MedexityWe're hiring

Privacy Policy

Last updated:

This policy describes how Medexity ("Medexity," "we," "us," or "our") processes personal data when you visit our website, apply for roles, or interact with us online. Enterprise customers are also governed by separate agreements (e.g. data processing addenda) where applicable.

1. Data controller

The data controller responsible for personal data described in this policy is Medexity, operating the site at medexity.io (and related subdomains). For privacy inquiries: privacy@medexity.io.

2. Scope

This policy applies to:

  • Visitors to our public marketing website and documentation areas;
  • Candidates who submit applications or materials through our careers flows;
  • Individuals who contact us via email or forms we may provide; and
  • Authenticated users of our administrative interfaces where we act as controller of account-related data.

If you use Medexity products or services as an employee or representative of an organization, your organization is typically the controller of end-user or patient data, and our processing of such data is governed by our customer agreements.

3. Personal data we collect

3.1 Data you provide

  • Careers: name, email, phone, professional links (e.g. LinkedIn), cover letter or message, résumé/CV or other files you upload, and any other fields you voluntarily submit.
  • Communications: content of emails or messages you send us, including your contact details.
  • Admin access: account identifier (e.g. email), authentication credentials (stored using industry-standard hashing where applicable), and session-related security data.

3.2 Data collected automatically

  • Technical & usage: IP address, device and browser type, general geographic region (derived from IP), date/time of access, referring/exit pages, and similar diagnostic data.
  • Cookies & identifiers: as described in Section 6.

We do not use this website to collect special categories of data (such as health data) from visitors in the ordinary course. If you choose to include sensitive information in a free-text application field, we will treat it in accordance with this policy and applicable law.

4. Purposes and legal bases

We process personal data for the following purposes:

  • Provide and secure the site: operate, maintain, troubleshoot, and protect against fraud, abuse, and security threats.
  • Recruiting: evaluate candidacy, communicate about opportunities, and manage hiring workflows.
  • Communicate with you: respond to inquiries and send operational messages (e.g. application acknowledgments).
  • Compliance & legal claims: comply with law, regulation, legal process, or enforceable governmental requests, and protect rights, safety, and property.
  • Analytics & improvement: understand aggregate usage trends to improve content and performance (where permitted).

Where the GDPR or UK GDPR applies, we rely on appropriate legal bases, including: contract (steps prior to employment or to respond at your request), legitimate interests (secure and improve the site, recruiting operations, network security), and legal obligation where required. Where consent is required (e.g. certain non-essential cookies), we will obtain it separately.

5. Disclosure and subprocessors

We may share personal data with:

  • Service providers who process data on our behalf under written agreements, including:
    • Cloud infrastructure and database providers (e.g. Google Cloud / Firebase / Firestore) for hosting, storage, and application backends;
    • Email delivery providers (e.g. SendGrid or comparable) for transactional messages;
    • Security, logging, and monitoring vendors as we may engage from time to time.
  • Professional advisors (lawyers, auditors) where subject to confidentiality obligations.
  • Authorities when required by law or to protect rights and safety.
  • Business transfers in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards.

We do not sell personal data as defined under U.S. state privacy laws, and we do not share personal data for cross-context behavioral advertising through this careers/marketing site.

6. International transfers

We may process and store data in Israel, the European Economic Area, the United States, and other countries where we or our providers operate. Where required, we implement appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) for transfers from the EEA, UK, or Switzerland.

7. Cookies and similar technologies

We use cookies and similar technologies that are strictly necessary for the site to function (e.g. security, load balancing, session integrity). We may also use analytics or preference cookies where permitted; you can control non-essential cookies through your browser settings and any cookie banner we provide.

8. Retention

We retain personal data only as long as necessary for the purposes described, including recruiting records for the duration of the hiring process and a reasonable period thereafter (including for talent pipelines where permitted and with appropriate notice), legal holds, dispute resolution, and statutory retention periods.

9. Security

We implement administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure; we encourage you to use strong passwords and protect your credentials.

10. Your privacy rights

Depending on your location, you may have rights to access, rectify, delete, restrict, or object to certain processing, to data portability, and to withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority.

EEA/UK/Switzerland: contact privacy@medexity.io to exercise rights. We will respond within the timeframes required by applicable law.

10.1 U.S. state privacy rights

Residents of certain U.S. states may have additional rights (e.g. access, deletion, correction, opt-out of sale/sharing, appeal). To submit a request, email privacy@medexity.io. We will verify requests as required by law and will not discriminate for exercising rights.

11. Children

Our services are not directed to individuals under 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. Contact us if you believe we have collected data from a child.

12. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects concerning individuals in connection with this website in a manner that would require separate disclosure under the GDPR. Hiring decisions may involve human review.

13. Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and revise the "Last updated" date. Material changes may be communicated through the site or by email where appropriate.

14. Contact

Questions about this Privacy Policy: privacy@medexity.io

Effective date for versioning: 2026-04-05

See also our Terms of Use.