Privacy Policy

MedGra Privacy Policy

The Internet is a valuable source of public health and research information. However, it may also expose personal data that you do not wish to be made public—such as your full name, address, phone number, or email. Some websites collect data automatically without your consent. MedGra is committed to protecting your privacy. We do not use or share your personal information beyond what is outlined in this Privacy Policy.

As a mission-driven organization focused on community health, nonprofit development, and research services, our goal is to ensure that your interaction with our site and services is both informative and secure. The terms of MedGra’s privacy policy reflect this commitment.

PRIVACY POLICY OVERVIEW

This Privacy Policy explains:

  • What personally identifiable information do we collect through our website?
  • Why do we collect it?
  • How we use the information.
  • What options do you have regarding your data? and
  • What safeguards do we put in place to prevent misuse or unauthorized access?

By using medgra.com, you agree to the collection and use of information by this policy. Unless otherwise defined, the terms used in this policy are consistent with our Terms and Conditions, available at Privacy Policy – Medgra.

In this Privacy Policy, “We”, “Us”, and “Our” refer to MedGra.

INFORMATION WE COLLECT

We only collect information that you choose to provide. If you opt not to share certain details, we may be unable to offer some services, such as registration for training, consultation requests, or access to research tools.

Information we may collect includes:

  1. Personal Information You Provide:
    Your name, email address, phone number, mailing address, professional role, and other details you submit via forms, surveys, or inquiries.
  2. Automatically Collected Data:
    Technical data, such as cookies, browser type, IP address, referral pages, and the time and duration of visits to help us understand usage trends and improve our site.
  3. Log Data:
    Standard log information is collected when accessing our services, which may include visited pages, timestamps, and device details.
  4. Optional Demographic Data:
    We may occasionally ask for non-personal information such as age, gender, professional background, or community affiliation to support outreach, program development, and grant reporting.
  5. Behavioral Insights:
    We may analyze how visitors navigate our website to assess interest in particular topics, services, or resource pages. This helps us refine offerings such as research tools, educational programs, and consulting services.

Note: MedGra will never sell your personal information. All data collection aligns with our values of transparency, ethical research, and public service.

We will only use your information:

  • To respond to your inquiries or requests.
  • To provide access to services like training, project collaboration, or resource tools.
  • To improve user experience on our website.
  • To comply with legal or funding requirements for reporting and evaluation (aggregated and anonymized unless otherwise specified).

Rest assured, MedGra only collects personal information that you knowingly and voluntarily provide—whether through surveys, program enrollment forms, consultation requests, or direct communication such as emails. We intend to use this information solely for the purpose for which it was submitted—such as participating in a training, accessing consulting services, or contributing to a research or community health initiative. Any additional use will be explicitly stated and aligned with the terms outlined in this Privacy Policy.

WHY WE COLLECT INFORMATION

MedGra collects personal information to better understand your needs and to support the delivery of the health, research, consulting, and nonprofit support services you request. Our purposes include:

  • Fulfilling service requests such as training enrollment, project collaboration, or research participation
  • Enhancing the effectiveness of our programs, initiatives, and resources
  • Communicating information related to new services, events, or opportunities that align with your interests (with your consent)
  • Inviting you to participate in assessments, surveys, or community-based research, where appropriate and consented
  • Personalizing your experience on our website based on your preferences and behavior

We are committed to ethical, transparent data use in all our interactions.

HOW LONG WE RETAIN YOUR DATA

MedGra retains personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and grant funders. Our retention timelines are based on:

  • The ongoing relevance of your data to our service relationship
  • Legal or regulatory recordkeeping requirements (including those for research or federally funded programs)
  • Our obligations to demonstrate compliance, impact, or service delivery
  • The nature of your engagement and whether you have given ongoing consent
  • Our legitimate interest in maintaining a relationship or record of service delivery

We periodically review data to ensure it is securely maintained or appropriately disposed of.

HOW WE USE THE INFORMATION COLLECTED

MedGra uses your personal information in ways that serve our mission and improve your experience. This includes:

  • Operating and enhancing the functionality of our website and service delivery platforms
  • Communicating with you regarding resources, workshops, grant opportunities, or nonprofit development tools relevant to your needs
  • Inviting feedback through assessments, program evaluations, or research studies related to our core focus areas
  • Contacting you (with your consent) about partnerships, community projects, or new initiatives aligned with your interests
  • Collaborating with trusted partners who help us deliver services such as mailing, registration processing, technical support, or impact reporting—under strict confidentiality agreements
  • Analyzing trends and user demographics in aggregate (e.g., “MedGra’s audience is 60% nonprofit professionals and 40% public health practitioners”) to improve services
  • Using analytics tools (such as Google Analytics) to monitor how users engage with our website, improve functionality, and guide our communication strategies. Google Analytics does not collect personally identifiable information.

SOCIAL MEDIA USE

MedGra engages with the public through third-party platforms including (but not limited to) Facebook, LinkedIn, Twitter, Instagram, and YouTube. These tools may collect your IP address or set cookies to enhance functionality. Your use of these platforms is governed by the privacy policies of the respective providers, which are outside MedGra’s control. For example, Twitter’s policy is available at https://twitter.com/en/privacy.

