Contents
Healthcare Privacy Commitment
As a healthcare technology company, Medesto Health takes data privacy seriously. This marketing website does not collect, store, or process any protected health information (PHI) as defined by HIPAA. Our platform products (Pulse, Bridge, and Fetch) maintain separate, HIPAA-compliant privacy practices governed by Business Associate Agreements with our enterprise clients.
In compliance with the HHS Bulletin on tracking technologies (December 2022, updated June 2024), this website does not deploy marketing pixels, fingerprinting technologies, or any tracking mechanism that could associate browsing behavior with individually identifiable health information.
Information We Collect
[Your legal team should detail: types of personal data collected (name, email, company via contact form), automatically collected data (IP address, browser type, device info), and what is NOT collected (PHI, SSN, insurance info). Include lawful basis for each category.]
How We Use Your Information
[Your legal team should detail: purposes of data processing, lawful basis under GDPR (consent, legitimate interest, contract), retention periods for each purpose.]
Third-Party Services
[Your legal team should detail: Google Analytics 4 (with anonymize_ip, advertising features disabled per HHS guidance), HubSpot (CRM and forms), LinkedIn Insight Tag (analytics only, consent-gated). Include links to each provider's privacy policy. Note: no data is shared with these services until the user opts in through the consent banner.]
Data Retention
[Your legal team should specify retention periods for contact form submissions, analytics data, and cookie consent records. Note: consent records include timestamp and version for audit compliance.]
Your Rights
[Your legal team should detail: right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object. Include how to exercise these rights and response timeframe (e.g., 30 days).]
California Privacy Rights (CCPA/CPRA)
[Your legal team should detail: right to know, right to delete, right to opt-out of sale/sharing, right to non-discrimination. Note: Medesto Health does not sell personal information. Include the "Do Not Sell or Share My Personal Information" mechanism and Global Privacy Control (GPC) signal support.]
This site respects the Global Privacy Control (GPC) signal. When detected, we automatically limit data processing to essential functions only.
European Privacy Rights (GDPR)
[Your legal team should detail: lawful bases for processing, data protection officer contact (if applicable), supervisory authority, international transfer mechanisms (Standard Contractual Clauses), and how EU residents can exercise their rights.]
Children's Privacy
This website is not directed at children under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will promptly delete that information.
Changes to This Policy
[Your legal team should detail: how changes are communicated, whether consent is re-requested for material changes, and versioning approach. Note: the cookie consent system includes version tracking; users will be re-prompted when the consent version changes.]
Contact Us
[Your legal team should provide: privacy-specific email address, mailing address, data protection officer contact (if applicable), and expected response timeframe.]