Privacy Policy

Last updated: March 3, 2026

Introduction

Mimic ("we," "our," or "us") operates the mimicmed.com website and provides AI-powered communication services for medical practices. This Privacy Policy describes how we collect, use, and share information about you when you visit our website or use our services.

Information We Collect

Information you provide

  • Contact information: Name, email address, phone number, and practice name when you contact us or request a demo.
  • Account information: Information you provide when setting up your Mimic account, including practice details, staff information, and integration credentials.
  • Communications: Messages and correspondence you send to us.

Information collected automatically

  • Usage data: Pages visited, time spent on pages, and interactions with our website.
  • Device information: Browser type, operating system, and device identifiers.
  • Log data: IP address, access times, and referring URLs.

Protected Health Information (PHI)

When providing our services, we may process Protected Health Information (PHI) on behalf of our customers (medical practices). This processing is governed by a Business Associate Agreement (BAA) between Mimic and the practice, in accordance with HIPAA regulations. We do not use PHI for any purpose other than providing services to the practice.

How We Use Your Information

  • To provide and improve our services
  • To communicate with you about your account or our services
  • To process your requests and respond to inquiries
  • To comply with legal obligations
  • To protect our rights and prevent fraud

How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service providers: Third-party vendors that help us operate our services (hosting, analytics, communication infrastructure), bound by confidentiality agreements.
  • Legal requirements: When required by law, regulation, or legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

Data Security

We implement industry-standard security measures including encryption at rest (AES-256) and in transit (TLS 1.3), role-based access controls, and regular security audits. For more details, see our Security & Compliance page.

Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy. When you close your account, we delete your data within 30 days, except where retention is required by law.

Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Object to or restrict processing of your information
  • Request a copy of your information in a portable format

To exercise these rights, contact us at privacy@mimicmed.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, contact us at privacy@mimicmed.com.