Rotate your phone to portrait mode for the best Medefy experience possible.

Privacy Policy

Privacy Policy v.2021.001

Information Collection and Use

References in this document to “MEDEFY” refer to the owners of MEDEFY’S Licensed Products, their affiliates, officers, directors, employees, agents, and representatives (collectively, “MEDEFY”).

1) Information Gathered by MEDEFY

MEDEFY collects and uses information from our Users at several different points on our website and the Licensed Products and that information is subject to this Privacy Policy. While MEDEFY collects certain information on this site, including personally identifiable information to make the site and our services more secure, error-free, relevant and effective, we will not sell, share, or rent to others the information that we collect for our own use in a manner contrary to this Privacy Policy. Personally identifiable information means sensitive personal information of Users, including but not limited to social security numbers, account numbers, Protected Health Information within the meaning of 45 C.F.R. § 160.103 (“PHI”), financial data, date of birth, passwords, but excludes User names and email addresses and electronic communications between Users and MEDEFY.

MEDEFY receives PHI and other information protected from disclosure under applicable laws only upon receiving written assurances from MEDEFY’s Customers that such information is being provided to MEDEFY pursuant to a valid written authorization permitting the disclosure of such information to MEDEFY. As a recipient of such information, MEDEFY complies with all applicable Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules (as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”)) and applicable state laws. MEDEFY never discloses any PHI of any User to anyone in a manner that violates any applicable privacy rules of HIPAA as amended by HITECH. Any disclosures to a User’s Health Plan will be in strict compliance with the limitations imposed on disclosures of PHI to group health plans under the HIPAA privacy rule. MEDEFY may share certain de-identified information with customers or business partners, or with Users of our services, either in individual or aggregate form. Such information will not allow for the personal identification of any individual (i.e., it will be “patient de-identified”).The very nature of the services MEDEFY provides allows other organizations and individuals to use MEDEFY’s site to collect information (other than PHI), through one or more of MEDEFY’S Licensed Products. PHI within the meaning of 45 C.F.R. § 160.103 (“PHI”) and information that is otherwise protected from disclosure under applicable laws is never disclosed to outside parties, except as may be allowed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules (as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”)) and/or applicable state laws or pursuant to valid legal process such as a search warrant, subpoena or court order. However, other information provided to MEDEFY may be shared with other organizations and individuals in accordance with this Privacy Policy. Users must understand that MEDEFY controls only our own use of information that we collect; other entities who collect information through our Licensed Products may have their own different policies regarding the information they collect through our Licensed Products. Concerned Users should check with their organization to learn its privacy policy.

2) Access to Health Data
  • MEDEFY will not use any information gained from the use of the User’s personal health information for any advertising or similar services.
  • MEDEFY will not disclose any information gained from the use of the User’s personal health information to any third parties.
  • MEDEFY will not sell any information gained from the use of the User’s personal health information to any third parties, such as advertising platforms, data brokers, information resellers, or research institutions.
  • MEDEFY will not use any information gained from the use of the User’s personal health information for applications, services, or features designed to collect or combine user data for human subjects research, or any other similar research overseen by an Institutional Review Board or Ethics Committee unless prior written consent is given.
  • MEDEFY will not use any information gained from the use of the User’s personal health information for any purpose or in any manner involving Protected Health Information, as defined by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) unless prior written consent is given.
  • MEDEFY will only be allowed access to the User’s daily step count information once the User has given the app permission.
  • MEDEFY will only access the Users’ daily step count information for the purpose of calculating and determining if Users have met their goals.
  • Users may revoke MEDEFY’S permission to access their step count data at any time.
3) Collection Of Information By Third-Parties

Some of our site(s) and service(s) contain links to other sites whose information practices may be different than ours. Visitors should consult the other sites’ privacy policies as we have no control over information that is submitted to, or collected by, these third parties (see the section below entitled “Links”).

Although we take appropriate measures to safeguard against unauthorized disclosures of personally identifiable information, we cannot assure you that personally identifiable information that we collect will never be disclosed in a manner that is inconsistent with this privacy policy if you click on a link to an outside website to MEDEFY’s site.

Additionally, despite all of MEDEFY’s best efforts, there is always a risk that third parties may unlawfully intercept transmissions of information (see “Disclaimer” at the end of this Notice). This reality is true of all Internet use. As a result, we cannot 100% ensure the security of any information transmitted to MEDEFY via the Internet.

4) Information Gathered During Registration

In order to use MEDEFY’s website, Users may be asked to first complete a log-in registration form. During registration Users who register may be required to give their contact information (such as name, ID number, etc.). MEDEFY uses the information collected from Users during the registration process to provide secured access to the Licensed Product. Users may have their IP addresses (unique network identifying numbers) recorded in order to prevent fraud or misuse.

