly and completely how we collect, use, share, protect, and retain information when you visit our website, contact us, or use any of our services.

By using medlaunch.health or engaging with any of our solutions, you agree to the practices described in this policy.

1. Who We Are and What We Do

MedLaunch is a healthcare IT company that partners with small to mid-size outpatient clinics — including general practice clinics, specialty clinics, and allied health clinics — to automate and improve clinical operations. Our solutions include:

AI Medical Receptionist: An AI voice assistant that handles incoming patient calls, schedules appointments, and answers common questions around the clock.
AI Clinical Documentation: A tool that surfaces key clinical details and generates structured clinical notes to improve documentation quality and coding accuracy.
Instagram AI-Powered Bot: An automated patient engagement system that manages follow-ups, appointment reminders, and contextual responses via Instagram.
AI-Powered PHQ-9 Screening: An AI voice assistant that guides patients through the PHQ-9 mental health screening questionnaire, scores responses instantly, and delivers clinician-ready reports.

We operate as a technology partner to healthcare practices. In delivering these services, we may come into contact with patient data on behalf of our clinic clients. This policy governs our data practices across all of these activities.

2. Scope of This Policy

This policy applies to:

Visitors to medlaunch.health
Clinic owners, administrators, and healthcare professionals who contact us, request a demo, or become MedLaunch clients
End users (patients) whose data may be processed by our AI tools as part of a clinic’s use of our services
Any other individual who interacts with MedLaunch through our website, communications, or platforms

This policy does not cover third-party websites or tools that may be linked from our website. We encourage you to review their privacy policies independently.

3. Information We Collect

3.1 Information From Clinic Clients and Prospects

When a clinic representative contacts us, books a demo, or becomes a client, we collect:

Name, job title, clinic name, and professional contact details (email, phone number)
Information about your clinic’s size, specialty, and operational challenges (shared during discovery calls or assessments)
Payment and billing information (processed through our payment service providers)
Communications exchanged with our team, including emails, call notes, and support requests
Login credentials for any client portal or dashboard we provide

3.2 Information Processed Through Our AI Solutions

When our AI tools are deployed within a clinic’s environment, we may process data on behalf of that clinic. This may include:

Patient names, contact details, and appointment information (used by the AI Medical Receptionist)
Patient responses to PHQ-9 screening questions and associated mental health screening data (used by the AI-Powered PHQ-9 tool)
Clinical documentation inputs and structured notes (used by the AI Clinical Documentation tool)
Patient engagement data, such as message interactions via Instagram (used by the Instagram AI Bot)

This data is processed on behalf of the clinic (our client), who remains responsible for obtaining appropriate patient consent and authorizations. See Section 6 for more on our role as a service provider and HIPAA compliance.

3.3 Information Collected Automatically From Website Visitors

When you visit medlaunch.health, we automatically collect:

IP address, browser type and version, operating system, and device type
Pages visited, time spent on each page, links clicked, and referral source
Session identifiers and interaction data
Cookies and similar tracking technologies (see Section 8)

3.4 Information You Submit Via Our Website Contact Form

When you fill out our contact form at medlaunch.health, we collect your name, email address, and any message you choose to send. This information is used solely to respond to your inquiry.

4. How We Use Your Information

We use the information we collect for the following purposes:

For Clinic Clients and Prospects:

Responding to demo requests, inquiries, and assessment bookings
Onboarding your clinic and configuring our AI solutions to your specific workflows
Providing ongoing technical support, monitoring, and performance management
Communicating updates, product changes, and service announcements
Sending relevant content such as blog posts or resources (you may unsubscribe at any time)
Invoicing and processing payments
Improving our solutions based on real-world performance and client feedback

For Patient Data Processed via Our AI Tools:

Delivering the specific AI service requested by the clinic (call handling, documentation, screening, patient messaging)
Generating reports and outputs (such as PHQ-9 scoring summaries) that are delivered to the clinic’s clinical team
Improving the accuracy and performance of our AI systems, using appropriately anonymized or de-identified data where possible

