top of page

Privacy Policy

Medroll Technologies  ·  Last revised April 2026

1. Quick Overview

Medroll Technologies provides professional payer enrollment services. To do that well, we need to collect and manage personal information—including sensitive information. This policy explains exactly what we collect, why we collect it, how we protect it, and what control you have over it.

We don’t sell your data. We don’t share it beyond what’s needed to run our services or comply with the law. And we’ve written this policy in plain language so you actually know what you’re agreeing to.

This policy covers everyone who interacts with us: visitors to medroll.co, app users, enrolled clients, healthcare professionals on our platform, job applicants, and our vendor partners.

 

2. The Data We Handle

Because we work in payer enrollment, we handle more categories of personal data than a typical software company. Here’s a straightforward breakdown of what we collect and why each category matters to our work.

 

Identity & Contact Details

We need to know who you are. This includes your full legal name (including maiden name where relevant), personal and professional email addresses, phone numbers, home and mailing addresses, date of birth, citizenship status, and government-issued IDs such as your Social Security number, driver’s license, and passport number. For healthcare professionals, we also collect your NPI and professional license numbers.

 

Professional History

For enrollment, we collect your employment record—current and past employers, job titles, dates of employment, and professional references. In some cases we also need compensation details, performance history, disciplinary records, and professional development documentation.

 

Education & Credentials

We collect information about the institutions you attended, the degrees and certifications you earned, graduation dates, academic transcripts, and any continuing education or training relevant to your professional standing.

 

Verification & Background Data

The nature of healthcare credentialing requires us to collect and process background check results, drug screening outcomes, license status and board certifications, and any documented disciplinary actions on record. This category of data is treated with extra care throughout its lifecycle.

 

Financial Information

For billing, payment & enrollment purposes, we collect payment card details, bank account information, billing address history, and tax identification numbers.

 

Technical & Usage Data

When you use our website or apps, we automatically receive data about your device, browser type and version, operating system, IP address, the pages you visit, how long you spend on them, and where you arrived from. This helps us keep the platform running well and understand how people use it.

 

A Note on Sensitive Data

Some of what we collect—government IDs, biometric identifiers, health-related credentials, background check results—falls into a higher-sensitivity category. We only collect this information when it’s strictly necessary, and we apply additional safeguards throughout its handling.

 

3. Where Your Data Comes From

 

Directly from you

Most of the data we hold comes straight from you: when you create an account, submit a service request, fill out an application, respond to a survey, or contact our support team.

 

Automatically, when you use our platform

Our systems automatically capture technical data—log files, cookies, device fingerprints, session activity, and approximate location signals—whenever you interact with our website or apps.

 

From third parties

In some cases, we receive data from outside sources that are relevant to credential verification or enrollment. These include:

  • Professional licensing boards and regulatory bodies

  • Background check and identity verification providers

  • Public records databases

  • Credit reporting agencies

  • Social media platforms (where you’ve authorized the connection)

  • Marketing data partners

 

4. How We Use It

Every use of your data maps back to a legitimate purpose. Here’s what that looks like in practice:

 

Running our services

This is the core: delivering payer enrollment services, verifying credentials, tracking application status, communicating updates, and keeping the platform secure and functional.

 

Improving and building

We use aggregated and anonymized data to improve existing features, develop new products, and conduct internal research. Individual-level data is only used here where necessary.

 

Staying compliant and safe

We process data to meet our legal obligations, detect and prevent fraud and abuse, enforce our Terms of Service, and protect the legitimate interests of our users and the company.

 

Our legal basis for processing

Depending on the context, we rely on one or more of the following grounds:

  • Contractual necessity — processing needed to fulfill a service agreement

  • Legal obligation — processing required by law or regulation

  • Legitimate interests — our reasonable business interests, where they don’t override your rights

  • Consent — where you’ve explicitly agreed to a specific use

  • Public interest — where applicable in healthcare-related contexts

 

5. Who We Share It With

We don’t sell your personal data. Sharing only happens when it’s necessary to operate our services, meet a legal requirement, or act on your explicit instructions.

 

Vendors who help us operate

We work with a limited set of carefully selected service providers—cloud infrastructure, payment processing, analytics, customer support, marketing, and security. They can only use your data for the specific purpose we’ve contracted them for.

 

Credential and verification partners

Enrollment inherently involves sharing data with identity verification providers, background check firms, professional licensing organizations, and integration partners. We share only what’s needed, only when needed.

 

Legal and regulatory requirements

We may disclose information to government agencies, law enforcement, courts, or regulators when we’re legally obligated to do so.

