Privacy Policy

Last updated: August 12, 2025

Privacy Policy

MiraMace Inc. ("we," "our," or "us") is committed to protecting your privacy. This Privacy Notice explains how we collect, use, disclose, and safeguard your information when you visit our website at miramace.com or use our mobile application, Mira Mace, a care advocate platform utilizing AI to automate backend tasks, or when you engage with us in other ways, including sales, marketing, or events.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@miramace.com.

Summary of Key Points

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What Personal Information Do We Process?

When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do We Process Any Sensitive Personal Information?

Some of the information may be considered "special" or "sensitive" in certain jurisdictions, for example your racial or ethnic origins. We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.

Do We Collect Any Information From Third Parties?

We may collect information from public databases, marketing partners, social media platforms, and other outside sources. Learn more about information collected from other sources.

How Do We Process Your Information?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In What Situations and With Which Parties Do We Share Personal Information?

We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.

How Do We Keep Your Information Safe?

We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.

What Are Your Rights?

Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

Detailed Privacy Policy

Table of Contents

1. What Information Do We Collect?
2. How Do We Process Your Information?
3. When and With Whom Do We Share Your Personal Information?
4. Do We Use Cookies and Other Tracking Technologies?
5. Do We Use AI-Based Products?
6. How Long Do We Keep Your Information?
7. How Do We Keep Your Information Safe?
8. Do We Collect Information From Minors?
9. What Are Your Privacy Rights?
10. Controls for Do-Not-Track Features
11. U.S. State Privacy Rights
12. HIPAA Compliance
13. Medicare Data via Blue Button 2.0
14. Do We Make Updates to This Notice?
15. How Can You Contact Us About This Notice?

1. What Information Do We Collect?

1.1 Information you disclose to us
In Short: We collect personal information that you provide to us, information we obtain automatically when you use our Services, and information from other sources.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

  • Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include:
    • Names
    • Phone numbers
    • Email addresses
    • Mailing addresses
    • Job titles
    • Usernames
    • Passwords
    • Contact preferences
    • Contact or authentication data
    • Billing addresses
  • Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:
    • Health data
    • Information revealing race or ethnic origin

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

1.2 Information automatically collected
In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

1.3 Information collected from other sources
In Short: We may collect limited data from public databases, marketing partners, and other outside sources.

In order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion.

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts
  • To deliver and facilitate delivery of services to the user
  • To respond to user inquiries/offer support to users
  • To send administrative information to you
  • To enable user-to-user communications
  • To request feedback
  • To identify usage trends
  • To determine the effectiveness of our marketing and promotional campaigns
  • To comply with our legal obligations

3. When and With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice.
  • Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.
  • Third-party Service Providers. We may share your information with trusted third-party service providers who perform services on our behalf, such as:
  • Cloud infrastructure and hosting services
  • Customer support and communication platforms
  • Analytics and performance monitoring tools
  • Payment processing services
  • AI and machine learning technologies for product functionality

HIPAA Compliance: All third-party service providers that may access Protected Health Information (PHI) have signed Business Associate Agreements (BAAs) with us, ensuring they are legally bound to protect your health information according to HIPAA's strict requirements.

No Data Sales: We do not sell your personal information for profit or any monetary transactions. We do not share your data with advertisers or marketing companies.

Legal Requirements: We may disclose your information when required by law, subpoena, or to protect rights and safety.

Other Users: Information you share in public areas of our Services may be visible to other users. If you register through social networks, your contacts may see your activity within our Services.

4. Do We Use Cookies and Other Tracking Technologies?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences).

5. Do We Use AI-Based Products?

In Short: We use artificial intelligence to help our care advocates provide better, more efficient care by quickly analyzing patient information and generating insights.

How We Use AI: Our service uses artificial intelligence to help care advocates:

  • Quickly analyze patient health information to identify patterns and trends
  • Generate insights that help care advocates understand patient needs faster
  • Improve efficiency by automating routine analysis tasks
  • Provide care advocates with relevant information to support better decision-making

Important Note: AI-generated insights are designed to support care advocates in their work, but they do not replace professional medical judgment. Care advocates always review and validate AI-generated information before using it to support patient care decisions.

HIPAA Compliance: All AI and machine learning processing of Protected Health Information (PHI) is conducted through third-party providers who have signed Business Associate Agreements (BAAs) with us, ensuring they are legally bound to protect your health information according to HIPAA's strict requirements.

6. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We keep your personal information only for as long as we need it. Our policy is to delete or anonymize your account data within 12 months after you close your account.

  • Legal Requirements: The only exception is if we are required by law (for example, for tax or accounting purposes) to keep your information for a longer period.
  • Backups: Data may remain in our secure backup archives for a longer period until it is automatically overwritten or deleted as part of our normal backup cycle. During this time, it will be isolated and protected from any further use.

7. How Do We Keep Your Information Safe?

In Short: We are committed to protecting your personal information using industry-standard security technologies and procedures.

We are committed to protecting your personal information. We use a variety of industry-standard security technologies and procedures to help protect your data from unauthorized access, use, or disclosure.

The Measures We Take Include:

  • Encryption: We encrypt your personal information both when it is stored on our servers (at rest) and when it is transmitted over the internet (in transit).
  • Access Controls: Access to your personal information is strictly limited to authorized personnel who need it to perform their jobs. We implement security measures such as multi-factor authentication (MFA) where appropriate to protect sensitive data.
  • Vendor Security: We carefully vet our third-party vendors (like our cloud hosting provider) to ensure they meet strict security and HIPAA compliance standards.
  • Regular Monitoring: We continuously monitor our systems for potential vulnerabilities and threats to proactively protect your data.

