Privacy Policy

Last Updated: October 2025

MANA LLC ("we," "our," or "us") is committed to protecting the privacy of healthcare providers and their patients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare software solutions, including PACS, DICOM, RIS, HIS, and WhatsApp integration services.

Important Notice: As a healthcare software provider, we comply with HIPAA, GDPR, and other healthcare data protection regulations. We never sell patient data to third parties. Our WhatsApp integration requires explicit patient consent for all communications.

1. Information We Collect

1.1 Healthcare Provider Information:

  • Business name, address, and contact details
  • Healthcare facility licenses, certifications, and NPI numbers
  • Administrator and staff contact information
  • Billing and payment information
  • Technical support and service request details

1.2 Patient Data (Processed on behalf of healthcare providers):

  • Protected Health Information (PHI) as defined by HIPAA
  • Medical records, test results, imaging data (DICOM files)
  • Patient demographics and contact information
  • Appointment schedules, treatment records, and medical history
  • Consent records for communications and data processing

1.3 Technical Information:

  • IP addresses, device information, and browser type
  • Usage data, system logs, and error reports
  • Integration data with medical devices and equipment
  • API usage statistics and performance metrics

2. How We Use Your Information

  • To provide, maintain, and improve our healthcare software services
  • To send medical notifications, test results, and appointment reminders via WhatsApp (with explicit patient consent)
  • To ensure compliance with HIPAA, GDPR, and other healthcare regulations
  • To provide technical support, troubleshooting, and system updates
  • To process payments, manage subscriptions, and send invoices
  • To monitor system performance, security, and reliability
  • To develop new features and enhance existing services

WhatsApp Business API Usage

We use WhatsApp Business API exclusively for healthcare communication purposes:

  • Medical Reports: Sending test results, diagnostic reports, and imaging findings
  • Appointment Management: Reminders, confirmations, and scheduling notifications
  • Patient Follow-up: Post-treatment care instructions and follow-up messages
  • Healthcare Facility Updates: Service announcements and policy changes

Consent Requirement: We only send WhatsApp messages to patients who have provided explicit, documented consent to receive medical communications via WhatsApp. Each message includes opt-out instructions.

3. Data Protection & Security Measures

  • End-to-End Encryption: All medical data is encrypted in transit and at rest using AES-256 encryption
  • HIPAA Compliance: Our infrastructure, policies, and procedures comply with HIPAA Security and Privacy Rules
  • Access Controls: Role-based access, multi-factor authentication, and audit trails
  • Regular Audits: Security assessments, vulnerability scanning, and penetration testing
  • Data Backup: Regular backups with geographically redundant storage
  • Incident Response: Documented procedures for data breach notification and response

4. Third-Party Disclosures

We do not sell, trade, or rent patient data to third parties. We may share information with:

  • Meta (WhatsApp): For message delivery (messages are end-to-end encrypted)
  • Payment Processors: For billing and subscription management
  • Subprocessors: Who comply with our data protection agreements and HIPAA requirements
  • Legal Authorities: When required by law, court order, or government regulation
  • Healthcare Providers: The covered entities who own the patient data

5. Data Retention Policy

We retain healthcare data according to:

  • HIPAA Requirements: Minimum 6 years for relevant records
  • Healthcare Provider Instructions: As specified in our service agreements
  • Legal Requirements: State and federal regulations for medical records
  • Business Needs: For service delivery and support purposes

Upon termination of service, we securely delete or return all patient data according to the healthcare provider's instructions and regulatory requirements.

6. Your Rights

  • Right to Access: Request access to your personal information
  • Right to Correction: Request correction of inaccurate or incomplete data
  • Right to Deletion: Request deletion of data (where permitted by law)
  • Right to Restriction: Request restriction of data processing
  • Right to Object: Object to certain types of data processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Withdraw Consent: Withdraw consent for communications at any time

7. Business Associate Agreement (BAA)

As a healthcare software provider, we sign Business Associate Agreements with covered entities as required by HIPAA. Our BAA outlines our responsibilities for protecting Protected Health Information (PHI) and complying with HIPAA regulations.

8. International Data Transfers

For healthcare providers outside the United States, we ensure appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) and compliance with local data protection laws.

9. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify healthcare providers of significant changes via email or through our software platform at least 30 days before changes take effect.

11. Contact Us

For privacy-related questions, to exercise your rights, or to request a copy of our Business Associate Agreement:

MANA LLC Data Protection Officer
Email: info@mana-co.com
Phone: +2 (015) 050 90440
Address: 1942 Broadway St. STE 314C Boulder CO 80302 US

We respond to all legitimate requests within 30 days. For urgent matters regarding patient data or security incidents, please contact our security team at info@mana-co.com.

Back to Home