MedHalo

Privacy Notice

Last updated: May 15, 2026

This notice explains what information MedHalo collects when you visit this marketing website, why we collect it, who we share it with, and the choices you have. It applies to medhalo.com and related subdomains operated by MedHalo (“MedHalo,” “we,” “us”).

It does not cover medication-administration or clinical data handled by the MedHalo product inside partner facilities. That data is governed by separate contracts (including HIPAA Business Associate Agreements where applicable) with each partner organization.

Information we collect

Information you give us

When you submit our contact form, we collect the name, email address, company or organization, phone number (if provided), the topics you indicate interest in, and any message you write. We use this to respond to your inquiry, evaluate pilot and partnership requests, and — only if you select “Subscribe to general updates” — to send you occasional product updates.

Usage analytics

We use Vercel Web Analytics to understand which pages are viewed and roughly where visitors come from. Vercel Web Analytics is cookieless and does not use cross-site identifiers or device fingerprinting. IP addresses are processed transiently to derive coarse location and are not stored alongside the analytics events.

Server logs and abuse prevention

Our hosting provider records standard request metadata (IP address, user agent, timestamp, path) for security, debugging, and rate limiting. We use Upstash Redis to enforce rate limits on sensitive endpoints such as the contact form and login. Logs are retained for a limited period and are not used for advertising.

Cookies

This site does not set cookies on visitors’ browsers for advertising, behavioral tracking, or third-party analytics. Because we rely on cookieless analytics and do not use any non-essential cookies, we do not display a cookie consent banner.

Service providers we share data with

  • Vercel — website hosting and cookieless web analytics.
  • Neon — managed PostgreSQL database that stores contact form submissions and authentication sessions.
  • Resend — sends transactional emails (such as notifications when you submit the contact form) and, if you opt in, manages the general-updates mailing list.
  • Upstash — provides Redis used for rate limiting.

These providers act as our processors. We do not sell personal information and we do not share it with advertisers or data brokers.

How long we keep information

  • Contact form submissions: retained for as long as needed to follow up on the inquiry and maintain a record of our business relationship.
  • Mailing list entries: until you unsubscribe.
  • Server logs: short rolling window for operational purposes.

Your choices and rights

Every marketing email includes an unsubscribe link. You can also email us at the address below to request access to, correction of, or deletion of personal information you’ve shared with us, or to object to specific processing. Depending on where you live (for example, the EU/UK under GDPR, or California under the CCPA/CPRA), you may have additional rights; we honor those rights regardless of your location to the extent practical.

Children

This site is intended for senior-living operators and partners. It is not directed to children, and we do not knowingly collect information from children under 13.

Changes to this notice

If we make material changes to how we handle personal information, we will update the “Last updated” date above and, where appropriate, provide a more prominent notice on the site.

Contact us

Questions about this notice or about how we handle your information? Reach us through the contact form.