For Website Visitors:

Operating and maintaining our website
Analyzing traffic patterns and improving our web content and user experience
Detecting and preventing fraudulent or malicious activity

For All Users:

Complying with applicable laws and regulations, including HIPAA
Enforcing our agreements and protecting the rights, property, and safety of MedLaunch and others

5. Legal Basis for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases:

Performance of a contract: Processing necessary to deliver our services to you as a client
Legitimate interests: Processing for website analytics, service improvement, security, and fraud prevention, where these interests are not overridden by your rights
Legal obligation: Processing required to comply with applicable laws and regulations
Consent: Where we send marketing communications or use non-essential cookies, we rely on your consent, which you may withdraw at any time

6. HIPAA Compliance and Patient Health Data

Because our AI solutions are deployed within healthcare clinic environments and may involve the processing of patient health information, we take HIPAA compliance seriously.

6.1 Our Role as a Business Associate

When MedLaunch processes Protected Health Information (PHI) on behalf of a covered healthcare entity (our clinic clients), we act as a Business Associate under HIPAA. In this capacity, we are required to:

Use and disclose PHI only as permitted under a signed Business Associate Agreement (BAA) with the clinic
Implement HIPAA-required administrative, physical, and technical safeguards to protect PHI
Report any breach of unsecured PHI to the covered entity promptly
Ensure that any subcontractors who handle PHI are also bound by appropriate agreements

6.2 Business Associate Agreements

All clinic clients whose use of our services involves PHI are required to sign a BAA with MedLaunch before our solutions are deployed. If you are a clinic client and have not yet executed a BAA, please contact us at info@medlaunch.health before using any service that touches patient data.

6.3 PHQ-9 Mental Health Screening Data

The PHQ-9 Screening tool collects sensitive mental health screening information from patients. This data is treated as PHI and handled with the highest level of care. It is used solely to generate the clinician-ready scoring report delivered to the treating provider, and is not used for any other purpose, including marketing or analytics, without explicit authorization.

6.4 Clinic Responsibility

Our clinic clients are responsible for ensuring that their use of MedLaunch’s tools complies with applicable healthcare privacy laws, including obtaining valid patient authorization or consent where required, maintaining accurate records, and fulfilling patient rights obligations under HIPAA.

7. How We Share Your Information

We do not sell your personal information. We do not share client or patient data with advertisers. We share information only in the following circumstances:

7.1 Subcontractors and Technology Partners

We work with carefully selected third-party technology providers to deliver our services. These may include cloud infrastructure providers, AI model providers, voice telephony platforms, CRM and communication tools, and payment processors. All subcontractors who may access PHI are required to sign appropriate data processing agreements and comply with HIPAA requirements. All subcontractors are contractually bound to use your data only for the purposes we specify.

7.2 Clinic Clients

Data processed through our AI tools on behalf of a clinic (such as call transcripts, PHQ-9 reports, and clinical notes) is delivered to that clinic as the intended output of the service. The clinic is the data controller for patient-related data and manages it under their own obligations.

7.3 Legal Requirements

We may disclose information where required by law, court order, government request, or regulatory authority. We may also disclose information where we genuinely believe it is necessary to prevent harm, investigate a security incident, or protect the rights and safety of MedLaunch, our clients, or others.

7.4 Business Transfers

In the event of a merger, acquisition, or sale of MedLaunch’s business or assets, your information may be transferred to the successor entity. We will provide notice of any such transfer and any material changes to how your data is handled.

7.5 With Your Consent

We will share your information for any other purpose only with your explicit prior consent.

8. Cookies and Website Tracking

We use cookies and similar technologies on medlaunch.health to operate the website and understand how it is being used.

Strictly necessary cookies are required for the website to function correctly, such as maintaining your session when filling out the contact form.

Analytics cookies help us understand which pages are visited most often, how users navigate the site, and where improvements can be made. We use this data only to improve our website content and performance.

We do not use advertising cookies, retargeting pixels, or any technology that tracks your behavior across other websites for commercial advertising purposes.

