Last updated: September 12, 2025
Privacy Policy
Plexa Health (“Plexa”, “we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information when you visit our website, use our API, or interact with us.
By using Plexa’s services, you agree to the practices described in this policy.
Information We Collect
1.1 Information You Provide Directly
We may collect the following information:
Contact information (name, email, phone)
Company or organization details
Messages or inquiries sent through our contact form
Account information if you sign up for API access
1.2 Information from Integrations and API Use
If you use the Plexa API, we may collect:
Integration metadata
API request logs
System configuration details
Consent status associated with patient authorization
Important:
Plexa does not store or retain patient health data unless explicitly required for technical processing approved by the user or partner. We are not an EMR or data warehouse.
2. How We Use Information
We use collected information to:
Operate and improve our website and platform
Respond to inquiries and support requests
Facilitate API onboarding and integrations
Monitor system performance and security
Communicate updates or important service notices
Ensure compliance with legal and regulatory requirements
We do not sell your personal information.
3. How We Handle Health Data
Plexa acts as a secure data routing layer, not a long-term data storage platform.
Health data processed through our API is:
Processed only with patient authorization
Transmitted securely and encrypted
Used solely for the purpose requested by the healthcare provider or application
Never sold, shared, or retained beyond what is necessary for technical functionality
We follow HIPAA-aligned, NDPR and GDPR-inspired practices for security, consent, and access control.
4. Legal Bases for Processing (If Applicable)
For regions that require it, we process personal data under:
Consent
Legitimate interest (service improvement, security)
Contractual necessity (API use)
Compliance with legal obligations
5. How We Protect Your Information
We use industry-standard technical and organizational measures, including:
Encryption in transit and at rest
Access control and authentication
API key security
Logging and monitoring
Regular audits of systems and infrastructure
Secure data centers and cloud providers
While no system is completely secure, we take appropriate and ongoing steps to protect your data.
6. Sharing of Information
We may share information with:
Service providers and vendors that support our platform
Healthcare partners or EMRs when required for an authorized integration
Regulators or authorities when legally required
Internal team members with appropriate access rights
We do not sell personal information.
7. Cookies & Tracking Technologies
We may use cookies to:
Improve site performance
Understand visitor behavior
Support login and API dashboard features
You can disable cookies through your browser settings.
8. Data Retention
We retain personal information only as long as necessary for:
Providing our services
Technical and security needs
Legal and regulatory requirements
API logs may be retained for a limited time for troubleshooting and compliance.
9. Your Rights
Depending on your location, you may have the right to:
Access your personal information
Correct inaccurate data
Request deletion
Object to certain uses
Withdraw consent
Request export of your data
To exercise these rights, contact us at privacy@plexahealth.com
10. Third-Party Links
Our website may link to third-party services.
We are not responsible for their content or privacy practices.
11. Children’s Privacy
Plexa does not knowingly collect personal information from individuals under 16.
12. Changes to This Policy
We may update this Privacy Policy from time to time.
We will post revisions on this page with an updated date.
13. Contact Us
For any questions, contact: privacy@plexahealth.com