Privacy Policy

Last updated: January 1st, 2026

Quick summary

This Privacy Policy explains how Quai.MD (“Quai.MD”, “Quai”, “we”, “us”, “our”) collects, uses, and shares information when you visit our public website that links to this policy (the “Website”).

  • This policy covers MD’s public website only. It does not cover data handled inside our customer services.
  • We collect basic website data (like IP address and pages viewed) and anything you send via website forms.
  • We use cookies. Where required, we ask for consent for non-essential cookies (like analytics/marketing).

What this policy covers (and what it does not)

This Privacy Policy applies only to Quai.MD’s public website that links to this policy (the “Website”).

It does not apply to our services. Quai.MD provides services to health systems under customer agreements that include Business Associate Agreements (BAAs). HIPAA (and other applicable laws) and the applicable customer agreement/BAA govern how we handle PHI and other data processed inside those services. If you interact with Quai.MD through a health system, refer to that health system’s notices and policies for PHI and patient rights.

European and UK visitors (GDPR / UK GDPR).

If you access the Website from the European Economic Area (EEA), the United Kingdom, or Switzerland, privacy laws such as the GDPR and UK GDPR may apply to our handling of your Website information (for example, identifiers, logs, and cookie/analytics data). Where required, we provide appropriate notices and choices (including cookie controls) and we honor applicable rights requests (such as access, deletion, or objection), subject to legal limits.

Information we collect on the Website

Information you provide

  • Identifiers and contact details (e.g., name, work email, phone, organization, role) when you fill out a form.
  • Communications content (what you type into a form or email to us).

Information collected automatically

  • Internet / device data (e.g., IP address, browser type, operating system, approximate location derived from IP).
  • Usage data (e.g., pages viewed, timestamps, referring page, basic interactions).
  • Cookies and similar technologies (described below).

Please don’t send sensitive data through Website forms. The Website is not intended to collect PHI, medical details, or other sensitive information.

How we use Website information

We use Website information to:

  • Run and maintain the Website.
  • Respond to messages and requests.
  • Measure Website performance and improve content and usability.
  • Protect the Website (security monitoring, abuse prevention, debugging).
  • Comply with legal obligations.

Cookies and tracking technologies

We use cookies and similar technologies for:

  • Essential functions (security, load balancing, basic site operation).
  • Preferences (where applicable).
  • Analytics to understand Website traffic and improve the Website.
  • Marketing / ads only if we explicitly enable it and provide required choices.

Healthcare websites and trackers: Regulators have highlighted risks when tracking tools (cookies, pixels, tags) transmit data that could reveal health-related interests. Even where the legal line is debated, the practical expectation is to avoid sending sensitive signals to third parties without strong controls.

Your choices

  • You can control cookies through your browser settings (including blocking or deleting cookies).

  • We provide a cookie banner that lets you choose whether to allow non-essential cookies. You can update your choices at any time using the cookie settings link in the banner or on the Website.

  • If you choose not to allow non-essential cookies, some features may be limited.

How we share Website information

We share Website information only as needed:

  • Service providers (hosting, security monitoring, analytics, form handling). They may use data only to provide services to us under contract.
  • Legal and safety (to comply with law, respond to lawful requests, or protect rights and security).
  • Business transfers (merger, acquisition, financing, or sale of assets).

Subprocessors

We use third-party service providers (“Subprocessors”) to operate and support the Website. These Subprocessors process Website information on our behalf for the purposes described in this Privacy Policy.

Our Website Subprocessors include:

  • co.il – Website hosting and WordPress infrastructure (including storage of Website content, technical logs, and related operational data).

  • Google Analytics – Website analytics and measurement (including cookies and usage data, subject to your cookie choices).

  • Google Workspace – Email services used to receive and process messages submitted through Website contact forms.

We may update our Subprocessors from time to time as our Website evolves. If we make material changes, we will update this Privacy Policy accordingly.

Data retention

We keep Website information only as long as needed for the purposes above, including security, legal, and operational needs. Retention varies by data type. Typical examples:

  • Web server logs: [e.g., 30–180 days]
  • Form submissions: [e.g., 12–24 months or until no longer needed]

Security

We use safeguards designed to protect Website information. No method of transmission or storage is fully secure.

International visitors

We may process Website information in countries where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers.

European / UK visitors (GDPR / UK GDPR)

GDPR applies based on where the person is located and whether a site targets or monitors people in the EU/EEA; it’s not about citizenship.

If GDPR / UK GDPR applies to our Website processing, we rely on the following legal bases (depending on context):

  • Consent: non-essential cookies (analytics/marketing) where required.
  • Legitimate interests: Website security, fraud prevention, and basic analytics that are strictly necessary to operate and protect the Website (where permitted).
  • Steps at your request / contract: responding when you contact us about a potential business relationship (where applicable).

Your rights may include access, correction, deletion, objection, and portability (subject to limits). Contact us using the details below.

US state privacy (including California)

This section applies to Website visitors to the extent state privacy laws apply.

Categories of personal information we collect (Website)

  • Identifiers (name, email, IP address)
  • Internet/network activity (pages viewed, interactions)
  • Professional/employment-related info you provide (company, role)

Do we sell or share personal information?

  • We do not sell personal information.
  • We do not “share” personal information for cross-context behavioral advertising, unless we enable marketing/retargeting cookies. If we do, we will provide a clear opt-out. (“Sharing” for this purpose is a defined concept under California law.)

Opt-out preference signals / Global Privacy Control (GPC)
If we engage in sale/sharing that requires an opt-out, we will honor browser-based opt-out signals such as GPC, as required for covered businesses.

Submitting requests and verification
You (or an authorized agent, where allowed) may request access, deletion, or correction, depending on the law that applies. To protect you, we will verify requests using reasonable methods (for example, by confirming control of the email address used in the request and/or asking for limited additional information).

Children

The Website is not directed to children, and we do not knowingly collect personal information from children through the Website.

Changes

We may update this policy. We will update the “Last updated” date when we do. If changes are material, we will provide notice as required.

Contact Information

If you have questions or concerns regarding your privacy, please contact us at privacy@quai.md.