Last updated: January 1, 2026
PrizMed Imaging, Inc. ("PrizMed", "we", "us") is committed to protecting the privacy and security of personal information and protected health information (PHI) processed through our medical imaging API platform.
We collect information that you provide directly to us, including: account registration information (name, email, organization), billing information, and technical data necessary for API operation (IP addresses, request logs, usage metrics).
Protected Health Information: PHI transmitted through our API is encrypted end-to-end using AES-256-GCM. Our zero-knowledge architecture means we cannot access decrypted PHI. We process PHI solely as a Business Associate under HIPAA and in accordance with executed Business Associate Agreements (BAAs).
We use collected information to: provide and maintain our API services, process billing, send service communications, improve our platform, and comply with legal obligations.
Account data is retained for the duration of your account plus 90 days. API request logs are retained for 365 days. PHI retention is governed by your BAA and applicable regulations. You may request deletion of your account data at any time.
PrizMed maintains a comprehensive HIPAA compliance program including: administrative safeguards (security officer, workforce training, access management), physical safeguards (facility access controls, workstation security), and technical safeguards (encryption, audit controls, integrity controls, transmission security).
We use a limited number of sub-processors for infrastructure services. All sub-processors are contractually bound to equivalent privacy and security obligations. A current list of sub-processors is available upon request.
For privacy inquiries: privacy@prizmed.com
For HIPAA-related matters: hipaa@prizmed.com
PrizMed Imaging, Inc., 200 Clarendon Street, 51st Floor, Boston, MA 02116