NEW: The pharmacist's guide to the Rural Health Transformation Program β€” Read the brief β†’
Status Pharmacist Login
Homeβ€Ί Legal β€Ί Privacy
Legal

Privacy Policy.

How MedMe Health collects, uses, shares, and protects personal information across our United States and Canadian operations. Last updated: April 15, 2026.

MedMe Health, Inc. ("MedMe," "we," "us," "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our websites at medmehealth.com (and regional subdomains), interact with our applications, log into our pharmacy clinical platform, or otherwise communicate with us.

1. Scope & controllers

This policy applies to all visitors of our public marketing site, prospective customers who request demos or trials, and pharmacist users of the MedMe platform. Where MedMe acts as a data controller (or "custodian," in Canada), this policy governs our practices directly. Where MedMe acts as a data processor (or "service provider") for a pharmacy customer β€” for example, when handling patient health information on behalf of a pharmacy β€” our practices are governed by our agreement with that pharmacy, including a Business Associate Agreement (BAA) under HIPAA in the United States, and a written information-management agreement under PIPEDA and applicable provincial privacy laws in Canada.

The data controller for our marketing and corporate operations is MedMe Health, Inc. with offices in Toronto, Ontario, Canada and Boston, Massachusetts, United States.

2. Information we collect

We collect three categories of personal information:

2.1 Information you provide

When you contact us, request a demo, sign up for our newsletter, apply for a job, or correspond with our teams, you may provide your name, email address, telephone number, employer, role, country, and any other information you choose to share. When you log in as a pharmacist user, you provide your name, work email, phone number, professional licence information, pharmacy affiliation, and authentication credentials.

2.2 Information collected automatically

When you use our website or applications, we and our service providers collect technical information about your device and interactions, including IP address, browser type and version, operating system, device identifiers, referring URL, pages viewed, links clicked, time stamps, and approximate geographic location derived from IP. We use first-party analytics cookies and a small number of third-party cookies to understand site usage and improve our service.

2.3 Information from third parties

We receive information from your employer (the pharmacy that licenses MedMe), from professional associations who verify pharmacist licensure, from your single sign-on provider when you authenticate via SSO, and from publicly available sources for sales-research purposes. We do not purchase consumer data lists.

What we do not collect through our marketing site. Our public marketing site (medmehealth.com) does not collect patient personal health information. Patient information is processed only inside the pharmacist-facing platform, on behalf of the pharmacy that has licensed MedMe and signed a BAA or equivalent agreement.

3. How we use information

We use the information we collect for legitimate business purposes, including:

  • Providing, maintaining, and improving our websites and platform;
  • Authenticating users and securing accounts (including multi-factor authentication);
  • Communicating with you about demos, trials, contracts, billing, and service notifications;
  • Providing customer support, training, and technical assistance;
  • Sending operational and (with consent, where required) marketing communications;
  • Conducting product analytics, usage research, and quality improvement;
  • Preventing fraud, abuse, and security incidents, and enforcing our Terms;
  • Complying with legal, regulatory, and professional-licensure obligations.

Where required by applicable law, we rely on the following legal bases for processing: performance of a contract with you, your consent, our legitimate interests (balanced against your rights), and compliance with legal obligations.

4. How we share information

We do not sell personal information. We share personal information only with:

  • Your pharmacy employer. If you log in as a pharmacist user, your activity, configuration, and identity are visible to your pharmacy customer's administrators, as required for the operation of the platform.
  • Service providers. Hosting (Amazon Web Services), email delivery, analytics, customer support tooling, payment processing (for our own customer billing β€” not patient billing), error monitoring, and security monitoring. Each service provider is bound by confidentiality and data-protection contractual terms.
  • Professional advisors. Auditors, legal counsel, and other advisors as needed under confidentiality.
  • Authorities, when legally required. Including for compliance with subpoena, court order, regulator request, or to protect the rights, property, or safety of MedMe, our customers, or others. Where permitted, we will notify the affected customer before disclosing.
  • Successor entities. In the event of a merger, acquisition, or asset sale, personal information may be transferred to the successor entity, subject to this Privacy Policy.

5. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete your information in certain circumstances;
  • Restrict or object to certain processing;
  • Portability β€” receive your information in a machine-readable format;
  • Withdraw consent at any time where we rely on consent;
  • Lodge a complaint with your data protection authority (e.g., the Office of the Privacy Commissioner of Canada, your provincial privacy commissioner, or your state attorney general).

To exercise these rights with respect to information that MedMe controls, please email privacy@medmehealth.com. We respond within 30 days. For information that MedMe processes on behalf of a pharmacy customer (for example, your patient health record at a MedMe-using pharmacy), please contact the pharmacy directly; we will assist them in responding to your request.

California residents (CCPA/CPRA): You have the right to know, delete, correct, opt out of "sale" or "sharing" of personal information, and limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising.

Residents of the European Economic Area, United Kingdom, or Switzerland (GDPR/UK GDPR): While we do not actively market to the EEA, where GDPR applies you have the rights described above. Our EU representative can be reached at gdpr@medmehealth.com.

Canadian residents (PIPEDA, PHIPA, FIPPA, PIPA, HIA, and equivalents): See our dedicated PIPEDA & Provincial Privacy page for full detail on Canadian privacy rights, complaint procedures, and provincial commissioner contact information.

6. Children's privacy

Our services are intended for licensed pharmacy professionals and pharmacy customers. We do not knowingly market to or collect information from individuals under 18. If a child under 13 (US) or under the age of digital consent in the user's jurisdiction provides us with personal information through our public website, we will delete it as soon as we become aware. Patient health information processed on behalf of pharmacy customers may, in the ordinary course, include information about minors who are receiving care; that processing is governed by HIPAA, PHIPA, and other applicable laws and by our agreement with the pharmacy.

7. Security

MedMe maintains a comprehensive information security program aligned with SOC 2 Type II and HITRUST CSF. Controls include encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access, multi-factor authentication, audit logging, intrusion detection, vulnerability management, secure software development practices, and continuous monitoring. See our Security page for full detail. No system is perfectly secure; we encourage you to use strong unique passwords and to enable MFA on your account.

8. International transfers

MedMe operates in both the United States and Canada. We host customer environments in the corresponding regional infrastructure (US: AWS us-east-1; Canada: AWS ca-central-1) and we do not move pharmacy or patient data across the border without express written instruction from the customer. Marketing-site data may be processed in either country. Where we transfer personal data internationally, we rely on appropriate safeguards including Standard Contractual Clauses where applicable.

9. Cookies

We use first-party cookies necessary for site operation (session management, security, load balancing) and a limited set of analytics and preference cookies. You can manage cookies through your browser settings. We honor "Global Privacy Control" signals where required by law. We do not use cookies to deliver targeted advertising on our marketing site.

10. Retention

We retain personal information only as long as needed to fulfill the purposes for which we collected it, comply with our legal and contractual obligations, and resolve disputes. Marketing inquiry data is retained for up to 24 months from last interaction. Pharmacist user account information is retained for the duration of your employer's contract with MedMe, plus a reasonable period to allow for transition or audit. Customer-specific retention requirements are governed by the customer agreement.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes that affect your rights, we will provide notice through the service or by email at least 30 days in advance.

12. Contact us

For questions, concerns, or to exercise your rights under this policy, contact our Privacy Office:

MedMe Health, Inc. β€” Privacy Office
Email: privacy@medmehealth.com
Mailing address: 100 King Street West, Suite 1300, Toronto, ON M5X 1A9, Canada
US correspondence: 200 State Street, Boston, MA 02109, United States