Privacy Policy

Effective Date: January 1, 2026  ·  Last Updated: April 2026

Important Notice Regarding HIPAA & Data Visibility

MedexBand is a consumer wearable product and data storage service — not a healthcare provider, health insurance plan, or healthcare clearinghouse. As such, MedexBand is not subject to HIPAA and does not provide HIPAA-compliant data handling or Business Associate Agreements (BAAs).

You are in full control of what information is visible on your public emergency profile. Each field can be individually toggled on or off — only the information you choose to make visible will be shown to first responders, bystanders, or anyone else who scans your QR code or taps your NFC chip. We recommend only enabling fields you are comfortable sharing openly in an emergency situation.

MedexBand does not add, modify, or verify any health information on your profile. All data is voluntarily self-entered and your responsibility to keep accurate and up to date.

1. Information We Collect

We collect information you provide when creating or updating your MedexBand profile, including your name, emergency contacts, allergy information, medications, blood type, and any other medical notes you choose to enter.

We also collect standard account information (email address, billing information) and device/usage data such as IP addresses, browser type, and scan event logs when your QR code or NFC chip is accessed.

2. How We Use Your Information

Your profile data is used solely to display your emergency medical information to anyone who scans your QR code or taps your NFC chip. We do not sell your personal information to third parties.

We may use anonymized, aggregated data for internal product improvement and analytics. We use your email address to send transactional communications, including order confirmations, shipping updates, and important account notices.

3. Data Security

MedexBand implements industry-standard security measures to protect your data, including 256-bit AES encryption at rest and TLS 1.3 encryption in transit. These measures are designed to safeguard your information from unauthorized access at the infrastructure level.

However, by design, your MedexBand emergency profile is intended to be publicly accessible to anyone who scans your QR code or taps your NFC chip. No technical security measure can prevent a person with physical access to your band from viewing the information you have chosen to make visible. You are solely responsible for the content you elect to include on your profile, and we strongly encourage you to only enable fields you are comfortable sharing openly.

4. Data Retention & Deletion

Your profile data is retained for as long as your account remains active. You may request deletion of your profile and all associated data at any time by contacting us at support@medexband.com. All deletion requests are processed within 30 days of receipt.

Please note that scan-event logs — records of when your QR code or NFC chip is accessed — may be retained for up to 90 days for security auditing purposes before being permanently deleted.

5. Third-Party Services

MedexBand uses the following third-party service providers to operate our platform. Each provider has their own privacy policy and we encourage you to review them independently.

Supabase — secure database storage and backend infrastructure. Stripe — payment processing; your billing information is handled directly by Stripe and is never stored on our servers. Resend — transactional email delivery for order confirmations and account notices. Google Analytics — anonymous website usage analytics to help us improve our product.

We currently fulfill orders in-house. In the future, we may integrate a third-party fulfillment partner, at which point your name and shipping address may be shared solely for the purpose of delivering your order. This policy will be updated to reflect any such changes.

We do not share your medical profile data with any advertising networks, fulfillment services, or data brokers — ever.

6. Your Rights

You have the right to access, correct, export, or delete your personal data at any time. To exercise these rights, contact us at privacy@medexband.com.

Residents of California (CCPA), the European Economic Area (GDPR), and other jurisdictions with applicable data protection laws may have additional rights.

7. Contact

Questions about this policy? Email us at privacy@medexband.com or write to MedexBand, LLC, Hebron, CT 06248.