Draft Notice: This privacy policy is a rough draft and has not been reviewed by legal counsel. It will be updated before formal launch.

Privacy Policy

Last updated: April 3, 2026

Stat Imaging ("we," "our," or "us") operates the website at getstatimaging.com (the "Service"). This Privacy Policy describes how we collect, use, and share information when you use our Service.

1. Information We Collect

Information You Provide

  • Account information: Email address, password, user type (provider or facility) when you register.
  • Provider profile data: Company name, contact information, services offered, coverage areas, credentials, equipment details, and other business information submitted through your profile.
  • Facility information: Facility name, type, contact details, and service request details.
  • Communications: Messages sent through contact forms, email, or service requests.
  • Newsletter: Email address and subscriber type when you sign up for our newsletter.

Information Collected Automatically

  • Usage data: Pages visited, features used, search queries, and interactions with the Service.
  • Device information: Browser type, operating system, device type, screen resolution.
  • Location data: Approximate location based on IP address. Precise location only when you use the "Near Me" feature and grant permission.
  • Analytics data: We use Google Analytics 4 and Vercel Analytics to collect anonymized usage data including page views, session duration, and user engagement metrics.

Information from Third Parties

  • NPI Registry: Provider information sourced from the CMS National Provider Identifier registry (public data).
  • Google Places: Business ratings, review counts, and address data from Google's public APIs.

2. How We Use Information

  • Operate and improve the Service
  • Display provider profiles in our directory
  • Match facilities with relevant providers based on service requests
  • Send transactional emails (account confirmations, lead notifications, service request updates)
  • Send marketing emails (newsletter, product updates) — only with your consent
  • Analyze usage patterns to improve the user experience
  • Prevent fraud and abuse

3. Cookies and Tracking

We use the following cookies and tracking technologies:

  • Session cookies: Required for authentication and maintaining your login state.
  • Google Analytics (GA4): Collects anonymized usage data. You can opt out using the Google Analytics Opt-out Browser Add-on.
  • Vercel Analytics: Privacy-focused web analytics for performance monitoring. No personally identifiable information is collected.

We do not use advertising cookies or sell data to third-party advertisers.

4. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

  • Service requests: When a facility submits a service request, relevant details are shared with matched providers to facilitate the connection.
  • Public directory: Provider profile information (company name, services, coverage area, credentials) is displayed publicly in our directory. Providers control what information appears on their profile.
  • Service providers: We use third-party services for hosting (Vercel), database (Supabase), email (Google Workspace), and analytics (Google Analytics, Vercel Analytics).
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.

5. Data Retention

  • Account data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
  • Provider profiles: Public directory listings sourced from NPI data are retained indefinitely as public information. Claimed profile data added by users is deleted upon request.
  • Service requests: Retained for 2 years for audit and quality purposes, then anonymized.
  • Analytics data: Google Analytics retains data per their standard retention policy (14 months). Vercel Analytics data is retained for 30 days.
  • Email communications: Transactional email logs retained for 1 year.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate information in your profile.
  • Deletion: Request deletion of your account and personal data. See our Data Deletion page for the process.
  • Opt-out: Unsubscribe from marketing emails at any time using the link in each email.
  • Portability: Request an export of your data in a machine-readable format.

7. HIPAA Disclaimer

Stat Imaging is not a HIPAA-covered entity. We are a directory and marketplace platform — we do not provide medical services, process medical records, or handle Protected Health Information (PHI). We do not access, store, or transmit patient medical records, imaging files, or diagnostic results.

Mobile imaging providers listed in our directory are responsible for their own HIPAA compliance when providing services to patients and facilities.

8. Security

We implement reasonable security measures including encrypted data transmission (HTTPS/TLS), hashed passwords (bcrypt), access controls, and regular security reviews. However, no method of electronic storage is 100% secure. We cannot guarantee absolute data security.

9. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

For privacy-related questions or requests: