PixaMed Privacy Policy
Last updated: June 18, 2026
Pixameter Corp. ("Pixameter," "PixaMed," "we," "us") operates software platforms, web applications, and mobile applications for clinical documentation, analysis, and care coordination (collectively, the "Services"). This Privacy Policy explains how we collect, use, store, share, and protect information across the Services.
The Services are intended for use only by licensed healthcare professionals and the organizations that authorize them. They are not offered to the general public or for individual consumer self-registration. Much of the information processed through the Services is Protected Health Information ("PHI") and is handled in accordance with the Health Insurance Portability and Accountability Act ("HIPAA").
Information We Collect
- Account information: name, email address, organizational affiliation, role, and login credentials.
- Clinical data (PHI): patient identifiers, images, measurements, classifications, treatments, observations, referrals, and other records, as entered or generated by authorized users in the course of care.
- Authentication data: login credentials, session tokens, and two-factor authentication codes where enabled.
- Technical and diagnostic data: limited information needed to operate, secure, troubleshoot, and improve the Services, such as device, log, and error information.
Images captured through our mobile applications are obtained only through the device camera and are not written to or read from the device photo library.
We do not collect location data, do not access the microphone, and do not use third-party advertising networks or cross-app or cross-site tracking. Where biometric authentication (such as Face ID) is enabled on a mobile device, it is processed entirely on-device by the operating system; we do not receive or store biometric data.
How We Use Information
We use information solely to provide and operate the Services, including to authenticate users; to capture, measure, classify, store, and report clinical documentation; to coordinate care and referrals; to scope data to the correct organization and facility; to synchronize data captured offline; and to maintain, secure, support, and improve the Services. We do not use information for advertising, behavioral profiling, or sale.
How We Store and Protect Information
Data is stored on Pixameter's infrastructure hosted on Amazon Web Services ("AWS") under a HIPAA Business Associate Agreement. Protections include encryption in transit; client-side AES encryption of data stored locally on a device while offline; application-level authentication (password, optional two-factor, and optional biometric unlock); automatic locking when an application is sent to the background; and role- and organization-based access scoping. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
How We Share Information
We do not sell information or share it with third parties for their own marketing purposes. We share information only:
- with the healthcare organization that provisioned the account and owns the data;
- with service providers that process data on our behalf under appropriate contractual and, where applicable, HIPAA Business Associate obligations;
- through optional integrations (such as electronic medical record systems) that an organization configures at its direction; and
- where required by law, or to protect the rights, safety, or security of patients, users, or the public.
HIPAA Roles
Where the Services are used by a healthcare organization, that organization is generally the HIPAA "Covered Entity" and Pixameter acts as a "Business Associate." Pixameter's handling of PHI is governed by the Business Associate Agreement between Pixameter and the organization, which controls in the event of any conflict with this Policy. Patients should direct questions about their health information to their healthcare provider.
Data Retention and Deletion
We retain information for as long as necessary to provide the Services. Retention and deletion of clinical records are governed by the Business Associate Agreement between Pixameter and each customer organization. Because accounts and records are managed by the provisioning organization, requests to access, correct, or delete information should be directed to that organization or to us at the contact below, and we will respond in coordination with the organization.
Children
The Services are professional tools not directed to children, and we do not knowingly collect personal information directly from children through them. Patient records documented by clinicians may relate to patients of any age, including minors; such records are PHI handled as described above.
Jurisdiction and Your Rights
The Services are intended for use in the United States only. Depending on your jurisdiction and the nature of the data, you or the relevant organization may have rights to access, correct, or delete certain information. Because the data is generally held on behalf of healthcare organizations, such requests should be directed to the provisioning organization or to us at the contact below, and we will respond in coordination with that organization and as required by applicable law.
Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the "Last updated" date and, where appropriate, notify the organizations using the Services. Continued use after an update constitutes acceptance.
Contact
Pixameter Corp. PO Box 10744, Portland, OR 97296
