Information We Collect
- Account and organization details such as administrator names, work email addresses, billing contacts, practice identifiers, and subscription records.
- Platform configuration data such as user roles, permissions, templates, workflows, integrations, and communication settings.
- Usage, device, and security telemetry such as IP addresses, login activity, browser information, audit events, and support diagnostics.
- Protected health information and operational records uploaded or created by authorized tenant users within the EMRGENIUS platform.
How We Use Information
- To provide, secure, maintain, and improve the EMRGENIUS platform and related customer support.
- To authenticate users, enforce access controls, monitor abuse, and investigate reliability or security issues.
- To process subscriptions, invoices, renewal notices, and service communications.
- To comply with contractual, legal, and regulatory obligations, including healthcare privacy and security requirements.
Data Sharing
We do not sell customer or patient data. We share information only with authorized subprocessors, infrastructure providers, and integration partners that support delivery of the service under appropriate confidentiality, data processing, and security obligations.
We may also disclose information when directed by a tenant, when necessary to complete a requested integration, in connection with a business transfer, or when required by law, subpoena, or other lawful process.
Data Security
EMRGENIUS uses layered technical and organizational safeguards designed for healthcare workloads, including encryption in transit and at rest, least-privilege access, audit logging, environment segregation, secure backups, and monitoring for suspicious activity.
No system is absolutely secure, but we continuously review controls, access patterns, and vendor posture to reduce risk and respond quickly to incidents.
HIPAA Compliance
For eligible United States healthcare customers, EMRGENIUS supports HIPAA-ready workflows and may act as a business associate when handling protected health information on behalf of a covered entity or another business associate under a signed agreement.
Customers remain responsible for configuring appropriate access, minimum-necessary use, notice and consent practices, and their own downstream disclosures outside the platform.
GDPR Rights
Where GDPR applies, data subjects may have rights to access, correct, erase, restrict, object to certain processing, and receive personal data in a portable format. When EMRGENIUS processes tenant data as a processor, requests relating to that data should normally be directed to the relevant tenant organization first.
Requests relating to EMRGENIUS account, billing, and vendor-management records may be sent directly to us using the contact information below.
Data Retention
We retain information for as long as needed to provide the service, satisfy legal obligations, resolve disputes, and enforce agreements. Tenant data is retained according to subscription status, documented retention controls, backup schedules, and written deletion or export requests.
At the end of the customer relationship, we support return or deletion workflows consistent with contractual commitments and applicable law.
Cookie Policy
EMRGENIUS uses essential cookies and similar technologies for authentication, session continuity, fraud prevention, and product security. We may also use limited analytics or performance tooling to understand service reliability and feature adoption.
Where required by law, non-essential technologies will be managed through an appropriate consent mechanism. Browser controls may also let you manage certain cookie preferences.
Contact Information
Questions about this Privacy Policy or privacy-related requests may be sent to [email protected].