5) Log Files

We use IP addresses to analyze trends, administer the site, track Users’ movement, prevent unauthorized tampering with our services, and gather broad demographic information on aggregate usage patterns. IP addresses are not generally linked to personally identifiable information, although they may be recorded in transaction log files to aid in security auditing. Log files include IP address, domain name, pages visited, access times, browser type, referring pages, and other information that is contained within a normal web page request.

6) External Website Links from

MEDEFY’s web site contains links to other sites. Please be aware that MEDEFY is not responsible for the privacy practices of such other sites. We encourage Users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This Privacy Policy applies solely to information collected through MEDEFY’s own website,

7) Security

MEDEFY takes special care to protect Users’ information. When Users submit sensitive personally identifiable information via our website, this information is protected both online and off-line.

When our order form asks Users to enter sensitive information, that information is encrypted and is protected with the best encryption software in the industry – – currently, Secure Sockets Layer (SSL), authenticated with a digital certificate. Users will see an indication that the page the User is visiting is deemed secure when a lock-shaped icon appears on a secure page (such as our order form) at the bottom of popular Web browsers; this icon will appear “locked” (as opposed to an “unlocked” icon that appears when you access non-secure pages).

We compartmentalize and quarantine our employee data and billing data, and keep them separate from one another which thereby increases protection. Only employees who need the information to perform a specific authorized task (for example, billing or customer service) are granted access to personally-identifiable information. All employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and reminded of the importance that MEDEFY places on privacy, and what they can do to continue to ensure that our customers’ information remains protected. Finally, our servers (within which personally identifiable information, including PHI, is stored) are kept in a secure, monitored facility.

If a Customer or User has any questions about the security of our online services and our website, the Customer or User can contact tech support at

8) Site and Billing Announcements

We may also periodically send site and billing announcements to our Customers. Customers will be unable to un-subscribe from these announcements, as they contain important information concerning our service or the User’s account. We must be able to communicate with the User to provide requested services and in regards to issues relating to their account via e-mail or the web. These announcements will be limited in content to information concerning our services, or the User’s account, and they will not contain any promotional or marketing material.

9) Newsletter

Both current and prospective Users may sign up to receive our monthly newsletter. At the time at which Users subscribe for the service, and included in every month’s newsletter, is a link to an automated “unsubscribe” system. We will not sell or release our newsletter mailing list to any other party for any reason.

10) Correcting / Updating Personal Information

If a User’s personally-identifiable information changes (such as their zip code), or if a User no longer desires to use our service, we will utilize an updating system to incorporate and act upon the User’s personal data provided to us. This can be performed at our User Account editor page, or by notifying our customer support personnel at

11) Customers’ Data and E-mail Lists

In the course of providing services, MEDEFY may receive data from customers, or to be sent to its customers, including but not limited to questions, response data, and e-mail lists for invitations. MEDEFY will not use specific questions or e-mail addresses for purposes other than for providing service to the customer. Specifically, we do not use or sell e-mail addresses to which invitations have been sent using MEDEFY’s e-mail invitation system. Please note, however, that MEDEFY does use aggregate information regarding questions, responses, and e-mails to learn about and improve how our service works. For example, we may measure the response rates to e-mail invitations, or how the position of a question on a page affects its response rate, but we will not use specific questions, responses, or e-mail addresses without your permission.

12) Exceptions

Nothing in this Privacy Policy or the User Agreement may be construed as stopping or inhibiting MEDEFY’s cooperation with law enforcement, investigative agencies or court orders. Furthermore, nothing in this Privacy Policy shall restrain MEDEFY from investigating and prosecuting any Users of our site who attempt to defraud or damage us, or who violate our User Agreements. Therefore, MEDEFY may share otherwise protected data with law enforcement or investigative agencies, or as directed by court order. Also, when necessary to diagnose and repair technical problems, MEDEFY may examine or change any data, computer code, or other information. Such examinations and changes will be restricted to technical personnel with a need to know.

13) Notification of Changes

If we decide to change our Privacy Policy, we will post those changes on our site so that our Users are always aware of what information we collect, how we use it, and under what circumstances – if any – that we disclose it. If at any point we decide to use personally-identifiable information in a manner different from that stated at the time it was collected, we will notify Users pursuant to applicable regulations and HIPAA. Based upon information contained in this e-mail notice, Users will then have a choice to opt out of the changes, if they disagree with how we propose to use their information in this different manner. We will honor Users’ choices, and will agree to use Users’ personally identifiable information in accordance with the Privacy Policy under which the information was originally collected, at the User’s election.

14) Disclaimer

While MEDEFY agrees to maintain certain security measures to protect User information, MEDEFY cannot be responsible for the release of User information caused by hacking or another User’s tampering with the MEDEFY website. Users assume the risk that any information that they have submitted, however secure, may be illegally misappropriated by others. MEDEFY agrees to fully cooperate with law enforcement to protect and retrieve any information that may be illegally misappropriated by others.

15) Questions or Complaints

Any questions or complaints about MEDEFY’s use of information subject to this Privacy Policy, or about this Privacy Policy in general, should be directed to