Label Icon

Privacy

Privacy Notice

Your information is protected, collected only when needed, and used to provide a secure and seamless experience.

Hero ShapeHero Shape

Important Notice Regarding Protected Health Information

XpediteMD, Inc. operates a cancer patient navigation platform and, in that capacity, functions as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) when handling Protected Health Information (PHI) on behalf of covered entity clients. PHI processed through our platform is governed by your healthcare provider's Notice of Privacy Practices and our Business Associate Agreements. This Privacy Notice applies to information collected through our website, marketing activities, and business operations.

1. Who We Are

XpediteMD, Inc. ("XpediteMD," "we," "us," or "our") is a digital health company headquartered in the United States. We develop and operate a technology platform that supports cancer patient navigation for oncology practices, health plans, and medical groups. Our mission is to eliminate preventable delays in cancer care by empowering care teams with coordinated navigation tools. For questions about this Privacy Notice, please contact us:

Company: XpediteMD, Inc.
Privacy Contact:  Data Privacy Officer
Email: privacy@xpeditemd.com
Website: https://xpeditemd.com
Mailing Address: 21171 S Western Ave, Suite 2704, Torrance, CA, 90501

2. Scope of This Notice

This Privacy Notice applies to personal information we collect about:

  • Visitors to our website at xpeditemd.com and associated subdomains;
  • Prospective and current clients (oncology practices, health plans, medical groups, and their personnel);
  • Individuals who contact us, request demonstrations, subscribe to communications, or participate in webinars; and
  • Users of our portal at portal.xpeditemd.com, including navigators and care team members.

** This Notice does not apply to Protected Health Information (PHI) about patients, which is governed by HIPAA and the applicable Business Associate Agreements and covered entity Notices of Privacy Practices.

3. Information We Collect

3.1 Information You Provide Directly

We collect personal information you voluntarily provide, including:

  • Contact details: name, job title, organization name, business email address, telephone number, and mailing address;
  • Account credentials: username and password for portal access;
  • Inquiry and correspondence content: information you include in demo requests, contact forms, survey responses, or direct communications with us;
  • Event registration data: information provided when registering for webinars or educational events; and
  • Payment information: billing contact details and payment card or ACH data processed through our PCI-DSS-compliant payment processor. We do not store full payment card numbers on our systems.
3.2 Information Collected Automatically

When you visit our website or use our platform, our service providers and we may automatically collect:

  • Log and usage data: IP address, browser type and version, operating system, referring URL, pages viewed, time and date of visit, and clickstream data;
  • Device identifiers: device type, hardware model, and unique device identifiers;
  • Cookie and tracking data: information collected through cookies, pixel tags, and similar technologies (see Section 7 below); and
  • Analytics data: aggregated behavioral and usage statistics.
3.3 Information from Third Parties

We may receive personal information about you from:

  • Your employer or the organization that engages XpediteMD services;
  • Professional networking platforms and publicly available business directories; and
  • Marketing and analytics partners who help us understand our audience.

4. How We Use Your Information

We use the  appropriate legal  information we collect for the following purposes, each supported by anappropriate legalbasis:

  • Service Delivery : Provisioning and operating the XpediteMD platform; managing user accounts; providing customer support. (Performance of contract)
  • Sales & Demo Activity: Responding to demo requests; conductingproduct demonstrations; onboarding new clients.(Legitimate interests / pre-contract steps)
  • Communications: Sending service-related notices, product updates, invoices, and technical alerts. (Contract /legitimate interests)
  • Marketing: Sending newsletters, webinar invitations, and educational content to users who have opted in. (Consent)
  • Product Improvement: Analyzing aggregated usage data to improve platform features, performance, and usability.(Legitimate interests)
  • Security & Fraud Prevention: Monitoring for unauthorized access, detecting security threats, and protecting our systems and users. (Legitimate interests / legal obligation)
  • Legal Compliance: Meeting our obligations under applicable law, including HIPAA, state privacy laws, and tax regulations. (Legal obligation)
  • Business Operations: Internal record keeping, accounting, audits, and corporate governance. (Legitimate interests)

5. Disclosure of Your Information

5.1 Service Providers

We share personal information with third-party vendors and service providers who perform services on our behalf, such as cloud hosting, payment processing, email delivery, customer relationship management, analytics, and cybersecurity. These parties are contractually required to protect your information and to use it only for the purposes we specify.

5.2 Business Associates

Where we act as a Business Associate handling PHI, we enter into HIPAA-compliant Business Associate Agreements with covered entity clients that govern the use and disclosure of PHI.PHI is never used for marketing or shared beyond what is permitted by HIPAA and those agreements.

5.3 Corporate Transactions

If XpediteMD is involved in a merger, acquisition, financing, or sale of all or a portion of its assets, personal information may be transferred as part of that transaction. We will notify affected individuals via email or a prominent website notice before personal information becomes subject to a materially different privacy policy.

5.4 Legal Requirements and Safety

We may disclose personal information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, or legal process; (b) respond to lawful requests from public authorities; (c) enforce our Terms of Use; or (d) protect the rights, property, or safety of XpediteMD, our clients, or others.