 

Corporate transactions

If Medroll undergoes a merger, acquisition, asset sale, or similar transaction, your data may be transferred as part of that process. We’ll notify you if this happens and your data becomes subject to a different privacy policy.

 

With your permission

If you ask us to share your information with a specific organization or individual, we’ll do so based on your explicit authorization.

 

6. How Long We Keep It

We keep your data for as long as it’s needed—no longer. Here are the specific timelines we follow:

 

  • Active accounts — retained for the duration of the service relationship

  • Closed accounts — retained for 7 years after closure

  • Transaction records — retained for 7 years

  • Marketing data — retained for 2 years after your last interaction with us

  • Unsuccessful job applications — retained for 1 year

 

These timelines are set based on legal requirements, applicable statutes of limitations, genuine operational need, and the principle that data we no longer need should not be kept. When data reaches the end of its retention period—or when you make a valid deletion request—we delete it securely, subject only to any legal hold requirements that apply.

 

7. Keeping It Safe

Given the sensitivity of the data we handle, security isn’t optional—it’s foundational to everything we do.

 

Technical controls

We encrypt data in transit and at rest, enforce strict access controls and multi-factor authentication, and maintain network and physical security measures across our infrastructure.

 

Operational practices

Our security program includes incident response planning, disaster recovery procedures, business continuity protocols, regular security assessments.

 

8. If something goes wrong

In the event of a data breach, we move fast: investigate immediately, notify affected individuals and relevant authorities as required by law, take corrective action to limit harm, and document everything. We won’t hide incidents—transparency matters.

 

9. Your Rights & Controls

You have meaningful control over your personal information. Here’s what that includes—regardless of where you’re located.

 

Access and transparency

You can ask us what data we hold about you, get a copy of it, and understand how it’s being used and shared.

 

Correction and deletion

You can update inaccurate information, ask us to delete your data, or request that we restrict certain types of processing. You can also withdraw consent you’ve previously given, at any time.

 

Portability

You can request a portable copy of your data in a structured, machine-readable format.

 

Marketing opt-outs

You can opt out of promotional emails, newsletters, surveys, and product updates at any time—just use the unsubscribe link in any message or contact us directly.

 

Technical controls

You can manage cookie preferences, adjust app and device permissions, disable location services, and opt out of analytics participation through your browser or device settings.

 

If you’re in California

Under the CCPA/CPRA, California residents have additional rights: the right to know, delete, correct, and port their data; the right to limit how sensitive personal information is used; the right to opt out of any sale or sharing of data; and the right to be free from discrimination for exercising any of these rights.

 

If you’re in Virginia

Under the VCDPA, Virginia residents may access, correct, delete, and export their data, and opt out of targeted advertising.

 

Other states

We comply with the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, Nevada’s privacy statutes, and all other applicable state privacy laws. If your state has granted you specific rights, we honor them.

 

To exercise any of these rights, contact us at support@medroll.co. We’ll respond within the timeframe required by applicable law.

 

10. Cookies & Tracking

We use cookies and similar technologies to keep our platform functional, understand how people use it, and support our marketing. Here’s what’s running:

 

  • Essential cookies — without these, the site doesn’t work

  • Functional cookies — remember your preferences and settings between visits

  • Analytics cookies — help us understand traffic patterns and platform usage

  • Advertising cookies — support our marketing campaigns

  • Third-party cookies — placed by our partners for their own purposes

 

Both session cookies (cleared when you close your browser) and persistent cookies (stored across sessions) are in use. You can manage your preferences through your browser settings, our cookie preference center, or available opt-out tools. Disabling certain cookies may affect platform functionality.

 

11. A Few More Things

 

We don’t serve minors

Our services are for adults. We don’t knowingly collect personal data from anyone under 18, and we have age verification measures in place to prevent it. If we discover that a minor’s data has been collected, we delete it promptly. Parents or guardians can contact us to request this. We comply with COPPA.

 

External links and third-party services

Our platform may link to external websites or integrate with third-party tools. Those services have their own privacy practices, which are entirely independent of ours. We’re not responsible for how they handle your data—please review their policies directly.

 

When this policy changes

We’ll post any updates on our website and flag material changes clearly. Where legally required, we’ll ask for your consent before the changes take effect. Previous versions of this policy are archived and available from our privacy team on request.

 

Talk to Us

Got a question about your data? Want to exercise a right? Think something’s off? Reach out—we’re a real team and we actually read these.

 

Email: support@medroll.co

Address: 517, Devalapura, Bangalore, India

 

If you’d like to reach a regulatory authority—such as a consumer protection agency or privacy commissioner—we’re happy to provide the relevant contact details on request.

bottom of page