An Important Disclaimer:

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. While we do our best to protect your data, we cannot guarantee its absolute security. It is also important that you help protect your account by using a strong password and accessing our Services from a secure computer and network.

8. Do We Collect Information From Minors?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services.

If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at support@miramace.com.

9. What Are Your Privacy Rights?

In Short: You have control over your personal information and how we communicate with you. This section outlines your rights and choices.

Managing Your Account Information

  • Review and Update: You can review and change your account information at any time by logging into your account settings page.
  • Terminate Your Account: You can request to close your account at any time through your account settings or by contacting us at support@miramace.com. Upon your request, we will deactivate your account. Please see Section 6 ("How Long We Keep Your Information") for details on when your data will be permanently deleted from our systems.

Managing Communication Preferences

  • Email: You can opt out of our marketing emails by clicking the "unsubscribe" link at the bottom of any email we send you.
  • Text Messages (SMS): You can opt out of marketing text messages by replying "STOP." You may still receive essential, non-promotional messages about your account or our Services.
  • Our SMS Policy: Your mobile information, including your consent to receive messages, will not be shared with or sold to third parties for their marketing purposes.

Withdrawing Your Consent

If we are processing your information based on your consent, you have the right to withdraw that consent at any time. Please note that this will not affect the lawfulness of any processing that occurred before you withdrew your consent. To do so, please contact us at support@miramace.com.

10. Controls for Do-Not-Track Features

In Short: We explain how we handle Do-Not-Track signals and Global Privacy Control features.

  • Do-Not-Track: Most web browsers include a Do-Not-Track ("DNT") feature. Because there is no uniform industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.
  • Global Privacy Control: Some browsers and extensions support the Global Privacy Control ("GPC") signal, which is designed to communicate your privacy preferences. As we do not sell or share your personal information, we honor the GPC signal as a request to opt out of any future sharing or selling of your data and will process it in accordance with applicable law.

11. U.S. State Privacy Rights

In Short: This section provides supplemental privacy information for residents of certain U.S. states.

11.1 California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA).

Your Rights as a California Resident:

  • Right to Know: You can request to know the categories and specific pieces of personal information we collect, use, and disclose.
  • Right to Delete: You can request that we delete your personal information, subject to certain legal exceptions.
  • Right to Correct: You can request that we correct inaccurate personal information that we maintain about you.
  • Right to Limit Use of Sensitive Personal Information: You can direct us to limit the use of your sensitive personal information (like health data) to only what is essential to provide the Services to you.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
  • Right to Opt-Out of Sale/Sharing: We do not "sell" or "share" your personal information with third parties for advertising purposes, so there is no need to opt out.

How to Exercise Your Rights: To exercise these rights, please contact us at support@miramace.com. We will need to verify your identity before proceeding with your request.

Categories of Information: For details on the categories of personal information we collect and disclose, please see Section 1 ("What Information Do We Collect?") and Section 3 ("When and With Whom Do We Share Your Personal Information?").

"Shine the Light" Law: California residents may also request information about our disclosure of personal information to third parties for their own direct marketing purposes. As stated in this policy, we do not engage in this practice.

11.2 Privacy Rights in Other States

We comply with emerging privacy laws in other states. If you are a resident of states such as Colorado, Connecticut, Utah, or Virginia, you have rights that are similar to those listed for California, including the rights to access, correct, delete, and obtain a copy of your data.

You may exercise your rights by contacting us at support@miramace.com.

12. HIPAA Compliance

In Short: We are committed to protecting health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA).

  • Safeguards: We implement administrative, technical, and physical safeguards to protect your Protected Health Information (PHI). These include measures like encryption, strict access controls, and regular audit logging.
  • Use and Disclosure: We only use and disclose PHI as permitted by law and our agreements.
  • Your Rights: You can request to access or correct your PHI by contacting us at support@miramace.com. We will respond within 30 days, consistent with HIPAA requirements.
  • Breach Notification: In the event of a data breach involving unsecured PHI, we will notify affected individuals within 60 days of discovery, in compliance with HIPAA and the FTC's Health Breach Notification Rule.

13. Medicare Data via Blue Button 2.0

In Short: We use the Blue Button 2.0 API to help you access your Medicare claims data, with strict privacy protections and your full control over the data.

This product uses the Blue Button 2.0 API but is not endorsed or certified by the Centers for Medicare & Medicaid Services or the U.S. Department of Health and Human Services.

  • Data Use: With your explicit consent, we retrieve your Medicare claims data to display to you and your care advocate. We never sell this data or use it for advertising. Sharing is limited to your advocate and our HIPAA-compliant service providers.
  • Data Deletion: If you disconnect your Medicare account, we stop new data imports and will delete prior claims upon request. We also automatically delete data from accounts that have been inactive for more than 12 months after sending you two reminders.
  • Security: We protect your Medicare data with HIPAA-grade safeguards and will notify you within 60 days of any data breach affecting this information.
  • Policy Changes & Mergers: We will notify you 30 days in advance of any material changes to this policy, which require prior approval from CMS. In the event of a merger or sale, you will receive 30 days' notice before your data is transferred, during which you may choose to delete your data.

14. Do We Make Updates to This Notice?

In Short: We may update this Privacy Notice from time to time to reflect changes in our practices or to comply with new laws.

We may update this Privacy Notice from time to time to reflect changes in our practices or to comply with new laws.

  • How to Check for Updates: The latest version will always be available on our website, and the "Last updated" date at the top will indicate when it was last revised. We encourage you to review the policy periodically.
  • Notification of Major Changes: If we make a material change to how we handle your personal information, we will provide you with prominent notice, for instance, by posting a notice on our website or sending a notification to your email address on file.

15. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at support@miramace.com or contact us by post at:

MiraMace Inc.
131 Continental Dr
Suite 305
Newark, DE 19713
United States