MARKETING COMMUNICATIONS

With your consent, MedGra may send you updates about our services, programs, or educational opportunities. You have the right to opt out of marketing communications at any time. Simply click the unsubscribe link included in our emails or contact support@medgra.com.

NON-MARKETING PURPOSES

MedGra may contact you for essential non-marketing purposes such as:

  • Notifications about critical service updates or changes
  • Alerts related to security, account activity, or access issues
  • System maintenance or bug reports
  • Changes in terms of use or privacy policies

These communications are part of our responsibility to ensure a safe and transparent user experience.

CHILDREN’S PRIVACY

MedGra is not designed for or directed at children under the age of 13. We do not knowingly collect personally identifiable information from anyone under 18 without verifiable parental or guardian consent. If we discover that a minor under 18 has submitted personal information, we will delete it from our systems promptly—or request verified permission from a parent or legal guardian before retaining it.

If you are a parent or guardian and believe your child has shared information with us, please contact support@medgra.com immediately.

UNSUBSCRIBE OR OPT OUT

All users and visitors of MedGra’s website have the right to discontinue receiving our communications at any time. If you wish to unsubscribe from email updates, newsletters, or other outreach, simply send a request to support@medgra.com stating your preference to opt out.

Please note that if you wish to unsubscribe from communications through third-party platforms or services linked via MedGra, you will need to manage your preferences directly on those platforms.

MedGra will continue to respect and uphold the privacy of any personal information previously collected, per this policy.

LINKS TO OTHER WEBSITES

MedGra’s website may include links to affiliated or partner organizations, research publications, or other third-party sites. These external websites are not operated or controlled by us. When you click a third-party link, you will be subject to their privacy policies and terms.

We strongly encourage you to review the privacy statements of any external websites you visit. This Privacy Policy applies only to data collected through medgra.com. MedGra does not accept responsibility for the privacy practices or policies of third-party websites.

AFFILIATE DISCLAIMER / DISCLOSURE

MedGra may occasionally participate in affiliate programs that support our nonprofit and public service mission. These programs may involve linking to products, services, or platforms for which we may earn a small commission if users make qualifying purchases—at no extra cost to you.

Any such links are disclosed transparently within the relevant content. Affiliate participation helps sustain and expand access to free educational and public health resources, but it does not influence our content or recommendations.

DISCLOSURE OF INFORMATION

MedGra does not disclose your personal information except under the following conditions:

  • To fulfill services, programs, or resources you have requested
  • In alignment with specific uses outlined in this policy or when you have provided explicit consent
  • In aggregated or anonymized formats that prevent personal identification
  • As required by applicable law, regulation, subpoena, or legal investigation
  • To third-party auditors, consultants, or partners under strict confidentiality agreements
  • To protect and enforce MedGra’s rights, safety, or property
  • To address system integrity, security breaches, or terms-of-use violations

OUR USE OF COOKIES

When you visit medgra.com, we may use cookies—small data files stored on your browser—to enhance your experience. Cookies allow us to recognize your device, personalize content, and analyze website traffic.

Types of cookies we use include:

  1. Functionality Cookies: Remember your preferences, such as location or areas of interest (e.g., nonprofit consulting or health data research), so you don’t have to reset them each visit.
  2. Analytical Cookies: Help us identify patterns in user behavior so we can improve how our site serves visitors and communities.
  3. Advertising Cookies (if applicable): May be used to display relevant public service announcements, funding opportunities, or mission-aligned partner content. These may collect data like browser type, IP address, or visited pages. Some of this anonymized data may be shared with third-party platforms.

HOW TO MANAGE COOKIES

You can manage or disable cookies at any time via your browser settings. Most browsers accept cookies by default, but you can choose to block or delete them. Please be aware that disabling cookies may affect some features on medgra.com, such as personalized content or access to member-only areas.

SECURITY OF INFORMATION

MedGra is committed to safeguarding your personal information. We use commercially accepted methods—both digital and physical—to protect data from unauthorized access, disclosure, loss, or modification.

Key security practices include:

  • SSL encryption on data transmissions (look for “https” and the padlock symbol in your browser)
  • Encrypted storage of sensitive data such as registration information
  • Limited employee access, with personal data only accessible to team members who need it to perform specific tasks (e.g., program management or technical support)
  • Secure servers and firewalls to maintain data integrity
  • Regular assessments to maintain compliance with best practices in nonprofit and research data protection

Please note: While we implement rigorous security measures, no online platform can guarantee 100% data security. If you have any concerns about the integrity of your data, contact us immediately at support@medgra.com.

HIPAA COMPLIANCE (Health Data Handling)

If MedGra collects, receives, or processes protected health information (PHI) through services such as community assessments, consulting projects, or research involving healthcare organizations or individuals, we operate in accordance with the Health Insurance Portability and Accountability Act (HIPAA).

