Privacy Policy

Last updated: May 27, 2025This Privacy Policy ("Policy") explains how MD Market Labs, LLC ("MDML," "we," "our," or "us") collects, uses, discloses, and safeguards personal information when we provide digital marketing, CRM, and automation services to healthcare practices (our "Clients") and when individuals ("Users") visit https://mdmarketlabs.com or any website that links to this Policy (collectively, the "Sites").Key Context — MDML is a marketing agency. We are a business-to-business service provider to healthcare practices and act as a “processor” / “service provider” for any patient information that Clients upload or generate through our platform.

Quick Read: Summary of Key Points

TopicHighlightsData We ProcessPractice-level contact data (name, role, email, phone), lead-generation details (prospective patient name, contact info, requested service), usage and device data, cookies.Sensitive DataWe do not actively collect special-category data via the public Sites. Any Protected Health Information ("PHI") entered into our platform is handled solely as a HIPAA Business Associate on behalf of the Client.SourcesInformation is provided directly by Clients, website visitors, or generated by cookies/analytics. We do not purchase lists from data brokers.PurposeDeliver and optimize ad campaigns, route and follow up with leads, provide CRM dashboards, improve our Sites, comply with law, and secure our services.SharingLimited to vetted service providers (cloud hosting, SMS carriers, analytics) and legal disclosures. No selling or leasing of mobile numbers or personal data.SecurityTLS 1.2+, encryption at rest, role-based access, MFA, annual penetration tests.Your RightsDepending on your U.S. state, you may access, correct, delete, or restrict certain data and opt out of marketing communications.SMS ProgramConsent required; reply HELP for help, STOP to cancel; message & data rates may apply; carriers not liable for delays.RetentionKept only as long as necessary for contractual, legal, or accounting purposes, then securely destroyed or anonymized.

1. Information We Collect

1.1 Information You Provide to Us

CategoryExamplesIdentifiersName, job title, practice name, postal address, email, phone number, digital signature, consent timestamp.Lead-Generation DataProspective patient name, phone, email, requested treatment (e.g., Invisalign®), ad source, appointment date/time (if scheduled).Marketing PreferencesOpt-in status, communication channels, SMS keyword responses (HELP/STOP).Payment / BillingBusiness billing address, payment card details (processed via PCI-compliant vendor; MDML never stores full card numbers).Accuracy — Clients are responsible for ensuring that all information they submit is current and correct.

1.2 Information Collected Automatically

Device & Usage Data — IP address, browser type, operating system, referring URL, pages viewed, time spent.Location Data — Coarse geolocation inferred from IP address (we do not collect GPS-level data).Cookies / Web Beacons — See Section 5 for details.

1.3 Information We Process on Clients’ Behalf

Clients may upload or generate Lead/Patient data (which can include PHI). MDML acts solely as a Business Associate under HIPAA and processes such data according to our Business Associate Agreement ("BAA") with each Client.

2. How We Use Your Information

PurposeLegal Basis*Provide and maintain the MDML platform, CRM, and marketing servicesContract — necessary to perform our agreement with the Client.Run and optimize ad campaigns, A/B tests, analyticsLegitimate Interest in improving service efficacy.Send transactional messages (lead notifications, system alerts)Contract.Send marketing communications to practice personnelConsent or Legitimate Interest (opt-out available).Process payments and manage invoicesContract / Legal Obligation.Prevent fraud and secure the platformLegitimate Interest.Comply with HIPAA, TCPA, CAN-SPAM, and other lawsLegal Obligation.*Additional state-specific legal bases appear in Section 10.

3. How We Share Information

Service Providers. Cloud hosting (AWS), CRM infrastructure, SMS and email gateways, analytics providers, and payment processors—all bound by written contracts and, where applicable, BAAs.Business Transfers. In connection with a merger, acquisition, or asset sale, provided the recipient honors this Policy.Legal Compliance. To regulators, courts, or law enforcement when required by law or to defend our legal rights.

We do not sell, rent, or lease personal information for third-party marketing.

4. Cookies & Similar Technologies

We use:

Strictly Necessary Cookies — session management, security.Analytics Cookies — Google Analytics (opt-out tool: https://tools.google.com/dlpage/gaoptout).Advertising Pixels — Meta, Google Ads, and LinkedIn for remarketing (disabled unless you accept cookies via the banner).

Browser settings allow you to block cookies, but some features may become unavailable.

5. Data Retention

Client Account Data — retained for the duration of the contract + 6 years for accounting records.Lead/Patient Data — retained per Client instructions or as required by HIPAA/state medical-record laws.SMS Consent Logs — 4 years (TCPA safe harbor).Web Analytics — 26 months, then aggregated/anonymized.

When retention periods expire, we securely delete or anonymize information.

6. Security

HTTPS with TLS 1.2+ in transit; AES-256 at rest.SOC-2-compliant, HIPAA-ready hosting.Role-based access controls; multi-factor authentication for all staff.Annual third-party penetration testing.Incident-response plan and breach notifications per HIPAA & state law.

7. Children’s Privacy

Our Sites and Services are not directed to minors under 18. We do not knowingly collect personal information from children. Parents may contact us to request deletion.

8. Your Privacy Rights

Depending on where you live, you may:

Access the personal information we hold about you.Correct inaccuracies.Delete certain data (subject to legal retention obligations).Opt Out of marketing emails/SMS at any time.Opt Out of targeted advertising or “sale”/“sharing” (MDML does not sell personal data).

Exercising Rights

Email [email protected] or call 949-596-3946. We will verify your identity and respond within the timeframe required by law.

9. Do-Not-Track & Global Privacy Control

We do not currently respond to browser DNT signals. We honor the Global Privacy Control (GPC) signal for applicable requests.

10. State-Specific Disclosures (U.S.)

Residents of CA, CO, CT, FL, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, and VA have additional rights to know, delete, correct, or opt out of targeted advertising. You may appeal a denied request via the contact methods above. California residents may also request a list of third parties to whom we disclosed personal information for direct-marketing purposes (we disclose none).

11. Changes to This Policy

We may update this Policy from time to time. The “Last updated” date reflects the latest revision. Material changes will be announced via email or a notice on the Sites.

12. Contact Us

MD Market Labs, LLC

417 Baywood Drive, Newport Beach, CA 92660

Email: [email protected]

Phone: (888) 344-8709

13. SMS Program Disclosure (CTIA/TCPA)

By providing a mobile number and opting in, practice personnel and prospective patients consent to receive automated text messages from MDML on behalf of the Client practice for lead follow-up, appointment scheduling, and promotional offers. Message frequency varies. Msg & Data rates may apply. Reply HELP for help, STOP to cancel. Consent is not a condition of purchase or treatment. Carriers are not liable for delayed or undelivered messages.

By using MD Market Labs’ Sites or Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.