Privacy Policy

1. Introduction

4MEDNET ("we," "us," or "our") operates the website at 4mednet.com (the "Website"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our Website.

Effective Date: February 10, 2026

This policy applies only to information collected through our Website. It does not apply to information collected during the delivery of our managed IT, cybersecurity, HIPAA compliance, or other professional services, which are governed by separate service agreements.

We are based in Los Angeles, California, and serve healthcare practices across the United States. This policy is designed to comply with applicable federal and state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) and other state data privacy laws.

Important: This Website does not collect, store, process, or transmit protected health information (PHI) as defined under HIPAA. Our Website is an informational and lead-generation site only.

2. Information We Collect

2.1 Information You Provide

When you fill out a contact form, appointment request, or other inquiry form on our Website, you may provide:

• Name
• Email address
• Phone number
• Message or inquiry details

Please do not include protected health information (PHI), patient names, medical records, or other individually identifiable health information in any form submission. See Section 10 (Consumer Health Data) for more information.

2.2 Automatically Collected Information

We use privacy-focused analytics and performance monitoring tools to understand how visitors use our Website. These tools may automatically collect:

• Pages visited and navigation paths
• Browser type and version
• Device type and screen resolution
• General geographic location (city/region level)
• Page load performance metrics

Our web servers may also log your IP address, access times, and referring URLs as part of standard server operations.

2.3 Information from Third-Party Services

We use third-party service providers to operate our Website and business, including providers for website hosting, analytics, performance monitoring, CRM and lead management, and automated follow-up workflows. These providers may collect or receive your information in connection with the services they perform on our behalf.

Each provider processes information in accordance with their own privacy policies. We require all service providers to use your information only for the purposes we specify.

2.4 Cookies, Tracking Technologies, and Opt-Out Signals

Our Website uses essential cookies required for basic site functionality. Our analytics tools are privacy-focused and do not use cookies for tracking. We do not use advertising or third-party tracking cookies.

We use a customer relationship management (CRM) platform for form processing and automated lead management. Our CRM may set cookies for form tracking, session management, and workflow automation. We will update this section as additional tracking technologies are activated.

Global Privacy Control (GPC): We respect browser-based opt-out preference signals, including the Global Privacy Control (GPC). If our systems detect a GPC signal from your browser, we will treat it as a valid opt-out request for the sale or sharing of your personal information. Since we do not sell personal information, GPC signals primarily ensure that no future changes to our practices affect your preferences without your knowledge.

You can also control cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that disabling essential cookies may affect Website functionality.

3. How We Use Your Information

We use the information we collect to:

• Respond to your inquiries and requests
• Schedule consultations and appointments
• Manage leads and follow-up communications through our CRM platform
• Use automated tools, including AI-assisted workflows, for lead routing, follow-up scheduling, and inquiry categorization (see Section 9)
• Improve our Website content and user experience
• Analyze traffic patterns in aggregate to optimize performance
• Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: We share information with trusted service providers who assist us in operating our Website and business, including our hosting and analytics provider and our CRM platform (form processing and automated workflows). These providers are contractually bound to use your information only for the purposes we specify.
• Legal Requirements: We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: If 4MEDNET is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

We retain your personal information for defined periods based on the type of data and the purpose for which it was collected:

• Contact and appointment form submissions: Up to 2 years from the date of submission, or longer if an ongoing business relationship exists
• CRM records: Retained for the duration of any active business relationship, plus up to 2 years afterward
• Analytics data: Retained according to our analytics provider's data retention policies (typically 30 days for raw data)
• Server logs: Up to 90 days

You may request deletion of your personal information at any time by contacting us at info@4mednet.com. We will process deletion requests promptly, subject to any legal obligations requiring retention.

6. Data Security

We take reasonable measures to protect your personal information, including:

• HTTPS/TLS encryption for all data transmitted to and from our Website
• Hosting on SOC 2 Type II certified infrastructure
• Access controls limiting who can view submitted information

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Privacy Rights

7.1 All Users

Regardless of your location, you have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Opt out of marketing communications
• Opt out of automated decision-making (see Section 9)

To exercise any of these rights, contact us at info@4mednet.com.

