Skip to content
Medonix

Legal · Privacy

Privacy Policy.

Medonix protects information collected through our website, customer dashboard, and operational platform. This policy describes what we collect, how we use it, who we share it with, and the rights you have over your information.

Effective: January 1, 2026

Questions? hello@medonix.io

Medonix Inc. ("Medonix," "we," "us") operates https://medonix.io and provides revenue cycle management software and services to U.S. healthcare providers. This Privacy Policy explains how we handle information collected from visitors to our website, prospective customers, active customers, and personnel of customer organizations.

Protected health information (PHI) handled on behalf of customer organizations is governed by a separate Business Associate Agreement (BAA) and is not covered by the consumer terms below.

1. Information we collect

We collect three categories of information:

  • Information you provide. Contact details (name, work email, phone number), organization details (practice or facility name, role, annual collections range), and any content you submit through our forms or sales communications.
  • Information collected automatically. Device and browser metadata, IP address, referring URL, page-view paths, and cookie identifiers used for analytics and security.
  • Information from third parties. Data enrichment from B2B contact-data providers, CRM integrations, and information shared by an organization that has authorized you to act on its behalf.

We do not knowingly collect information from children under 18. If you believe a minor has submitted information, contact hello@medonix.io and we will delete it.

2. How we use information

  • To respond to inquiries, schedule demos, and deliver requested services.
  • To operate, maintain, and improve our website, dashboard, and platform.
  • To send service communications (account, billing, security, policy updates).
  • To send marketing communications you have opted into. You can unsubscribe from any marketing email at any time.
  • To comply with legal obligations, including HIPAA, the No Surprises Act, and applicable state privacy laws.
  • To detect, prevent, and respond to fraud, abuse, or security incidents.

3. HIPAA and protected health information

When Medonix processes PHI on behalf of a covered entity or another business associate, we operate as a business associate under HIPAA. PHI handling is governed by the executed BAA between the parties, not by this Privacy Policy. Our security controls, access logging, encryption practices, and breach-notification procedures are described in the BAA and our Trust Center.

4. How we share information

  • Service providers. Cloud infrastructure, analytics, email delivery, customer support, and payment processing vendors that operate under written agreements requiring confidentiality and security controls equivalent to ours.
  • Customer organizations. If you interact with our website on behalf of a customer, we may share information with that organization.
  • Legal and safety. When required by law, subpoena, or court order, or to protect rights, property, or safety.
  • Business transfers. In connection with a merger, acquisition, or asset sale, subject to confidentiality and successor obligations consistent with this policy.

We do not sell personal information for monetary consideration.

5. Cookies and analytics

We use first-party and limited third-party cookies for authentication, security, and analytics (Google Analytics 4, with IP anonymization). You can disable cookies in your browser settings; some site functionality may be reduced. We honor Global Privacy Control (GPC) signals where required by law.

6. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or limit processing of your information; to opt out of certain disclosures; and to appeal a decision we make about your request. To exercise these rights, contact hello@medonix.io. We will respond within the time periods required by applicable law (45 days under CCPA; one month under GDPR, extendable by two months for complex requests).

California residents: see our CCPA Notice for additional disclosures.

7. Data retention

We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and are documented in our internal data-retention schedule. PHI retention is governed by the BAA and applicable state record-retention laws.

8. Security

Medonix maintains administrative, physical, and technical safeguards designed to protect personal information, including encryption in transit and at rest, role-based access controls, continuous monitoring, third-party penetration testing, and a documented incident-response program. No system is perfectly secure; if we become aware of a breach affecting your information, we will notify you in accordance with applicable law.

9. International data transfers

Medonix operates from the United States. Our customer-facing services are designed for U.S. healthcare providers. If you access our website from outside the U.S., your information will be transferred to and processed in the U.S. We rely on appropriate transfer mechanisms (Standard Contractual Clauses) where required.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the current version. Material changes will be communicated via email or a prominent notice on our website prior to taking effect.

11. Contact

Privacy questions or requests: hello@medonix.io. Mailing address available on request.