Home

Privacy Policy

Effective date: June 14, 2026

Last updated: June 14, 2026

This Privacy Policy describes how MART Medical Equipment & Services, Inc ("MART," "we," "us," or "our") collects, uses, and protects information when you use the MART Medical Services web application.

1. Introduction

This policy applies to the Service at https://martmedicalsoftware.com. The Service is a business platform for authorized users—such as MART staff, engineers, and facility clients—to manage medical equipment service operations. It is not a consumer marketing website.

2. Scope

This policy applies to information processed through the Service. Access is limited to users who have been invited or registered by an administrator. If you use the Service on behalf of an organization, your organization may have additional policies that also apply.

3. Information we collect

We may collect and process the following categories of information:

Account and profile information

  • Name, email address, and phone number (when provided)
  • Authentication credentials (passwords are stored in hashed form)
  • Role, facility assignments, language preference, and optional two-factor authentication (2FA) settings
  • Account activity metadata such as creation date, last update, and login session records

Operational and business data

  • Facility and client information
  • Medical equipment records, tags, and service history
  • Work orders, inspections, service controls, accessories, and related status data
  • Files and documents you upload (for example, PDFs, manuals, and signed documents)
  • Audit and history records generated by system activity

Technical and security data

  • IP address, browser type, and request metadata in server and application logs
  • Security events such as failed login attempts, account lockouts, and rate-limiting records
  • reCAPTCHA verification signals when login abuse prevention is active

We do not use the Service to collect information for third-party advertising or behavioral marketing profiles.

4. How we use information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Authenticate users and enforce role-based access control
  • Process work orders, inspections, equipment records, and related business workflows
  • Send transactional and operational email notifications (for example, account confirmation and password reset)
  • Protect the Service against abuse, fraud, and unauthorized access
  • Comply with legal obligations and respond to lawful requests
  • Synchronize payment status with QuickBooks Online when that integration is enabled in your deployment

We do not sell personal information.

5. Legal bases for processing

Depending on your jurisdiction and the type of data involved, we process personal information based on:

  • Performance of a contract — to provide the Service to you or your organization
  • Legitimate interests — to secure the platform, prevent abuse, and improve reliability
  • Legal obligation — when required by applicable law
  • Consent — where required for optional features

6. Cookies and similar technologies

The Service uses cookies and similar technologies that are necessary for operation and security:

  • Mart.Auth — authentication session (HttpOnly, Secure, SameSite Strict)
  • Anti-forgery tokens — CSRF protection on state-changing requests
  • ASP.NET Data Protection — encrypted storage of security tokens and keys

These cookies are essential for signed-in use of the Service. They are not used for third-party advertising or cross-site tracking. If you disable essential cookies in your browser, parts of the Service—including sign-in—may not function correctly.

On your first visit, we may show a brief cookie notice with a link to this section. Dismissing that notice does not change how essential cookies work; it only records that you have seen the information. You can reopen the notice at any time from the footer link labeled “Cookie notice.”

7. Third-party services

We use trusted third-party providers to operate the Service:

  • Microsoft Azure (hosting) — application and database hosting
  • Azure Communication Services — outbound email delivery
  • Google reCAPTCHA — login abuse prevention (when configured)
  • Intuit QuickBooks Online — optional payment status synchronization (when enabled)

Each provider maintains its own privacy practices. We recommend reviewing their policies for additional detail.

8. Data retention

We retain information for as long as needed to provide the Service, meet contractual obligations, and comply with law. When the data retention cleanup job is enabled in your deployment, completed operational records older than the configured retention period (default: five years) may be permanently deleted. Retention settings are controlled by your system administrator.

Account deletion requests may be submitted through your administrator. The Service supports an internal user delete request workflow for administrators to review and process such requests.

9. Security

We implement technical and organizational measures designed to protect information, including:

  • HTTPS for data in transit
  • HttpOnly, Secure, and SameSite Strict authentication cookies
  • Role- and claim-based authorization
  • Input sanitization and CSRF protections
  • File upload validation (size, extension, and content checks)
  • Account lockout and rate limiting on authentication endpoints

No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us immediately.

10. Your rights

Depending on applicable law, you may have the right to:

  • Request access to personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account or personal data, subject to legal and operational retention requirements

Because the Service is administered for business users, most requests should be directed to your organization's administrator or to MART using the contact information below. Deletion may not be immediate where we must retain certain records for legal, security, audit, or contractual reasons.

11. Health information and HIPAA

The Service manages medical equipment service operations for business customers. It is not designed as a general-purpose electronic health record system.

MART does not represent that use of this Service alone satisfies HIPAA requirements unless your organization has a separate agreement with MART that explicitly addresses HIPAA obligations. Customers who process protected health information are responsible for ensuring their use of the Service complies with applicable regulations.

12. Children's privacy

The Service is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children.

13. Links to other websites

The Service may contain links to external websites (for example, our corporate site at https://www.martmedical.com). We are not responsible for the privacy practices of third-party sites. Please review their policies before providing personal information.

14. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the policy was last revised. Material changes may be communicated to administrators or through in-app notices where appropriate.

15. Contact us

If you have questions about this Privacy Policy or wish to submit a privacy-related request, contact us:

MART Medical Equipment & Services, Inc

info@martmedical.com

+1 (305) 342-4737

6905 NW 42nd ST, Miami, FL 33166-6820, USA

https://www.martmedical.com