Last Updated: July 5, 2026

Privacy Policy

IntelMedica LLC ("IntelMedica," "we," "us," or "our") operates rnscribe.com, the marketing website for RN Scribe, a research tool for nursing documentation. This Privacy Policy explains what information this website collects, how we use and protect it, and the privacy rights we honor for visitors around the world.

1. Who We Are (Data Controller)

The controller responsible for personal data collected through this website is:

2. Scope: This Website vs. the RN Scribe Application

This Privacy Policy covers the rnscribe.com marketing website only: our informational pages, contact and demo request forms, and newsletter. The RN Scribe application itself is provided to organizations under separate agreements, and where appropriate we execute Business Associate Agreements (BAAs) with qualified organizations for the product.

No PHI on this website. This website does not collect, and is not designed to receive, Protected Health Information (PHI) or any patient information. Please do not submit patient information, health conditions, or any other health data through our forms. IntelMedica is not a HIPAA covered entity, and this marketing site operates outside the scope of the HIPAA Privacy, Security, and Breach Notification Rules because it processes no PHI. We keep the website deliberately segregated from the product for this reason.

RN Scribe is for research purposes only. It is not a medical device and is not intended for clinical decision-making.

3. Information We Collect

3.1 Contact, Demo, and BAA Request Forms

When you submit a form on this website, we collect your name, email address, organization, role, subject, and message. Form submissions are delivered to us as email via Resend, our email delivery processor.

3.2 Newsletter

If you subscribe to our newsletter, we collect your email address. Subscriptions are managed on Listmonk, a newsletter platform we self-host at newsletter.intelmedica.ai, and require double opt-in: you must confirm via a verification email before being added to the list. Every email we send includes a working unsubscribe link and our postal address, consistent with the CAN-SPAM Act.

3.3 Analytics

We use Umami, a self-hosted, cookieless analytics platform (hosted at analytics.secsols.io on infrastructure we control), to collect aggregate, anonymized usage data: pages visited, referrer URLs, browser and device type, country, and session duration. Umami sets no cookies, performs no cross-site tracking, and the data it collects is not used to identify individual visitors.

3.4 Marketing Automation

We use Mautic, a self-hosted marketing automation platform (hosted at mautic.secsols.io), which can set a persistent cookie (mtc_id) to recognize returning visitors and, if you submit a form, associate your page visits with your email address. This tracking is subject to your choices in our cookie consent banner (see Section 6), and the data stays on infrastructure we control.

3.5 Bot Protection and Security (IP Addresses)

Our forms are protected by Cloudflare Turnstile, which may process your IP address and browser signals to distinguish humans from bots. Our website is hosted on Cloudflare, which processes technical data (IP address, request headers) to deliver the site and protect it from attacks. Our own rate limiting uses your IP address transiently, in memory only — it is not written to persistent storage.

3.6 What We Do NOT Collect

  • No PHI or patient information of any kind
  • No health information about you — we do not ask for, infer, or segment visitors by health status or condition
  • No precise geolocation, biometric, or financial data
  • No third-party advertising cookies or ad pixels

4. Purposes and Lawful Bases for Processing

Where the EU General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on the following lawful bases:

  • Responding to your inquiries (contact, demo, and BAA requests) — steps taken at your request prior to entering a contract (Art. 6(1)(b)) and our legitimate interest in responding to business inquiries (Art. 6(1)(f)).
  • Newsletter — your consent (Art. 6(1)(a)), given via double opt-in and withdrawable at any time through the unsubscribe link in every email.
  • Analytics and marketing measurement — our legitimate interest (Art. 6(1)(f)) in understanding aggregate site usage using privacy-preserving, self-hosted tools; cookie-based marketing tracking (Mautic) runs on consent.
  • Security (Turnstile, rate limiting, hosting logs) — our legitimate interest (Art. 6(1)(f)) in protecting the site from abuse.
  • Legal compliance — where processing is necessary to comply with a legal obligation (Art. 6(1)(c)).

