Privacy Policy

1.1. This Privacy Policy applies to all information collected by AGen MD through: (a) the AGen MD website at www.agenmd.com and all associated subdomains; (b) the AGen MD platform, applications, and software; (c) AGen MD APIs and integrations; (d) email, telephone, and other communications with AGen MD; (e) interactions with AGen MD at events, conferences, or trade shows; and (f) any other means through which AGen MD collects information from or about you.

1.2. This Privacy Policy applies to all users of AGen MD services, including but not limited to: healthcare providers, provider networks, telehealth operators, pharmacies, pharmacy networks, administrators, staff members, and any other individuals or entities that interact with AGen MD.

1.3. By accessing or using any AGen MD service, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use AGen MD services.

2.1. Information You Provide Directly:

(a) Account Information: Name, email address, phone number, job title, organization name, professional credentials, NPI number, DEA number, state license numbers, and other registration information.

(b) Billing Information: Payment card details, billing address, tax identification numbers, and other financial information necessary to process payments. Payment card details are processed by our third-party payment processor (Stripe) and are not stored on AGen MD servers.

(c) Organization Information: Practice name, practice type, specialty, number of providers, number of locations, states of operation, current EHR system, and other organizational details.

(d) Communications: Information contained in emails, contact form submissions, support tickets, chat messages, phone calls, and other communications with AGen MD.

(e) Platform Data: Clinical data, patient records, prescriptions, lab results, appointment information, billing codes, and other data entered into the Platform by authorized users. This data is owned by the Client and processed by AGen MD solely as a service provider.

2.2. Information Collected Automatically:

(a) Device and Browser Information: IP address, browser type and version, operating system, device type, device identifiers, screen resolution, and language preferences.

(b) Usage Information: Pages visited, features used, actions taken, time spent on pages, click patterns, search queries, and navigation paths within the Platform.

(c) Log Data: Server logs, access logs, error logs, API call logs, and other technical logs generated by your use of the Services.

(d) Location Information: Approximate geographic location derived from IP address. We do not collect precise GPS location data.

(e) Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, local storage, and similar tracking technologies as described in Section 9.

2.3. Information from Third Parties:

(a) Information from identity verification services, credential verification databases, and professional licensing boards.

(b) Information from integrated third-party services (e.g., laboratory systems, pharmacy systems, payer systems) as authorized by you.

(c) Information from business partners, referral sources, and marketing partners.

(d) Publicly available information from professional directories, government databases, and social media profiles.

AGen MD uses the information we collect for the following purposes:

3.1. Service Delivery: To provide, maintain, improve, and personalize the Platform and Services; to process transactions and send related information; to create and manage your account; to provide technical support and customer service; and to respond to your inquiries and requests.

3.2. Platform Operations: To monitor and analyze usage patterns and trends; to detect, prevent, and address technical issues, security incidents, and fraudulent activity; to conduct quality assurance and testing; and to optimize Platform performance and reliability.

3.3. Communications: To send you service-related notices, updates, security alerts, and administrative messages; to send marketing communications (with your consent where required); to facilitate communications between Platform users as authorized; and to respond to legal requests and prevent harm.

3.4. Analytics and Improvement: To conduct research and analysis using anonymized and aggregated data; to develop new products, features, and services; to generate industry benchmarks and insights; and to improve the accuracy and effectiveness of clinical decision support tools.

3.5. Legal and Compliance: To comply with applicable laws, regulations, and legal processes; to enforce our Terms of Service and other agreements; to protect the rights, property, and safety of AGen MD, our users, and the public; and to respond to government and regulatory requests.

4.1. We do not sell your personal information. AGen MD does not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2. Service Providers: We share information with third-party service providers who perform services on our behalf, including cloud hosting providers, payment processors, email service providers, analytics providers, customer support tools, and security services. These providers are contractually obligated to use your information only as necessary to perform services for AGen MD and to maintain appropriate security measures.

4.3. Integrated Systems: When you authorize integrations with third-party systems (e.g., laboratories, pharmacies, payers, clearinghouses), we share information as necessary to facilitate those integrations. The use of your information by these third parties is governed by their own privacy policies.

4.4. Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, including but not limited to: subpoenas, court orders, search warrants, national security letters, and requests from regulatory agencies (e.g., HHS, OCR, DEA, state licensing boards).

4.5. Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of AGen MD's assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

4.6. With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

4.7. Aggregated and De-Identified Data: We may share anonymized, de-identified, and aggregated data that cannot reasonably be used to identify any individual for research, analytics, benchmarking, and other purposes.

6.1. AGen MD retains your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

(a) Account Information: Retained for the duration of your account and for a reasonable period thereafter (typically 90 days) to allow for account reactivation.

(b) Platform Data (including clinical data): Retained in accordance with the terms of your subscription agreement and applicable healthcare record retention laws, which may require retention for periods ranging from 6 to 30 years depending on jurisdiction and data type.

(c) Billing Information: Retained for the period required by applicable tax and financial regulations (typically 7 years).

(d) Communications: Retained for the period necessary to resolve inquiries and for quality assurance purposes (typically 3 years).

