Back to Home

Privacy Policy

Last updated: February 24, 2026

1. Introduction

MRI Pass ("we," "us," or "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, store, and share your information when you use the MRI Pass platform ("Service").

2. Information We Collect

We collect the following types of information:

a. Personal Information

  • Full name, email address, phone number, and date of birth
  • Height and weight
  • Account credentials (password stored in encrypted form)

b. Health and Safety Information

  • Implant and medical device disclosures (type, manufacturer, model, serial number)
  • Safety screening responses (metal injuries, shrapnel, abandoned leads)
  • MRI safety clearance levels assigned by Patient Safety Officers
  • MRI scan conditions and notes

c. Usage Information

  • Login timestamps and IP addresses
  • Activity logs (registration, level assignments, scan completions)
  • Electronic signatures and consent records

3. How We Use Your Information

We use your information to:

  • Provide and operate the MRI safety screening Service
  • Enable Patient Safety Officers and technologists to review and verify your safety status
  • Generate your MRI Pass card with safety clearance details
  • Communicate with you about your account and screening status
  • Send SMS notifications to Patient Safety Officers regarding screening reviews
  • Maintain audit trails and activity logs for compliance purposes
  • Improve and maintain the Service

4. How We Share Your Information

We share your information only as follows:

  • Healthcare Facilities: Your screening data is accessible to authorized personnel (technologists, PSOs, and leadership) at the healthcare facility you registered with.
  • Service Providers: We use Amazon Web Services (AWS) for hosting, database storage, and SMS notification delivery. These providers are bound by their own privacy and security obligations.
  • Legal Requirements: We may disclose information if required by law, legal process, or government request.

We do not sell, rent, or trade your personal or health information to third parties for marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encrypted database connections
  • Secure password hashing (bcrypt)
  • HTTP-only, secure authentication cookies
  • Role-based access controls for facility staff
  • Rate limiting on authentication endpoints

While we take reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal and health information for as long as your account is active or as needed to provide the Service. Screening records and safety clearance data may be retained for the duration required by applicable healthcare regulations and facility policies. You may request deletion of your account by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Withdraw consent for data processing

To exercise any of these rights, please contact us using the information provided below.

8. HIPAA Compliance

MRI Pass is designed to support HIPAA-compliant workflows. Protected Health Information (PHI) is handled in accordance with applicable requirements. Healthcare facilities using MRI Pass are responsible for ensuring their use of the platform complies with their own HIPAA obligations, including executing any necessary Business Associate Agreements (BAAs).

9. Cookies and Authentication

We use a single HTTP-only authentication cookie to maintain your login session. We do not use tracking cookies, advertising cookies, or third-party analytics. No data is shared with advertising networks.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through the contact form on our website or email us at support@mri-pass.com.