5. Service Providers and Subprocessors

We use a small, deliberately short list of providers. We name them here so you always know where your data goes:

  • Resend (United States) — transactional email delivery for form submissions.
  • Cloudflare (United States, global network) — website hosting (Workers), content delivery, DDoS protection, and Turnstile bot protection.
  • Listmonk — newsletter platform, self-hosted on infrastructure we control (newsletter.intelmedica.ai).
  • Umami — analytics, self-hosted on infrastructure we control (analytics.secsols.io).
  • Mautic — marketing automation, self-hosted on infrastructure we control (mautic.secsols.io).

Data processed by our self-hosted services is not shared with third parties. Beyond the providers above, we disclose personal data only when required by law, court order, or governmental authority.

6. Cookies and Tracking Technologies

This website shows a cookie consent banner that lets you accept or decline non-essential cookies.

  • Umami analytics — cookieless; it sets no cookies and stores nothing on your device.
  • Mautic (mtc_id) — a non-essential marketing cookie, controlled through the consent banner and deletable at any time via your browser settings.
  • Cloudflare Turnstile — may set short-lived cookies strictly for bot-challenge verification (a security function); it does not track you across sites or collect data for advertising.

For visitors in the EU/EEA and UK, our use of these technologies is designed to align with the ePrivacy Directive 2002/58/EC and the UK Privacy and Electronic Communications Regulations 2003 (PECR): security functions run as strictly necessary, self-hosted non-profiling analytics is disclosed here, and marketing cookies are gated on your consent.

7. Data Retention

  • Form submissions — retained as long as needed to handle your inquiry and for reasonable business record-keeping, then deleted.
  • Newsletter email addresses — retained until you unsubscribe; unsubscribed addresses are removed from the active mailing list, and unsubscribe choices propagate to our marketing automation platform.
  • Analytics data — stored in aggregate, non-identifiable form.
  • Mautic visitor data — retained until you clear the cookie or request deletion.
  • Rate-limiting IP data — held transiently in memory only and never persisted.

8. How We Protect Your Data

We apply HIPAA-aligned safeguards across our infrastructure even though this website processes no PHI: TLS encryption in transit, access controls on all systems, self-hosting of analytics, newsletter, and marketing platforms on infrastructure we control, and data minimization by design — we collect only what a page or form actually needs. We describe our practices rather than claim certifications; no security measure is absolute, and we encourage you to report any concern to privacy@intelmedica.ai.

9. We Do Not Sell or Share Personal Data; Global Privacy Control

We do notsell your personal data, and we do not "share" it for cross-context behavioral advertising as those terms are defined under the California CCPA/CPRA. There are no third-party advertising trackers on this site; our analytics is first-party and self-hosted.

We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of sale/sharing and targeted advertising. Because we engage in neither, a GPC signal changes nothing about how we treat your data — but we recognize it, and this policy records that commitment.

10. Your Privacy Rights — United States

At the federal level, our practices and the promises in this policy are subject to Section 5 of the FTC Act (prohibiting unfair or deceptive practices), and our newsletter is governed by the CAN-SPAM Act. This website collects no health information, so the FTC Health Breach Notification Rule does not apply to it.

10.1 State Privacy Rights

Many US states have comprehensive privacy laws. Most set applicability thresholds (revenue or number of state residents) that a company of our size may not currently meet — but rather than parse thresholds per state, we extend the core rights to all US visitors: the right to know/access, correct, and delete the personal data we hold about you, the right to data portability, and the right to opt out of targeted advertising, sale, or profiling (we do none of these). To exercise any right, see Section 17. These state laws include:

10.2 Consumer Health Data (Washington, Nevada, Connecticut)

The Washington My Health My Data Act and Nevada's SB 370 regulate "consumer health data" regardless of company size, and Connecticut's law includes similar health-data provisions. Our position is simple: this website does not collect consumer health data. RN Scribe is a professional tool for nurses; visiting this site or subscribing to our newsletter reflects your occupation, not a health condition. We do not infer, derive, or segment visitors by health status, we run no third-party tracking pixels, and we do not geofence health facilities.