5.5 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Notice, unless a longer retention period is required by law. The factors we consider include:

  • The duration of our contractual relationship with you or your organization;
  • Legal and regulatory obligations, including HIPAA record retention requirements;
  • Applicable statutes of limitations for potential legal claims; and
  • Our legitimate business interests, such as maintaining security audit logs.

When personal information is no longer required, we securely delete or anonymize it in accordance with our data retention schedule.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to distinguish you from other visitors, improve your browsing experience, and analyze site usage. The categories of cookies we use are:

  • Strictly Necessary: Essential for the operation of our website and portal (e.g., session management, authentication).Cannot be disabled.
  • Performance / Analytics: Collect anonymous information about how visitors use our site to help us improve functionality and content. We use tools such as Google Analytics.
  • Functionality: Remember your preferences (e.g., language, login details) to provide a more personalized experience.
  • Marketing / Targeting: Used to deliver relevant advertising and track the effectiveness of marketing campaigns. Placed only with your consent.

You can manage your cookie preferences through your browser settings or our cookie consent tool. Disabling certain cookies may affect website functionality. For details on opting out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout.

We also use LinkedIn Insight Tags and similar business analytics pixels on our site. These technologies may be used to track conversions and deliver targeted advertising on third-party platforms. You may opt out through your LinkedIn privacy settings.

8. Data Security

XpediteMD implements a layered, risk-based security program consistent with industrystandards for healthcare technology, including:

  • Encryption of data in transit (TLS 1.3 or higher) and at rest (AES-256);
  • Role-based access controls and multi-factor authentication for platform access;
  • Regular vulnerability assessments, penetration testing, and security audits;
  • Employee security awareness training; and
  • Documented incident response procedures.

9. Your Privacy Rights

9.1 General Rights

Depending on your state of residence and the context in which your information was collected, you may have the right to:

  • Access: request a copy of the personal information we hold about you;
  • Correction: request correction of inaccurate or incomplete personal information;
  • Deletion: request that we delete your personal information, subject to certain exceptions;
  • Portability: receive a copy of your personal information in a structured, machine-readableformat;
  • Opt-Out of Marketing: unsubscribe from marketing emails at any time via the link in any emailor by contacting us;
  • Restriction: request that we restrict certain processing of your personal information; and
  • Non- Discrimination: exercise your privacy rights without discriminatory treatment.
9.2 California Residents — CCPA/CPRA

If you are a California resident, you have the following additional rights under the CaliforniaConsumer Privacy Act (as amended by the California Privacy Rights Act):

  • Right to Know: the categories of personal information collected, sources, business purposes, and third parties with whom it is shared;
  • Right to Delete: deletion of personal information we hold about you, subject to legal exceptions;
  • Right to Correct: correction of inaccurate personal information;
  • Right to Opt-Out of Sale/Sharing: we do not sell or share personal information for cross-context behavioral advertising;
  • Right to Limit Use of Sensitive Personal Information: to the extent we process sensitive personal information as defined by the CPRA; and
  • Right to Non-Discrimination: We will not discriminate against you for exercising CCPA/CPRA rights.

To submit a verifiable consumer request, contact us at privacy@xpeditemd.com or use the contact form at xpeditemd.com/contacts. We will respond within 45 days, with a possible extension where reasonably necessary.

9.3 Other State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws may have similar rights regarding access, correction, deletion, portability, and opt-out of targeted advertising or profiling. To exercise your rights, please contact us using the details in Section 1.

9.4 HIPAA Rights (Patients)

Patient rights with respect to PHI (such as the right to access, amend, or obtain an accounting of disclosures) are handled by your healthcare provider as the covered entity. Please contact your provider directly for such requests.

10. Children’s Privacy

Our website and platform are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. If you believe we have inadvertently collected such information, please contact us at privacy@xpeditemd.com.

11. Third-Party Links and Services

Our website may contain links to third-party websites or services, including LinkedIn, YouTube, and partner organizations. This Privacy Notice does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the privacy practices of third parties

12. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

  • Post the updated Notice on our website with a revised “Last Updated” date;
  • Notify registered users by email where required by applicable law; and
  • Provide prominent notice on our website for material changes.

Your continued use of our website or services after the effective date of any update constitutes your acknowledgment of the revised Notice. We encourage you to review this Notice periodically.

13. How to Contact Us

If you have questions, concerns, or requests regarding this Privacy Notice or our data practices, please contact our Privacy Officer:

Privacy Officer — XpediteMD, Inc.
Email: privacy@xpeditemd.com
Website Contact Form: https://xpeditemd.com/contacts
Mailing Address: 21171 S Western Ave, Suite 2704, Torrance, CA 90501

We aim to respond to all privacy inquiries within 10 business days.

© 2026 XpediteMD, Inc. All rights reserved. This Privacy Notice was prepared for U.S.-based operations only.

Request a Demo Today

And see the XpediteMD Cancer Patient Navigation
Platform in Action

Request a Demo
CTA ShapeCTA Shape
For Private PracticesFor Health PlansFor Medical Groups
AboutOur ContentContacts

Copyright © 2026 XpediteMD Inc. All Rights Reserved.

Terms of UsePrivacy Notice

Try Navigation Revenue Calculator

Estimate Navigation Revenue

See how much revenue / wRVU you can make a year from navigation activities with our simple Navigation Revenue Calculator.

Estimate My Revenue