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You can request information about what personal information we collect, use, disclose, and sell, including information about automated decision-making technology we use and its purpose.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. If our practices change, we will provide a "Do Not Sell or Share My Personal Information" link.
• Right to Opt-Out of Automated Decision-Making: You can request that we not use automated decision-making technology (ADMT) in ways that produce legal or similarly significant effects on you. See Section 9 for details on the automated tools we use.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA.

Categories of personal information we collect: Identifiers (name, email, phone number, IP address) and internet or electronic network activity information (browsing history, device information).

We will respond to verifiable consumer requests within 45 days. You may designate an authorized agent to submit requests on your behalf. We may need to verify your identity before processing your request.

7.3 Residents of Other U.S. States

If you reside in a state with a comprehensive data privacy law — including but not limited to Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia — you may have similar rights to access, correct, delete, and port your personal data, as well as the right to opt out of targeted advertising, data sales, and certain profiling activities.

Nebraska's Data Privacy Act applies to all businesses processing Nebraska residents' data regardless of business size or revenue. We honor data privacy rights requests from all U.S. residents to the extent required by their state's applicable law.

To exercise your rights under any state law, contact us at info@4mednet.com. We will respond within the timeframe required by your state's law (typically 45 days).

8. Children's Privacy

Our Website is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe a child has provided us with personal information, please contact us at info@4mednet.com.

9. Automated Decision-Making and AI

We use automated tools and AI-assisted technology in our business operations, including:

• Lead routing and prioritization: Automated workflows in our CRM may categorize and route inquiries based on the information you provide
• Follow-up scheduling: Automated sequences may schedule follow-up communications based on your inquiry type and engagement
• AI-assisted communication: We may use AI tools to draft or assist with responses to inquiries, always with human oversight
• Chatbots: If deployed, AI-powered chat tools will be clearly identified as automated at the point of interaction

These tools assist our team in responding to you efficiently. They do not make final decisions about whether to provide services — those decisions are always made by people.

Your rights regarding automated decision-making:

• You may request information about the automated tools we use and their purpose
• You may opt out of automated decision-making that produces legal or similarly significant effects
• You may request human review of any automated decision

To exercise these rights, contact us at info@4mednet.com.

10. Consumer Health Data

4MEDNET is a healthcare IT services company. While our Website and services are directed at healthcare providers, we do not intentionally collect consumer health data (as defined by laws such as Washington's My Health My Data Act or similar state health data privacy laws) through this Website.

Our contact and appointment forms are designed to collect business inquiries about IT services, not health information. However, we recognize that visitors may inadvertently include health-related details in free-text form fields.

Please do not submit any health information, patient data, or protected health information (PHI) through our Website forms. If you believe you have submitted health data through our Website, contact us at info@4mednet.com or call (844) 824-4444 so we can locate and delete the information promptly.

We do not sell, share, or use any incidentally collected health-related information for advertising, profiling, or any purpose other than responding to your specific inquiry.

11. Data Breach Notification

In the event of a data breach involving your personal information, we will notify affected individuals and relevant authorities as required by applicable federal and state law. Our notification process includes:

• Investigating the scope and nature of the breach promptly upon discovery
• Notifying affected individuals within the timeframes required by applicable state law (typically 30 to 60 days from discovery)
• Notifying the FTC for breaches involving health-related information affecting 500 or more individuals, as required by the FTC Health Breach Notification Rule
• Providing details about the breach, the types of information involved, and steps you can take to protect yourself

12. International Data Transfers

Our Website is hosted on infrastructure that may process and store data in the United States and other locations where our hosting provider operates servers and edge nodes. By providing your information through our Website, you acknowledge that your data may be transferred to and processed in the United States or other jurisdictions that may have different data protection laws than your country of residence.

We take steps to ensure that your information receives an adequate level of protection regardless of where it is processed, including contractual obligations with our service providers.

13. Third-Party Links

Our Website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We review this Privacy Policy at least annually and update it when our practices change or when new legal requirements take effect. Changes will be posted on this page with an updated effective date. For material changes, we will provide prominent notice on our Website. Your continued use of the Website after changes are posted constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

• Email: info@4mednet.com
• Phone: (844) 824-4444
• Location: Los Angeles, CA