Introduction

Welcome to MEDWAY (“Company”, “MEDWAY”, “we”, “us” and/or “our”). This Site (medway.ai) is operated by MEDWAY and has been created to provide information about our company and our AI-powered healthcare solutions, mobile applications, and related services (together with the Site, the “Services”) to our Service visitors and users (“you”, “your”). This Privacy Policy sets forth MEDWAY’s policy with respect to information, including personally identifiable data (“Personal Data”) and other information that is collected from visitors to the Site and users of the Services.

We understand that as a user, you are concerned with your privacy and the privacy of your patients, and we take that seriously. This Privacy Policy describes MEDWAY’s policies and practices regarding its collection and use of personal data, and sets forth your privacy rights. Please read this carefully to understand our policies and practices regarding your information and how we will treat it. By using or registering with our Services, you agree to this Privacy Policy.

What This Policy Covers

This Privacy Policy covers our collection, use and disclosure of information about identifiable individuals and information which can be used to identify an individual (“Personal Data”). Personal Data does not include “aggregate” information, which we collect and analyze on an anonymized basis. Personal Data may be collected about our:

• Customers
• Prospective customers
• Visitors to the Website
• End users of the Services

The Services are intended for use by healthcare providers (“Customers”). Our Customers are responsible for maintaining their own privacy policies governing the collection, use and disclosure of Personal Data and for obtaining the necessary authorizations and consents before any Personal Data are made available to us for use in accordance with this Privacy Policy.

Information We Collect and Process

MEDWAY collects personal information about its website visitors and customers. This information includes:

Information

• Name
• Date of birth
• Patient information (Visit Notes, Lab Tests, Orders, Results, Medication, and everything in the doctor’s EMR/EHR)
• Information on appointments/encounters
• Home address
• Payment method
• Job title
• Employer name
• Work address
• Work email
• Work phone number

Website Usage Information

Like most websites, MEDWAY’s website collects certain information automatically and stores it in log files. The information may include:

• Internet protocol (IP) addresses
• Region or general location where your computer or device is accessing the internet
• Browser type
• Operating system
• Usage information about your use of MEDWAY’s website
• A history of the pages you view

We use this information to help improve our site and to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

Use of Your Personal Data

MEDWAY uses the Personal Data you provide in a manner that is consistent with this Privacy Policy. If you provide Personal Data for a certain reason, we will use the Personal Data in connection with the reason for which it was provided. Specifically, MEDWAY uses Personal Data to:

1. Authenticate access to the Account and provide access to the Services
2. Provide, operate, maintain and improve the Services
3. Send technical notices, updates, security alerts and support and administrative messages
4. Process and complete transactions, and send related information
5. Respond to comments, questions, and requests and provide customer service and support
6. Communicate with you about services, features, surveys, newsletters, offers, promotions and events
7. Investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities
8. Personalize and improve the Services
9. Monitor and analyze trends, usage, and activities in connection with the Services
10. For marketing or advertising purposes, with your consent

Sharing Information with Third Parties

The personal information MEDWAY collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval.

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services.

Currently, our third-party service providers include: Google, Apple, Microsoft, OpenAI. We may also disclose your personal information:

1. As required by law
2. When we believe in good faith that disclosure is necessary to protect our rights
3. To protect your safety or the safety of others
4. To investigate fraud
5. To respond to a government request

Data Protection and Security

The security of your Personal Information is important to us. We use appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing and against accidental loss, destruction or damage. When you enter sensitive information (such as credit card number) on our Services, our partner, Stripe, process that information using secure socket layer technology (SSL).

Despite our efforts, please be aware that no security measures are perfect or impenetrable. We cannot guarantee the security of your Personal Information transmitted to our Services. Any transmission of Personal Information is at your own risk.

Data Subject Rights

If you are a resident of the European Economic Area (EEA), you have the following data protection rights:

1. You may access, correct, update, or request deletion of your personal information
2. You can object to the processing of your personal information
3. You can request restriction of processing your personal information
4. You can request portability of your personal information
5. You have the right to opt-out of marketing communications
6. You can withdraw your consent at any time

Your California Privacy Rights

The California Consumer Privacy Act (“CCPA”) provides California residents with specific rights regarding their Personal Information:

1. Right to know what personal information is being collected about them
2. Right to know whether their personal information is sold or disclosed and to whom
3. Right to say no to the sale of personal information
4. Right to access their personal information
5. Right to equal service and price, even if they exercise their privacy rights

California residents may request and obtain from us, once a year, free of charge, a list of third parties, if any, to whom we disclosed their personal information for direct marketing purposes during the preceding calendar year and the categories of personal information shared with those third parties.

Children’s Privacy

MEDWAY and the MEDWAY Services are not directed to children under the age of 13 and do not intentionally collect any information from children under the age of 13. Please contact us if your child has provided Personal Information to us and we will delete the information.

Data Storage & Retention

Your personal data is stored by MEDWAY on its servers, and on the servers of the cloud-based database management services MEDWAY engages, located in the United States. We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).

Data subject to the Health Insurance Portability and Accountability Act (“HIPAA”) will be retained for a minimum of six (6) years from the date of its creation, or the date when it last was in effect, whichever is later.

AI Data Processing & Third-Party Disclosure

To provide clinical assistance and generate medical documentation, MEDWAY AI processes user-submitted data, including voice recordings, transcripts, and clinical notes.

1. Service Providers: We use Microsoft Azure OpenAI (USA) for automated transcription and clinical documentation analysis.
2. Data Protection Equivalency: In accordance with Apple Developer Program requirements, MEDWAY confirms that all third-party AI partners and service providers maintain data protection standards that provide the same or equal protection of user data as those described in this Privacy Policy.
3. User Consent: Users must explicitly consent to this data sharing within the application before AI features are enabled. Consent can be withdrawn at any time, which will disable the respective AI-assisted functionalities.

Changes to this Policy

MEDWAY reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any Personal Data. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

Contact Information

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at:

MEDWAY Email: zshah@medway.ai

Website: medway.ai

HIPAA Compliance

As a service provider to healthcare organizations, MEDWAY complies with the Health Insurance Portability and Accountability Act (HIPAA). When we receive Protected Health Information, we do so as a “Business Associate” of our healthcare provider customers under agreements that:

• Prohibit us from using or disclosing the Protected Health Information in ways that are not permissible by the healthcare provider itself
• Require us to implement specific measures to safeguard the confidentiality, integrity, and availability of the Protected Health Information
• Mandate specific requirements for breach notification and incident response
• Establish clear procedures for the return or destruction of Protected Health Information upon termination of services