Privacy Policy
Last updated: July 6, 2026
MedFormkit is built to handle clinical data responsibly. This policy explains what we collect, how it is used, and how it is protected.
1. Overview
This Privacy Policy explains how MedFormkit ("we", "us", "our") collects, uses, stores, and protects information when clinics and their staff use our forms, patient files, and charting platform.
By creating an account or using MedFormkit, you agree to the practices described in this policy. If you do not agree, please do not use the platform.
2. Information We Collect
We collect information in three broad categories:
- Account information: name, email, clinic or facility name, role, and login credentials.
- Clinical data: form responses, patient identifiers your clinic chooses to store, assessment results, and any files or notes attached to a patient record.
- Usage data: device information, log data, and interactions with the platform, used to maintain and improve the service.
3. How We Use Information
We use account information to provide access to the platform, manage subscriptions, and communicate service updates.
Clinical data is used only to deliver the service to your clinic: storing submissions, connecting them to patient files, generating charts, and surfacing AI pattern flags for your team's review. We do not use clinical data to train third-party models or sell it to advertisers.
Usage data helps us diagnose issues, improve performance, and understand which features clinics rely on most.
4. Patient Data and Protected Health Information
Your clinic is the data controller for the patient information entered into MedFormkit. We act as a data processor, storing and processing that information only on your instructions and for the purpose of operating the platform.
Access to patient records is restricted to authorized users within your clinic account. We do not share identifiable patient data with third parties except as required to operate the service (for example, secure cloud hosting) or as required by law.
5. Data Storage and Security
Data is encrypted in transit and at rest. Access to production systems is limited to authorized personnel and logged.
We review our security practices on an ongoing basis and apply patches and updates promptly. No system is completely immune to risk, and we will notify affected clinics without undue delay if a breach affecting their data occurs.
6. Data Retention
We retain clinical data for as long as your clinic maintains an active account, plus a limited period afterward to allow for account recovery and to meet legal record-keeping obligations.
You can request deletion of your clinic's data by contacting us. Some information may be retained where required by law or for legitimate audit purposes.
7. Third-Party Service Providers
We rely on a small number of vetted providers for infrastructure such as cloud hosting, email delivery, and payment processing. These providers only receive the information necessary to perform their function and are bound by confidentiality obligations.
8. Your Rights and Choices
Depending on your location, you may have the right to access, correct, export, or request deletion of your account information. Clinic administrators can manage most of this directly within account settings.
For requests relating to patient data, please route them through your clinic administrator, since your clinic controls that data.
9. Cookies and Tracking
We use essential cookies to keep you signed in and to remember basic preferences. We do not use third-party advertising cookies on the platform.
10. Changes to This Policy
We may update this policy as the platform evolves. Material changes will be communicated by email or an in-app notice before they take effect.
11. Contact Us
Questions about this policy or how your data is handled can be sent to privacy@medformkit.com.