Privacy Policy
Last updated: April 2025. This policy describes how eCareHRMS collects, uses, and protects information from visitors and customers.
What we collect
Website visitors: anonymized analytics (page views, referrer, device type). Form submitters: name, email, organization, role, and what you asked about. Customers: information you provide while using the platform plus operational logs.
How we use it
To deliver the service, support you, send relevant product and security updates, and improve our products. We do not sell personal data. We do not use customer PHI to train AI models without explicit, opt-in consent.
How we share it
With subprocessors required to deliver the service (cloud hosting, email, analytics). All subprocessors are bound by data processing agreements and HIPAA BAAs where applicable. Full subprocessor list available on request.
Your rights
You can access, correct, export, or delete your personal data at any time by emailing privacy@medarch.com. Customers can also do this directly inside the platform. We respond to verifiable requests within 30 days.
Children & minors
Our products are not directed to children under 13. If you believe we have inadvertently collected personal data from a minor, contact us and we will delete it.
Contact
Questions about this policy or our data practices? Email privacy@medarch.com or our Data Protection Officer at dpo@medarch.com.
Need a DPA?
EU/UK customers can request a Data Processing Addendum compliant with GDPR, UK GDPR, and Standard Contractual Clauses by emailing dpo@medarch.com.