Legal

Privacy Policy

Effective date: April 22, 2026

AgenticMD LLC ("AgenticMD," "we," "our," or "us") operates an AI-assisted SMS clinical-communication service that pairs primary-care physicians with their established patients. This Privacy Policy explains what information we collect, how we use it, how we protect it, and the choices you have.

AgenticMD is designed to handle protected health information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA"). Our subprocessors operate under Business Associate Agreements ("BAAs").

1. Information we collect

When you enroll in AgenticMD through your physician's practice or our online consent page, and when you use the service, we collect:

2. How we use your information

3. SMS and text messaging

Mobile opt-in data is never shared for marketing. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other categories exclude text-messaging originator opt-in data and consent; this information will not be shared with any third parties.

By opting in, you agree to receive SMS messages from AgenticMD related to your care with your physician. Message frequency varies based on your clinical needs and your physician's outreach. Message and data rates may apply per your mobile carrier.

You may opt out of SMS at any time by replying STOP to any message. You may request help by replying HELP. Opt-out is effective immediately; re-enrollment requires replying START or completing the consent page again.

4. Service providers and subprocessors

We share information with the following service providers, each under a HIPAA Business Associate Agreement, strictly as needed to deliver the service:

We do not sell your information. We do not share it with advertisers. We do not use your information for any purpose unrelated to your care.

5. Protected health information

AgenticMD acts as a business associate of your physician's practice for purposes of HIPAA. Your PHI is handled pursuant to the Notice of Privacy Practices provided by that practice, which governs how your PHI is used and disclosed for treatment, payment, and healthcare operations. SMS communication of PHI occurs only after you have provided explicit written authorization during enrollment.

6. Data retention

Consent records are retained for a minimum of six years following your last interaction, consistent with HIPAA. Clinical records retrieved from Epic remain in Epic; AgenticMD retains copies only as required for audit. You may request deletion of your non-clinical account data by contacting us; clinical records governed by HIPAA are retained per your physician's record-retention policy.

7. Security

All traffic between your device, AgenticMD, and our service providers is encrypted in transit using TLS. PHI at rest is encrypted. Access is controlled by role-based permissions. All actions — authentications, messages, physician approvals — are recorded in an immutable audit log with hashed identifiers.

8. Your rights

You have the right to:

9. Children

AgenticMD is not directed to children under 13 and we do not knowingly collect personal information from children under 13. Adolescent patients who are enrolled by a parent or guardian are treated under the enrolling adult's authorization and applicable state law.

10. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be posted at agenticmd.io/privacy with an updated effective date and, where required, communicated to you by SMS or email.

11. Contact us

Questions about this policy or your information may be directed to:

AgenticMD LLC
Attn: Privacy Officer
[Registered Business Address — to be filled in]
Email: privacy@agenticmd.io