Privacy Policy
1. Who We Are
MendAId ("we," "us," or "our") is a healthcare communication platform that enables physicians to deliver automated, protocol-driven care messages to their patients. Our registered business address is: MendAId, Fort Collins, Colorado, United States. Contact us at privacy@mend-aid.com.
2. Information We Collect
We collect information in two capacities: from healthcare providers (surgeons and their staff) and from patients enrolled in care programs.
From healthcare providers:
- Name, email address, and password (for account creation)
- Practice name, specialty, and professional phone number
- Clinical protocols and post-operative care instructions
- Patient lists and care timelines
From patients:
- Name and mobile phone number
- Procedure type and surgery date
- SMS messages sent to and received from our care coordinator
- Consent acknowledgment at time of enrollment
3. How We Use Your Information
- To deliver automated post-operative care messages on behalf of the treating physician
- To respond to patient questions using physician-authored protocols
- To alert the treating physician when patient messages indicate potential urgent concerns
- To generate monthly practice reports for the treating physician
- To improve the accuracy and quality of care communication over time
- To comply with applicable laws and regulations
4. SMS Messaging Program
By enrolling in MendAId's care messaging program, patients consent to receive automated SMS text messages from their surgeon's practice. These messages are delivered by Remi, an AI care coordinator operating on behalf of the treating physician.
- Opt-in: Patients must affirmatively consent at enrollment before receiving any messages
- Opt-out: Reply STOP to any message to immediately stop all messages
- Help: Reply HELP to any message for support information
- Frequency: Message frequency varies based on care timeline, typically 1–3 messages per week
- Costs: Standard message and data rates from your carrier may apply
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.
Information may be shared with subcontractors that support our service delivery (such as Twilio for SMS infrastructure). All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Text messaging originator opt-in data and consent will not be shared with any third parties.
5. Information Sharing
We do not sell personal information. We share information only as follows:
- With the treating physician: Patient messages and escalation alerts are shared with the enrolled physician
- Service providers: We use Twilio (SMS delivery), Supabase (authentication), Anthropic (AI processing), and Render (hosting). Each is bound by data processing agreements
- Legal requirements: We may disclose information when required by law or to protect the safety of patients or others
We do not share, sell, or rent patient mobile phone numbers, SMS opt-in status, or message content with any third party for marketing, advertising, or promotional purposes.
6. HIPAA
MendAId operates as a Business Associate under HIPAA when processing Protected Health Information (PHI) on behalf of covered healthcare providers. We execute Business Associate Agreements (BAAs) with covered entities upon request. We implement administrative, physical, and technical safeguards appropriate to the sensitivity of health information.
7. Data Security
We protect information using industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews. We promptly notify affected parties of any security incidents as required by applicable law.
8. Data Retention
We retain patient communication records for a minimum of 6 years from the date of last activity to support clinical record-keeping requirements. Healthcare providers may request deletion of their account and associated data by contacting us at privacy@mend-aid.com.
9. Your Rights
Depending on your location, you may have rights to access, correct, or delete your personal information. Patients wishing to opt out of messaging may reply STOP to any message or contact their physician's office. For other data requests, contact privacy@mend-aid.com.
10. Children's Privacy
Our service is not directed to individuals under 18. We do not knowingly collect personal information from minors without parental consent.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions or requests:
Email: privacy@mend-aid.com
Address: MendAId, Fort Collins, Colorado, United States