Privacy Policy

1. Who we are

getMRI is a direct-to-consumer scheduling and intake platform that lets patients in Florida book medical imaging scans (such as MRI) online. After you submit a booking request, a licensed telehealth physician independently reviews your intake and, when clinically appropriate, issues an imaging order. Your scan is then performed at a partner imaging facility (such as Advanced Medical Imaging in Seminole, Florida).

getMRI is operated from Florida. For privacy-related questions or requests, email privacy@getmri.com.

2. Information we collect

2.1 Information you provide

• Identity and contact information: full legal name, date of birth, phone number, email address, and (when applicable) mailing or service address.
• Health information / PHI: the scan type or body region you are requesting, chief complaint or symptoms, prior imaging or medical history you share, and answers you provide on intake or safety screening forms (for example, MRI safety screening).
• Insurance information: if you elect to use insurance, your insurer, member ID, group number, and similar coverage details.
• Payment information: if you pay cash, your card information is collected and processed directly by our payment processor, Stripe. We do not see or store your full card number, CVV, or full bank account number. If you choose Affirm, your information is collected by Affirm under its own terms and privacy policy.
• Communications: messages you send us by email, chat, or web form, and the contents of those messages.

2.2 Information collected automatically

• Device and log data: IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, and timestamps.
• Cookies and similar technologies: small data files placed on your device to keep you signed in, remember your booking selections, measure site performance, and prevent abuse. See Section 8 for details.

2.3 Information from third parties

• Partner imaging centers and the telehealth physician who reviews your request may share appointment, order, and result-related information with us so we can confirm and coordinate your scan.
• Stripe and other payment partners share transaction status (e.g., succeeded, declined, refunded) without sharing full card details.

3. How we use information

We use the information described above to:

• Provide the Services, including creating and managing your booking, transmitting your intake to the telehealth physician, and coordinating with the partner imaging center.
• Process payments, refunds, and financing applications.
• Send service communications — appointment confirmations, intake forms, safety questionnaires, reminders, receipts, and post-visit follow-ups — by email, SMS, or phone using providers like Microsoft 365.
• Respond to your questions and provide customer support.
• Secure the Services, monitor for fraud or abuse, and enforce our Terms of Service.
• Comply with legal, regulatory, accreditation, and audit obligations, including those under HIPAA, Florida law, and applicable medical record retention rules.
• Improve the Services in de-identified or aggregated form (data that no longer identifies any individual).

We do not use your PHI for advertising, do not sell your PHI, and do not sell your personal information in exchange for money or other valuable consideration.

4. How we share information

We share information only as described below.

• Telehealth physicians: the independent physician(s) who review your intake and issue your imaging order receive the information needed to make that clinical decision.
• Imaging centers: the partner imaging facility performing your scan receives the order, your identity and contact information, MRI safety screening, and any clinical detail necessary to perform and bill the study.
• Payment processors: Stripe (cash pay), Affirm (financing), and similar providers receive the transaction information required to authorize and settle your payment.
• Insurance carriers and clearinghouses: if you choose insurance, we and the imaging center may share information required for verification, authorization, and claims.
• Service providers: we use vetted vendors to host and operate the Services, including Vercel (hosting), Neon (database), and Microsoft 365 (email and calendaring). These vendors process information only on our instructions and under written contracts that include, where required, HIPAA Business Associate Agreements.
• Legal and safety: we may disclose information when required by law, court order, subpoena, or government request; to defend our legal rights; to investigate fraud or abuse; or to protect the safety of any person.
• Business transfers: if getMRI is involved in a merger, acquisition, financing, or sale of assets, information may be transferred to the successor, subject to this Policy.
• With your authorization: we will share information for any other purpose only with your written authorization, which you may revoke as described in Section 7.

5. HIPAA and our role

getMRI is not itself a treating provider. With respect to PHI, getMRI generally acts as a Business Associate of the telehealth physician and the imaging center, which are HIPAA-covered entities. To the extent any portion of our Services is itself a covered function, we operate as a hybrid entity and apply HIPAA safeguards to that portion. Our handling of PHI is described in detail in our HIPAA Notice of Privacy Practices.

6. Florida-specific notices

We comply with the Florida Information Protection Act of 2014 (FIPA), Fla. Stat. § 501.171. If we discover a breach of security involving unencrypted personal information of Florida residents that triggers FIPA, we will notify affected individuals and the Florida Department of Legal Affairs within the timeframes required by FIPA (generally within 30 days of discovery, unless a shorter timeline is required for medical information).

Florida residents also have rights to access medical records held by their treating providers under Fla. Stat. § 456.057. To exercise those rights with the imaging center, contact the imaging center directly. To request access to information getMRI holds about you, email privacy@getmri.com.

7. Your choices and rights

• Access and correction. You may request a copy of the personal information we hold about you, or ask us to correct information you believe is inaccurate.
• Deletion. You may ask us to delete information about you. We may need to retain certain information to comply with legal obligations (including medical record retention), resolve disputes, or enforce our agreements.
• Withdraw consent. You may withdraw any consent you previously gave, on a going-forward basis.
• Marketing communications. You can opt out of marketing emails using the unsubscribe link. Service communications (appointment confirmations, intake, safety, refunds) are not marketing and may continue.
• Do Not Track. Our Site does not respond to Do Not Track signals at this time, because there is no consistent industry standard for honoring them.

To exercise any of these rights, email privacy@getmri.com. We may need to verify your identity before fulfilling certain requests.

8. Cookies and analytics

We use a small number of essential cookies to keep the Site working (for example, to maintain your session and remember your booking selections), and limited analytics to understand how the Site is used so we can improve it. Where we use analytics that could view content of pages containing PHI, we configure them to avoid collecting PHI or use them only on pages that do not contain PHI. You can control cookies through your browser settings; disabling some cookies may impair Site functionality.

9. Data security

We use administrative, physical, and technical safeguards designed to protect information, including encryption in transit (TLS), encryption at rest where supported by our infrastructure providers, role-based access controls, audit logging, and least-privilege access for staff. No system can be guaranteed perfectly secure, and we cannot guarantee absolute security of your information.

10. Data retention

We retain booking, intake, and order information for as long as needed to provide the Services and to comply with legal, accounting, tax, and medical record retention requirements. Medical records held by the imaging center are retained for the period required by Florida law (generally at least five years from the last patient contact, and longer for minors and certain other situations). When information is no longer needed and no legal retention obligation applies, we delete or de-identify it.

11. Children

The Services are intended for adults aged 18 and older. We do not knowingly use the Services to collect personal information directly from children under 13. If you believe a child has provided us with information, contact privacy@getmri.com and we will delete it.

12. International users

The Services are intended for residents of the United States, and specifically for patients receiving care in Florida. If you access the Services from outside the United States, you understand and consent to your information being processed in the United States, which may have different data-protection laws than your country.

13. Third-party links

Our Site may link to third-party websites (for example, Stripe’s checkout or Affirm’s financing flow). Those sites have their own privacy policies and are not controlled by us. We encourage you to read them before submitting information.

14. Changes to this policy

We may update this Policy from time to time. If we make material changes, we will update the “Effective date” above and, when appropriate, provide additional notice (for example, an in-Site banner or an email to active users). Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

15. Contact us

Questions, requests, or complaints about this Policy or our handling of your information can be sent to:

getMRI — Privacy Office
Email: privacy@getmri.com