Under HIPAA, any identifiable health information collected or shared for care coordination, analysis, or reporting purposes will be:

  • Handled with strict confidentiality
  • Protected through data encryption, access controls, and audit protocols
  • Disclosed only with your explicit authorization, or as required by law under HIPAA exceptions

We do not use or disclose PHI for marketing or fundraising purposes without prior written consent. All subcontractors or business associates handling PHI must sign a Business Associate Agreement (BAA) with MedGra to ensure full compliance.

If you are a client, participant, or covered entity with concerns about how your health data is handled, contact us at hipaa@medgra.com.

GRANT COMPLIANCE DATA USE (Federally Funded Programs)

For programs funded through federal, state, or philanthropic grants, MedGra may be required to collect certain data—such as demographics, service utilization, or impact outcomes—to meet compliance, performance, or reporting obligations.

In such cases:

  • Data is collected only to the extent necessary to meet funder requirements
  • Personally identifiable information is de-identified or aggregated whenever possible before submission
  • Data handling complies with funder-specific agreements, such as those from HRSA, SAMHSA, NIH, or other U.S. Department of Health and Human Services (HHS) branches
  • Where required, informed consent will be obtained from participants, and all information will be stored in a secure, access-controlled environment

Participants may request more details about data collection, retention, or usage related to a grant-supported project by contacting grants@medgra.com.

DATA RETENTION POLICIES (Research Participants & Nonprofit Partners)

MedGra retains data only for the duration necessary to fulfill the purpose for which it was collected, or as required by law, ethics boards, or institutional agreements.

  • Research Participants: Personally identifiable data collected through evaluations, surveys, or research partnerships will be stored securely and retained for no longer than necessary, per IRB (Institutional Review Board) guidance or research protocols.
  • Nonprofit and Consulting Clients: Data shared for strategic planning, capacity building, or program development is retained per service contracts, typically 2–5 years, unless otherwise agreed in writing.

We regularly review and securely dispose of data that is no longer needed or has met its retention deadline. If you participated in a project and wish to inquire about data held on you, contact privacy@medgra.com.

CALIFORNIA RESIDENTS (CCPA Compliance)

Per the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA), MedGra may collect personal information related to your online activities while using our services. Although we provide various options to opt out of data sharing, MedGra does not currently respond to browser “Do Not Track” (DNT) signals due to a lack of standardization across web platforms.

Under California’s “Shine the Light” law (Civil Code Section 1798.83), California residents may request information about the disclosure of their personal information to third parties for direct marketing purposes.

To request such information, or to exercise your right to restrict the collection or use of your data, please email support@medgra.com with the subject line “California Privacy Request.”

DO NOT TRACK & GLOBAL PRIVACY CONTROL (GPC)

While MedGra does not currently respond to browser-based “Do Not Track” signals due to industry-wide limitations, we recognize and respond to Global Privacy Control (GPC) signals as required by applicable law. If your browser or extension supports GPC, we will honor that signal to the extent mandated.

Learn more about GPC by visiting the Global Privacy Control website.

NOTICE TO EUROPEAN UNION USERS (GDPR Compliance)

MedGra’s operations are headquartered in the United States. If you are located in the European Union (EU) or European Economic Area (EEA) and submit information to us, your data will be transferred to and processed in the United States in accordance with the General Data Protection Regulation (GDPR).

By providing personal data, you consent to its collection, transfer, and storage as outlined in this Privacy Policy. While we are not part of the former Privacy Shield program, we apply GDPR-compliant safeguards, including:

  • Data minimization
  • Consent-based data collection
  • Encryption and secure storage
  • Transparent processing policies
  • Right of access and erasure

YOUR RIGHTS UNDER GDPR (EU/EEA Residents)

If you are an EU or EEA resident, you have the following rights under the General Data Protection Regulation (GDPR):

  1. Right to Be Informed – You have the right to know how your data is collected, used, and stored. This policy outlines that.
  2. Right of Access – You can request access to the personal data we hold about you.
  3. Right to Rectification – If you believe your data is inaccurate or incomplete, you may request corrections.
  4. Right to Erasure – Also known as the “right to be forgotten,” you can request your data be deleted unless retention is legally required.
  5. Right to Restrict Processing – You may limit how your data is used in certain contexts.
  6. Right to Data Portability – You may request a copy of your data in a machine-readable format for use elsewhere.
  7. Right to Object – You may object to the processing of your data where we rely on a legitimate interest as the basis for collection.

To exercise any of these rights, email support@medgra.com with your request. Please include “GDPR Data Request” in the subject line.

We also have internal protocols for handling data breaches. In the unlikely event your data is compromised, we will notify you by applicable GDPR.

CHANGES TO THIS PRIVACY POLICY

MedGra reserves the right to update this Privacy Policy as needed to reflect changes in our practices, compliance obligations, or technology. Updates will be posted directly on this page with an updated effective date.

By continuing to use medgra.com or associated services after policy changes are posted, you accept those changes. If you disagree with any part of this Privacy Policy, we advise that you discontinue the use of our website or services.

HOW TO CONTACT US

If you have any questions, concerns, or data-related requests concerning this Privacy Policy or our practices, you may contact us at:

📧 support@medgra.com
To review our full Terms of Use, please visit the Terms of Use page

Scroll to Top