Privacy Policy

Effective Date: March 21, 2026


1. Introduction

Welcome to MRX.io. This Privacy Policy outlines how MRX.io, operating under Shuayto Inc. ("we," "our," or "us"), collects, uses, protects, and discloses your information when you visit our website at mrxhealth.io (the "Site") and use our services. MRX.io provides modern infrastructure and services for medical practices, including revenue cycle management, operations, marketing, and patient communication.


By accessing our Site or using our services, you consent to the data practices described in this Privacy Policy.


2. Information We Collect

We collect various types of information to provide and improve our services:

  • Personal Information: When you contact us, request a demo, or sign up for our services, we may collect personal identifiers such as your name, email address, phone number, practice name, job title, and billing information.
  • Protected Health Information (PHI): As a provider of infrastructure and patient communication tools to medical practices, we may receive, store, or process health information about patients on behalf of our healthcare provider clients. The handling of this data is strictly governed by the Health Insurance Portability and Accountability Act (HIPAA).
  • Usage and Device Data: We automatically collect certain information when you visit mrxhealth.io. This includes your IP address, browser type, operating system, pages viewed, referring URLs, and details about your interaction with our Site.


3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our platform and services.
  • To facilitate revenue cycle management, patient communications, and medical practice operations for our clients.
  • To process transactions and send related administrative information, including billing and confirmations.
  • To respond to your inquiries, customer service requests, and provide technical support.
  • To analyze Site usage, track trends, and improve our website's functionality and user experience.
  • To send promotional and marketing communications (you may opt-out at any time).
  • To comply with legal obligations and enforce our terms of service.


4. HIPAA and Protected Health Information (PHI)

MRX.io acts as a "Business Associate" to healthcare providers ("Covered Entities") under HIPAA. When we collect, use, or disclose PHI on behalf of our clients, we do so in strict accordance with a legally binding Business Associate Agreement (BAA). We employ administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of all PHI we process.

If you are a patient of a medical practice that uses MRX.io, your healthcare provider’s Notice of Privacy Practices applies to your health information.


5. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: We may share data with trusted third-party vendors who perform services on our behalf (e.g., payment processing, cloud hosting, data analytics, and marketing). These providers are contractually obligated to protect your data.
  • Legal Compliance: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such action is necessary to protect the rights, property, or safety of MRX.io, our clients, or the public.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets involving Shuayto Inc. or MRX.io, your information may be transferred as part of the business assets.


6. Data Security

We take data security seriously, especially given the healthcare-oriented nature of our business. We implement industry-standard encryption, firewalls, secure socket layer (SSL) technology, and access controls to protect your data from unauthorized access, alteration, disclosure, or destruction. However, no internet transmission or electronic storage system is 100% secure, and we cannot guarantee absolute security.


7. Cookies and Tracking Technologies

mrxhealth.io uses cookies, web beacons, and similar tracking technologies to enhance user experience, remember your preferences, and analyze site traffic. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, some portions of our Site may not function properly.


8. Your Data Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • The right to access the personal data we hold about you.
  • The right to request the correction of inaccurate data.
  • The right to request the deletion of your personal data.
  • The right to opt-out of marketing communications at any time by clicking the "unsubscribe" link in our emails.


Note: If you are a patient seeking access to or deletion of your medical records/PHI, you must contact your healthcare provider directly.


9. Children's Privacy

Our Site and services are designed for businesses and healthcare professionals. We do not knowingly collect personal information directly from children under the age of 18. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that data.


10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a revised "Effective Date." We encourage you to review this policy periodically.


11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: mrxhealth.io