(e) Log Data: Retained for security and compliance purposes (typically 1-3 years).

6.2. Upon termination of your account, AGen MD will provide a reasonable period (typically 30 days) for you to export your data. After this period, AGen MD may delete your data in accordance with its data retention policies, subject to any legal obligations requiring continued retention.

7.1. AGen MD implements a comprehensive information security program that includes administrative, technical, and physical safeguards designed to protect your information. These measures include:

(a) Encryption: Data encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.

(b) Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and principle of least privilege.

(c) Monitoring: Continuous security monitoring, intrusion detection systems, and automated alerting.

(d) Audit Logging: Comprehensive audit trails of all access to and modifications of sensitive data.

(e) Incident Response: Documented incident response plan with defined roles, procedures, and notification timelines.

(f) Workforce Training: Regular security awareness training for all AGen MD personnel.

(g) Vendor Management: Security assessments and contractual requirements for all third-party service providers.

7.2. Despite these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. While AGen MD strives to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. AGen MD shall not be liable for any unauthorized access to, or breach of, your information that occurs despite AGen MD's commercially reasonable security measures.

8.1. Depending on your jurisdiction, you may have the following rights regarding your personal information:

(a) Right to Access: You may request a copy of the personal information we hold about you.

(b) Right to Correction: You may request that we correct inaccurate or incomplete personal information.

(c) Right to Deletion: You may request that we delete your personal information, subject to certain exceptions (e.g., legal retention requirements, ongoing contractual obligations).

(d) Right to Data Portability: You may request a copy of your personal information in a structured, commonly used, machine-readable format.

(e) Right to Opt-Out: You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us.

(f) Right to Restrict Processing: You may request that we restrict the processing of your personal information in certain circumstances.

(g) Right to Object: You may object to the processing of your personal information in certain circumstances.

8.2. To exercise any of these rights, please contact us using the information provided in Section 15. We will respond to your request within the timeframe required by applicable law (typically 30-45 days). We may require verification of your identity before processing your request.

8.3. Please note that certain rights may be limited where we have a legal obligation to retain information, where deletion would impair the rights of others, or where the information is necessary for the performance of a contract.

9.1. AGen MD uses cookies and similar tracking technologies to collect information about your browsing activities and to distinguish you from other users. The types of cookies we use include:

(a) Strictly Necessary Cookies: Essential for the operation of the Platform, including authentication, session management, and security features. These cookies cannot be disabled.

(b) Functional Cookies: Used to remember your preferences and settings, such as language, timezone, and display preferences.

(c) Analytics Cookies: Used to collect information about how you use the Platform, including pages visited, features used, and error messages encountered. This information is used to improve the Platform.

(d) Marketing Cookies: Used to deliver relevant advertisements and to measure the effectiveness of marketing campaigns. These cookies are only used with your consent where required by law.

9.2. You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

10.1. The Platform may contain links to third-party websites, services, and applications. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through the Platform.

10.2. AGen MD is not responsible for the privacy practices, security measures, or content of any third-party services. Your interactions with third-party services are governed by those third parties' own terms and privacy policies.

10.3. Any partners, referral partners, or affiliated entities (including but not limited to LegitScript, pharmacy partners, laboratory partners, clearinghouse partners, and technology partners) are independent third-party companies not owned or controlled by AGen MD. Any data shared with these partners is subject to their own privacy policies and data handling practices. All due diligence regarding these or any other companies should be conducted solely by the party engaging with them.

11.1. The AGen MD Platform is designed for use by healthcare professionals and organizations. We do not knowingly collect personal information directly from children under the age of 13 (or the applicable age of consent in your jurisdiction).

11.2. To the extent that pediatric patient data is processed through the Platform by authorized healthcare providers, such data is treated as PHI and is subject to the protections described in Section 5 and the applicable Business Associate Agreement.

11.3. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

12.1. AGen MD is based in the United States. If you access the Platform from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where AGen MD or its service providers maintain facilities.

12.2. These countries may have data protection laws that differ from those in your country of residence. By using the Platform, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

12.3. Where required by applicable law, AGen MD implements appropriate safeguards for international data transfers, including Standard Contractual Clauses, data processing agreements, and other mechanisms approved by relevant data protection authorities.

13.1. California Residents (CCPA/CPRA): If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including: the right to know what personal information is collected, used, shared, or sold; the right to delete personal information; the right to opt-out of the sale or sharing of personal information; the right to correct inaccurate personal information; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising your privacy rights. AGen MD does not sell personal information as defined by the CCPA/CPRA.

13.2. Virginia Residents (VCDPA): If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act (VCDPA), including the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of targeted advertising, the sale of personal data, and profiling.

13.3. Other State Privacy Laws: Residents of Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws may have additional rights. Please contact us to exercise any rights available to you under your state's privacy law.

14.1. AGen MD reserves the right to modify this Privacy Policy at any time. We will notify you of material changes by: (a) posting the updated Privacy Policy on our website with a revised "Last Updated" date; (b) sending an email notification to the address associated with your account; or (c) displaying a prominent notice within the Platform.

14.2. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with any changes, you must discontinue your use of the Services.

14.3. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: