Skip to main content
Back to Home

Privacy Policy.

Last Updated: April 12, 2026

1. Introduction

Paxera Health, Inc. ("Paxera Health," "we," "us," or "our"), located in Denton, TX, operates an AI-native kidney exchange and transplant matching platform designed to serve medical practitioners, transplant centers, and organ procurement organizations (OPOs). This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our website (www.paxera-health.com) and our platform services (collectively, the "Services").

Because our Services may involve protected health information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA), we take privacy and data security with the utmost seriousness. This policy should be read together with any applicable Business Associate Agreement (BAA) executed between Paxera Health and your covered entity or business associate.

If you do not agree with the terms of this Privacy Policy, please discontinue use of our Services.

2. Information We Collect

2.1 Information You Provide Directly

  • Contact information: Name, email address, phone number, job title, institution or hospital affiliation.
  • Account credentials: Username, password, and authentication information.
  • Professional information: Medical license numbers, NPI numbers, specialty, and institutional credentials where required for platform access.
  • Communications: Messages, inquiries, and feedback you send to us via email or contact forms.

2.2 Protected Health Information (PHI)

When you use our platform in a clinical or institutional capacity, we may process PHI related to kidney patients and donors, including but not limited to:

  • Patient and donor demographic information
  • Medical history and compatibility data
  • Lab results and clinical assessments relevant to kidney matching
  • Transplant and preservation chain records

All PHI is processed in accordance with HIPAA and applicable state privacy laws, and only pursuant to a valid Business Associate Agreement with your covered entity.

2.3 Automatically Collected Information

When you visit our website or use our platform, we may automatically collect:

  • Usage data: Pages visited, features accessed, session duration, click patterns, and platform interactions.
  • Device and technical data: IP address, browser type and version, operating system, device identifiers, and referring URLs.
  • Cookies and similar technologies: See Section 7 (Cookies) for details.

2.4 Information from Third Parties

We may receive information about you from partner institutions, referral programs, or publicly available professional directories to verify credentials or facilitate onboarding.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and improving the Services: Operating the platform, facilitating kidney exchange matching, maintaining data integrity across the transplantation supply chain, and improving our AI/ML models.
  • Account management: Creating and managing your account, verifying your professional credentials, and providing customer support.
  • Clinical operations: Supporting transplant coordinators, nephrologists, and OPOs in identifying compatible kidney matches and tracking organ preservation logistics.
  • Communications: Sending service-related notices, updates, security alerts, and responding to your inquiries.
  • Research and development: Using de-identified or aggregated data to improve our deep learning matching algorithms and publish research that advances the field of transplantation.
  • Legal compliance: Complying with applicable laws, regulations (including HIPAA), court orders, and law enforcement requests.
  • Safety and fraud prevention: Detecting and preventing unauthorized access, fraud, and misuse of the platform.

We do not sell your personal information or PHI to third parties. We do not use PHI for advertising or marketing purposes.

4. Legal Bases for Processing

Where privacy laws require a legal basis for processing, we rely on:

  • Performance of a contract: Processing necessary to deliver the Services you have requested.
  • Legal obligation: Processing required to comply with HIPAA, applicable state laws, and other legal requirements.
  • Legitimate interests: Processing for fraud prevention, platform security, and product improvement, where these interests are not overridden by your rights.
  • Consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

5. How We Share Your Information

5.1 Service Providers

We engage trusted third-party vendors (e.g., cloud hosting, security, analytics) who process data on our behalf under confidentiality agreements and, where applicable, BAAs. Current infrastructure partners include Amazon Web Services (AWS).

5.2 Clinical and Institutional Partners

With your authorization and pursuant to applicable BAAs, we may share data with transplant centers, OPOs, UNOS/OPTN, and other clinical entities as necessary to facilitate organ matching and transplantation logistics.

5.3 Research Collaborators

We may share de-identified, aggregated data with academic and research partners (such as affiliated universities or medical schools) for research purposes that advance kidney transplantation outcomes. No PHI is shared in identifiable form without explicit authorization.

5.4 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government investigation, or when we believe disclosure is necessary to protect the rights, property, or safety of Paxera Health, our users, or the public.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections described in this policy.

6. Data Retention

We retain personal information and platform data for as long as necessary to fulfill the purposes described in this policy, maintain your account, comply with legal obligations (including HIPAA's minimum retention requirements), resolve disputes, and enforce our agreements.

PHI is retained in accordance with the terms of the applicable BAA and applicable federal and state law. Upon termination of a BAA or clinical relationship, PHI is returned or destroyed as required by HIPAA.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality and understand usage patterns. These may include:

  • Essential cookies: Required for the website and platform to function (e.g., authentication sessions).
  • Analytics cookies: Help us understand how visitors interact with our site (e.g., page views, session length). We use this information in aggregate to improve our Services.
  • Preference cookies: Remember your settings and preferences.

You may control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services. We do not currently respond to "Do Not Track" browser signals.

8. Security

We implement industry-standard administrative, technical, and physical safeguards to protect your information, including:

  • Encryption of data in transit (TLS) and at rest
  • Role-based access controls and multi-factor authentication
  • Regular security assessments and vulnerability monitoring
  • HIPAA-compliant data infrastructure on AWS

No system is completely secure. In the event of a data breach affecting PHI, we will notify affected parties and relevant authorities as required by HIPAA's Breach Notification Rule and applicable state law.

9. Your Rights and Choices

Depending on your jurisdiction and the nature of your relationship with us, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your personal information (subject to legal retention obligations)
  • Restrict or object to certain processing activities
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent where processing is based on consent

For rights related to PHI as a patient or donor, please contact the covered entity (e.g., your hospital or transplant center) that is responsible for your medical records. We act as a Business Associate and can only fulfill PHI rights requests through or in coordination with the applicable covered entity.

To exercise any of the rights above, contact us at: contact@paxera-health.com

10. Children's Privacy

Our Services are intended for licensed medical professionals and institutional users. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such information, we will delete it promptly.

11. Third-Party Links

Our website may contain links to third-party websites or resources. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify registered users via email or platform notification. Your continued use of the Services after any changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact us at:

Paxera Health, Inc.
Denton, TX
Email: contact@paxera-health.com
Website: www.paxera-health.com