You can control or disable cookies through your browser settings. Disabling strictly necessary cookies may affect website functionality. We honor the Global Privacy Control (GPC) signal where applicable.

9. Data Retention

We retain your information for as long as necessary to fulfill the purposes for which it was collected, maintain our business relationship with you, and comply with applicable legal obligations.

Specifically:

Prospect and contact form data is retained for as long as is reasonable to manage our relationship with you, typically no longer than 2 years from your last interaction if no business relationship follows
Client account and operational data is retained for the duration of the engagement and for a reasonable period afterward to fulfill legal, contractual, and audit requirements
PHI and patient data processed on behalf of clinic clients is retained only as long as required by the BAA and applicable healthcare records laws, which may specify mandatory minimum retention periods
Website analytics data is typically retained in aggregated form and not linked to identifiable individuals beyond the session

When data is no longer needed, we delete or securely anonymize it in accordance with our data disposal procedures.

10. Data Security

We implement industry-standard security measures across our platform and internal operations, including:

Encryption of all data in transit (TLS 1.2 or higher) and sensitive data at rest (AES-256 or equivalent)
Access controls ensuring only authorized personnel can access client and patient data, on a need-to-know basis
Multi-factor authentication for internal systems
Regular security reviews and assessments
Staff training on data handling and HIPAA compliance
Incident response procedures with defined timelines for breach notification

We display our HIPAA-aligned compliance posture openly on our website and take our obligations seriously given the healthcare context of our work.

No technology system is entirely without risk. If you become aware of a potential security incident involving MedLaunch, please contact us immediately at info@medlaunch.health.

11. Your Rights and Choices

For Clinic Clients and Website Contacts:

You have the right to access, correct, or request deletion of the personal information we hold about you. You may also object to or request restriction of certain processing activities. To exercise any of these rights, email us at info@medlaunch.health and we will respond within 30 days.

For Patients:

If you are a patient whose information has been processed through a MedLaunch-powered tool at a clinic, your primary point of contact for accessing, correcting, or deleting your health records is the clinic itself. As a Business Associate, MedLaunch processes patient data on behalf of the clinic and will direct patient rights requests to the appropriate covered entity.

For California Residents (CCPA/CPRA):

You have the right to know what personal information we collect and how it is used, to request deletion of your personal information, to correct inaccuracies, and to opt out of any sale or sharing of personal information. We do not sell personal information. Contact us at info@medlaunch.health to submit a request.

For EU/EEA and UK Residents (GDPR / UK GDPR):

You have the full range of rights under the GDPR or UK GDPR, including rights of access, rectification, erasure, portability, restriction, and objection. If you are unsatisfied with our response, you have the right to lodge a complaint with your national supervisory authority.

Marketing Communications:

If you have received marketing emails from us, you can unsubscribe at any time by clicking the unsubscribe link in the email or by emailing info@medlaunch.health.

12. Children’s Privacy

Our services are designed exclusively for healthcare clinic operators and professionals. We do not knowingly collect personal information directly from individuals under the age of 18. Where patient data involving minors is processed through our clinical tools (for example, a pediatric clinic using the AI Receptionist), this is done strictly on behalf of the clinic, under that clinic’s legal obligations and with appropriate parental consent obtained by the clinic.

13. Third-Party Links

Our website may contain links to external websites, tools, or resources. MedLaunch is not responsible for the content or privacy practices of those third parties. Visiting any linked site means you are subject to that site’s own terms and privacy policy.

14. Changes to This Privacy Policy

We may update this policy as our services evolve or as laws and regulations change. When we make meaningful changes, we will update the “Last Updated” date at the top of this page and, where appropriate, notify our active clients directly via email. We encourage you to review this page periodically.

Your continued use of our website or services after any update constitutes your acceptance of the revised policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how MedLaunch handles your information, please contact us:

MedLaunch Website: medlaunch.health Email: info@medlaunch.health

For BAA inquiries or HIPAA-related matters, please use the same email address and indicate the nature of your request in the subject line.