CCPA notice for California residents.

In the past twelve months, Medonix has collected the following categories of personal information:

• Identifiers (name, email, phone, IP address)
• Customer records (signature, financial information for billing, paid customers only)
• Commercial information (services purchased or considered, transaction history)
• Internet or network activity (page-view paths, referring URLs, device metadata)
• Geolocation data (approximate, derived from IP)
• Professional information (employer, job title, organization size)
• Inferences (from the categories above, used for service improvement and account targeting)

We do not knowingly collect Sensitive Personal Information for purposes that would require a right-to-limit notice under §7027 of the CCPA regulations. PHI processed under a BAA is governed by HIPAA and excluded from CCPA coverage per §1798.146.

• Directly from you (forms, sales communications, support tickets).
• Automatically when you use our website (analytics, cookies, server logs).
• From your employer or the organization that authorized you to act on its behalf.
• From third-party data-enrichment and CRM-integration vendors.

• Providing, securing, and improving our services.
• Communicating with you about your account, requested services, or marketing you have opted into.
• Processing payments and managing customer accounts.
• Detecting and preventing fraud, abuse, or security incidents.
• Complying with legal obligations.

Medonix does not sell personal information for monetary consideration. We may share limited information with analytics and advertising vendors that operate cookies on our website, which under the CPRA may constitute "sharing" for cross-context behavioral advertising. You can opt out at any time using the methods in Section 6 below.

California residents have the right to:

• Know what categories of personal information we have collected, the sources, the purposes, and the categories of recipients.
• Access the specific pieces of personal information we have collected about you.
• Delete personal information we have collected about you, subject to legal exceptions.
• Correct inaccurate personal information we maintain about you.
• Opt out of the sale or sharing of your personal information.
• Limit the use of Sensitive Personal Information (we do not currently use it for purposes that would trigger this right).
• Non-discrimination when exercising your rights. We will not deny goods or services, charge different prices, or provide a different level of quality.
• Appeal a decision we make about your request.

To submit a request, contact us:

• Email: hello@medonix.io with the subject line "CCPA Request."
• Phone: +1-302-520-5413

We will verify your identity before responding, typically by matching information you provide with what we have on file. Authorized agents may submit requests on your behalf with written authorization. We respond within 45 days; complex requests may be extended once for an additional 45 days with notice.

Medonix honors the Global Privacy Control (GPC) browser signal as a request to opt out of the sale or sharing of personal information for the browser and device transmitting the signal.

We may update this notice from time to time. The "Effective" date at the top reflects the current version. Material changes will be communicated via email or a prominent notice on our website.