Legal

Privacy Policy

Last updated: 2026-05-15.

MedCore Strategies (“MedCore,” “we,” “us,” or “our”) operates medcorestrategies.com (the “Site”) and provides B2B consulting services to healthcare organizations. This Privacy Policy explains what information we collect when you interact with the Site, how we use it, who we share it with, and the choices you have. It applies to information collected through this Site and through related business communications (email, scheduled calls, and intake forms).

Scope note. This Site is a marketing and lead-intake property for a consultancy. It is not a clinical service, patient portal, or covered-entity touchpoint under HIPAA. Please do not submit protected health information (PHI), patient records, or third-party clinical details through any form, email, or document upload on this Site. If you are an existing engagement client and need to exchange sensitive material, we will provide a separately governed channel under a Business Associate Agreement (BAA) where applicable.

Information We Collect

Information you provide directly. When you submit a contact form, request a strategy session, download a resource, or otherwise interact with us, we collect the information you choose to share, which typically includes:

  • First name and last name
  • Business email address
  • Phone number (optional)
  • Organization name and your role (where provided)
  • The content of your message, including any background you share about your project
  • Booking details if you reserve a call through our scheduling tool

Information collected automatically. When you visit the Site, our hosting and security providers may automatically collect certain technical information, including IP address, browser type and version, device type, operating system, referring URL, pages viewed, and approximate geographic location derived from IP. This information is used to serve the Site, prevent abuse, and understand aggregate traffic patterns.

Cookies and similar technologies. The Site uses a minimal set of cookies and equivalent storage mechanisms necessary to operate core functionality (for example, form anti-abuse challenges and session state). We do not currently load third-party advertising or cross-site tracking cookies. If we add analytics or marketing cookies in the future, we will update this policy and, where required by law, request your consent.

How We Use Information

  • Respond to inquiries and follow up on requests you initiate
  • Schedule, prepare for, and conduct strategy sessions and discovery calls
  • Send transactional communications (confirmations, scheduling, document exchange)
  • Send occasional educational content or service updates where you have opted in, with an unsubscribe option in every message
  • Operate, secure, and improve the Site, including preventing spam and abuse
  • Meet legal, regulatory, and recordkeeping obligations that apply to our consultancy

We do not sell your personal information, and we do not share it with third parties for their independent marketing purposes.

Legal Bases for Processing (EEA / UK Visitors)

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar requirements, we process your personal information under one or more of the following bases: (a) your consent, where you have provided it; (b) performance of a contract or pre-contract steps you have requested; (c) our legitimate interests in operating and growing a healthcare consultancy, balanced against your rights; and (d) compliance with legal obligations.

Sub-Processors and Service Providers

We use a small number of vetted service providers to operate the Site and deliver our services. Each is bound by its own privacy commitments and processes information only on our instructions or as required to provide the service:

  • Vercel — Site hosting, edge delivery, and access logs
  • Resend — Transactional email delivery for form submissions and replies
  • Cal.com — Scheduling for strategy sessions and discovery calls
  • Cloudflare — Bot protection (Turnstile) on forms and infrastructure-level abuse prevention
  • Google Workspace — Business email, document collaboration, and calendar

We may add or change sub-processors as our operations evolve. Material changes will be reflected in updates to this policy.

Disclosures Required by Law

We may disclose information if required to do so by law, subpoena, court order, or regulatory request, or where we have a good-faith belief that disclosure is necessary to protect our rights, the safety of any person, or the integrity of the Site. Where permitted, we will notify the individual whose information is requested before disclosing it.

Data Retention

We keep inquiry and lead information only as long as is reasonably necessary for the purpose it was collected for, typically:

  • Active inquiries: for the duration of the conversation plus up to 24 months
  • Client engagement records: for the life of the engagement plus the retention period required by applicable tax, professional, and contractual obligations
  • Technical and security logs: short retention (typically 30 to 90 days)

You may request earlier deletion as described below; we will honor such requests except where retention is required for legal, accounting, or dispute-resolution purposes.

Your Rights and Choices

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your information
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Receive a portable copy of information you provided
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, email hello@medcorestrategies.com with the subject line “Privacy Request.” We will respond within 30 days, or sooner where required by law. We may need to verify your identity before acting on a request.

California residents. The California Consumer Privacy Act (CCPA), as amended by the CPRA, provides specific rights including the right to know, to delete, to correct, and to opt out of certain disclosures. We do not sell or share personal information for cross-context behavioral advertising. To submit a request, use the contact method above.

International Data Transfers

We are based in North America, and our service providers may process information in the United States and other countries. If you access the Site from outside these regions, please be aware that your information may be transferred across borders. Where required by law, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) for such transfers.

Security

We use commercially reasonable administrative, technical, and organizational measures to protect the information we collect, including transport-layer encryption (HTTPS) across the Site, hardened hosting infrastructure, restricted access on a need-to-know basis, and vendor selection that emphasizes security maturity. No system is perfectly secure; if you have reason to believe your interaction with us is no longer secure, please contact us immediately.

Children’s Privacy

The Site is directed to professional audiences (clinic founders, executives, compliance officers, healthcare operators) and is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Third-Party Links

The Site may link to external resources, regulatory references, or partner properties (for example, products operated under separate domains). Once you leave medcorestrategies.com, this policy no longer applies. We encourage you to review the privacy practices of any third-party site you visit.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our service providers, or legal requirements. When we do, we will update the “Last updated” date at the top of this page. Material changes will be highlighted on the Site for a reasonable period after they take effect.

Contact

Questions about this Privacy Policy, our data practices, or a privacy request can be sent to hello@medcorestrategies.com. We aim to respond to legitimate inquiries within one business day.