LEGAL

Privacy Policy

Last updated: February 2026. Your privacy is fundamental to how we operate.

MedScale, Inc. ("MedScale," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. By using MedScale, you consent to the practices described in this policy.

1. Information We Collect

  • Personal Information: Name, email, phone, professional credentials, and practice data provided during registration.
  • Financial Data: Investment preferences, AUM, deal history (investors); revenue metrics, KPIs, capital needs (physicians).
  • Usage Data: Pages visited, features used, time on platform, and interaction patterns to improve our service.
  • Device Data: Browser type, IP address, device identifiers for security and fraud prevention.
  • Physician profiles are anonymized by default — identifying information is only shared with your explicit consent.

2. How We Use Your Data

  • Matching: Powering our AI-driven physician-investor matching algorithm to create optimal partnerships.
  • Communications: Sending deal alerts, platform updates, and relevant market intelligence.
  • Compliance: Verifying identities, credentials, and regulatory requirements (SEC, CPOM, Anti-Kickback).
  • Improvement: Analyzing usage patterns to enhance platform features and user experience.
  • Personalization: Tailoring deal recommendations and market insights to your profile and preferences.

3. Information Sharing

  • We never sell your personal data to third parties for marketing purposes.
  • Physician profiles are shared with investors only after mutual interest is confirmed and you explicitly authorize identity disclosure.
  • Service providers (hosting, analytics) are bound by strict data processing agreements.
  • Legal partners involved in transactions receive relevant information with your consent.
  • We may disclose data when required by law, regulation, or governmental request.

4. Data Security

  • 256-bit SSL/TLS encryption for all data in transit.
  • AES-256 encryption for data at rest.
  • SOC 2 Type II compliance (in progress).
  • Regular security audits and penetration testing.
  • HIPAA-compliant data handling procedures for protected health information.
  • Secure data rooms for due diligence materials.

5. HIPAA Compliance

  • MedScale implements administrative, physical, and technical safeguards to protect any PHI.
  • Business Associate Agreements (BAAs) maintained with all service providers who may access PHI.
  • Patient information is never shared — physician KPIs are aggregated and anonymized.
  • Role-based access controls with multi-factor authentication for all internal systems.

6. Your Rights

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Update or correct any inaccurate personal information.
  • Deletion: Request deletion of your account and associated data, subject to legal retention requirements.
  • Portability: Export your data in a standard machine-readable format.
  • Opt-Out: Opt out of marketing communications at any time.
  • Contact [email protected] to exercise any of these rights.

7. Data Retention

  • Active accounts: Data retained for the duration of your account.
  • Physician KPI data retained for active profile plus 7 years for regulatory compliance.
  • Transaction records retained for 10 years per SEC requirements.
  • Closed accounts: Personal data deleted within 90 days of account closure, subject to legal requirements.

Questions about our privacy practices? Contact [email protected]

Contact Us