Book a Demo

Privacy Policy

Last updated: March 4, 2026

Introduction

Mimic ("we," "our," or "us") operates the mimicmed.com website and provides AI-powered communication services for medical and dental practices. This Privacy Policy describes how we collect, use, and share information about you when you visit our website or use our services.

Information We Collect

Information you provide

  • Contact information: Name, email address, phone number, and practice name when you contact us or request a demo.
  • Account information: Information you provide when setting up your Mimic account, including practice details, staff information, and integration credentials.
  • Communications: Messages and correspondence you send to us.

Information collected automatically

  • Usage data: Pages visited, time spent on pages, and interactions with our website.
  • Device information: Browser type, operating system, and device identifiers.
  • Log data: IP address, access times, and referring URLs.

Protected Health Information (PHI)

When providing our services, we may process Protected Health Information (PHI) on behalf of our customers (medical and dental practices). This processing is governed by a Business Associate Agreement (BAA) between Mimic and the practice, in accordance with HIPAA regulations. We access PHI only on a minimum necessary basis as required to provide our services. We do not use PHI for any purpose other than providing services to the practice.

Call Recording

Our services may record phone calls for call logs, analytics, and quality assurance purposes. Clients are responsible for compliance with applicable call recording and consent laws in their jurisdiction.

How We Use Your Information

  • To provide and improve our services
  • To communicate with you about your account or our services
  • To process your requests and respond to inquiries
  • To comply with legal obligations
  • To protect our rights and prevent fraud

AI and Data Use Restrictions

We do not use Client Data to train artificial intelligence or machine learning models. This restriction is contractually binding and applies to all customer data, including call recordings, transcripts, and patient information.

We may collect de-identified, aggregated usage data (such as call volumes, feature usage, and performance metrics) for internal operations and service improvement. De-identification is performed in accordance with 45 C.F.R. § 164.514.

How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service providers: Third-party vendors that help us operate our services (hosting, analytics, communication infrastructure), bound by confidentiality agreements.
  • Legal requirements: When required by law, regulation, or legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

Data Security

We implement industry-standard security measures including encryption at rest (AES-256) and in transit (TLS 1.3), role-based access controls, and regular security audits. For more details, see our Security & Compliance page.

Cookies

Our website uses minimal cookies for basic site functionality. We do not use advertising cookies or third-party tracking. If this changes, we will update this policy and provide notice.

Children's Privacy

Our Services are not directed to individuals under 13. We do not knowingly collect personal information from children. If we learn we have collected such information, we will promptly delete it.

Breach Notification

In the event of a breach of unsecured Protected Health Information, we will notify affected customers within ten (10) calendar days of discovery, in accordance with our Business Associate Agreement and applicable HIPAA regulations.

Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy. When you close your account, we retain your data for sixty (60) days during which you may request a data export in a standard, machine-readable format at no additional cost. After the 60-day retention period, we securely delete your data, except where retention is required by law.

We maintain records of disclosures of Protected Health Information for a period of six (6) years, as required by HIPAA regulations.

Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Object to or restrict processing of your information
  • Request a copy of your information in a portable format
  • Request a data export in a standard, machine-readable format at no cost

To exercise these rights, contact us at privacy@mimicmed.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new "Last updated" date.

Governing Law

This Privacy Policy is governed by the laws of the State of Delaware, without regard to conflict of law principles.

Contact Us

If you have questions about this Privacy Policy, contact us at privacy@mimicmed.com.