11. Your Privacy Rights — European Union / EEA

If you are in the EU/EEA, the GDPR gives you the following rights over personal data we hold about you, which we honor within one month of a verified request:

  • Access (Art. 15) — a copy of your personal data
  • Rectification (Art. 16) — correction of inaccurate data
  • Erasure (Art. 17) — deletion of your data
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Objection (Art. 21) — including to processing based on legitimate interests
  • Withdrawal of consent at any time (e.g., unsubscribe from the newsletter), without affecting prior processing

We make no solely-automated decisions with legal or similarly significant effects about website visitors. Our lawful bases are described in Section 4, and international transfers in Section 14. You also have the right to lodge a complaint with your local data protection supervisory authority.

12. Your Privacy Rights — United Kingdom

If you are in the UK, the UK GDPR and the Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025, give you rights equivalent to those in Section 11: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Our newsletter practices (consent-based signup with unsubscribe in every message) are designed to align with PECR.

Complaints: you may complain directly to us at privacy@intelmedica.ai — we acknowledge complaints within 30 days and respond without undue delay — or to the UK regulator, the Information Commissioner's Office (ICO).

13. Other Regions

We honor access, correction, and deletion requests from visitors everywhere, and our newsletter is double opt-in with a working unsubscribe worldwide. Region-specific notes:

13.1 Canada

Under PIPEDA and Quebec's Law 25, you may request access to and correction of your personal information. Please note your data is processed in the United States (see Section 14). Our double opt-in newsletter with unsubscribe in every message is designed to align with Canada's anti-spam law (CASL). Our accountable privacy contact is privacy@intelmedica.ai.

13.2 Brazil

If you are in Brazil, the LGPD provides rights of access, correction, deletion, portability, and information about sharing. Data you submit is transferred to and processed in the United States.

13.3 Australia

We handle personal information consistent with the transparency, access, and correction principles of the Privacy Act 1988 (Cth). Data is disclosed to service providers in the United States (Section 14). Marketing emails sent to Australia carry a functional unsubscribe, consistent with the Spam Act 2003.

13.4 Japan

If you are in Japan, the Act on the Protection of Personal Information (APPI) provides rights of disclosure, correction, and cessation of use. Please note: personal information you submit (such as a newsletter email address) is transferred to processors in the United States, a country without a Japanese adequacy decision; by submitting it you acknowledge that transfer.

13.5 India

We follow the consent-centric approach of India's Digital Personal Data Protection Act, 2023: our newsletter requires specific opt-in consent, withdrawal is as easy as clicking unsubscribe, and you may request access, correction, or erasure at any time.

13.6 South Korea

If you are in South Korea, the Personal Information Protection Act (PIPA) provides rights of access, correction, deletion, and suspension of processing. Subscribing to our newsletter constitutes your consent to the collection of your email address and its transfer to our processors in the United States.

13.7 Switzerland

For visitors in Switzerland, the revised Federal Act on Data Protection (revFADP) applies. Destination country for cross-border disclosure of your data: the United States, under the safeguards described in Section 14. You may request access to your data at any time.

14. International Data Transfers

This website is operated from the United States and served through Cloudflare's global network. Personal data you submit is processed in the United States by us and the providers named in Section 5. For transfers from the EU/EEA, UK, and Switzerland, we rely on the following safeguards, honestly stated: where a provider is certified under the EU-U.S. Data Privacy Framework (including its UK Extension and the Swiss-U.S. DPF), we rely on that certification; otherwise we rely on the European Commission's Standard Contractual Clauses (or the UK IDTA/Addendum) contained in each provider's data processing agreement. Our self-hosted services (Listmonk, Umami, Mautic) run on infrastructure we control, so no additional third-party transfer occurs for that data. Contact us for details of the mechanism applicable to a specific provider.

15. Children's Privacy

This website is a business site for healthcare professionals. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13 as defined by COPPA, nor from anyone under 18. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

16. Changes to This Policy

We may update this Privacy Policy as our practices or the law change — privacy law is evolving quickly, and we review this policy against current requirements. Material changes will be posted on this page with an updated "Last Updated" date. Your continued use of the website after changes are posted constitutes acceptance of the updated policy.

17. Contact Us and How to Exercise Your Rights

To exercise any right described in this policy (access, correction, deletion, portability, objection, consent withdrawal, or a privacy complaint), email privacy@intelmedica.ai from the address associated with your data, or provide enough information for us to verify your identity. We acknowledge requests within 30 days and respond without undue delay. If we decline a request, we will explain why, and you may appeal by replying to our response.