DATA PRIVACY & SECURITY

Compliance Summary

Cedaron maintains a SOC 2 Type II attestation and follows industry-recognized security practices. Cedaron is compliant with data privacy and security provisions, including:

  • HIPAA (Health Insurance Portability and Accountability Act)
  • GDPR (General Data Protection Regulation)
  • DPF (Data Privacy Framework program)

Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information. The following outlines our privacy policy.

  • Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
  • We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.
  • We will only retain personal information as long as necessary for the fulfillment of those purposes.
  • We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
  • Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
  • We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
  • We will make readily available to users information about our policies and practices relating to the management of personal information.
  • This site uses cookies to improve your browsing experience. By continuing to browse the site, you are agreeing to our use of cookies.

We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.

Terms & Conditions of Use

By accessing this web site, you are agreeing to be bound by these web site Terms and Conditions of Use, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this web site are protected by applicable copyright and trademark law.

1. Use License

Permission is granted to temporarily download one copy of the materials (information or software) on Cedaron Medical’s web site for personal, non-commercial transitory viewing only.

This is the grant of a license, not a transfer of title, and under this license, you may not:

  • modify or copy the materials;
  • use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
  • attempt to decompile or reverse engineer any software contained on Cedaron Medical’s web site;
  • remove any copyright or other proprietary notations from the materials; or
  • transfer the materials to another person or “mirror” the materials on any other server.

This license shall automatically terminate if you violate any of these restrictions and may be terminated by Cedaron Medical at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.

2. Limitations

In no event shall Cedaron Medical or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption,) arising out of the use or inability to use the materials on Cedaron Medical’s Internet site, even if Cedaron Medical or a Cedaron Medical authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

3. Revisions and Errata

The materials appearing on Cedaron Medical’s web site could include technical, typographical, or photographic errors. Cedaron Medical does not warrant that any of the materials on its web site are accurate, complete, or current. Cedaron Medical may make changes to the materials contained on its web site at any time without notice. Cedaron Medical does not, however, make any commitment to update the materials.

4. Links

Cedaron Medical has not reviewed all of the sites linked to its Internet web site and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by Cedaron Medical of the site. Use of any such linked web site is at the user’s own risk.

5. Site Terms of Use Modifications

Cedaron Medical may revise these terms of use for its web site at any time without notice. By using this web site you are agreeing to be bound by the then current version of these Terms and Conditions of Use.

6. Governing Law

Any claim relating to Cedaron Medical’s web site shall be governed by the laws of the State of California without regard to its conflict of law provisions.

General Terms and Conditions applicable to Use of a Web Site.

Any claim relating to this web site shall be governed by the laws of California without regard to its conflict of law provisions.

Privacy Policy – Cedaron Medical Inc.

Last Updated: 12/26/2025

Cedaron Medical Inc. (“Cedaron,” “Company,” “we,” “us,” or “our”) develops and provides software-as-a-service (“SaaS”) products for business customers, including customers operating in the healthcare sector. We are committed to protecting personal data and complying with applicable privacy and data protection laws.

This Privacy Policy explains how we collect, use, disclose, and protect personal data, including personal data transferred from the European Union (“EU”), the United Kingdom (“UK”), and Switzerland to the United States in reliance on the EU–U.S. Data Privacy Framework (“EU–U.S. DPF”), the UK Extension to the EU–U.S. DPF, and the Swiss–U.S. Data Privacy Framework (“Swiss–U.S. DPF”).

1. Scope of This Privacy Policy

This Privacy Policy applies to personal data Cedaron processes as a data controller (e.g., business contacts and website visitors) and as a data processor on behalf of customers through our SaaS products. Where Cedaron processes data on behalf of customers, including Protected Health Information (“PHI”), such processing is governed by customer instructions, applicable Data Processing Agreements, Business Associate Agreements, and law.

2. Data Privacy Framework Notice

Cedaron complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Cedaron has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Cedaron has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

3. Categories of Personal Data

Cedaron may process identifiers, contact details, professional information, account data, device and usage data, communications, and Customer Data, which may include PHI when provided by customers.

4. HIPAA and PHI Processing

Cedaron acts as a Business Associate under HIPAA where applicable and processes PHI only as permitted by applicable Business Associate Agreements and law. Cedaron implements safeguards consistent with the HIPAA Security Rule.

5. Purposes of Processing

Cedaron processes personal data to provide and operate its services, support customers, manage accounts, ensure security and compliance, and improve its offerings.

6. Choice and Consent

Cedaron provides individuals the opportunity to opt out of disclosures to third parties or uses for materially different purposes, where applicable. Affirmative express consent is obtained for sensitive personal data where required.

7. Onward Transfers and Accountability

Cedaron may transfer personal data to subprocessors and service providers under contracts requiring the same level of protection as the DPF Principles. Cedaron remains liable under the DPF unless it proves it is not responsible for the event giving rise to damage.

8. Data Security

Cedaron maintains reasonable administrative, technical, and physical safeguards designed to protect personal data from unauthorized access or disclosure.

9. Data Integrity and Retention

Cedaron limits personal data to what is relevant and retains it only as long as necessary for lawful purposes.

10. Individual Rights

Individuals may request access, correction, or deletion of personal data by contacting privacy (at) cedaron.com. Cedaron will respond within a reasonable timeframe.

11. Independent Recourse Mechanism

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Cedaron commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

12. Binding Arbitration

Under certain conditions, individuals may invoke binding arbitration pursuant to Annex I of the DPF Principles.

13. U.S. Government Access

Cedaron may disclose personal data in response to lawful requests by U.S. public authorities.

14. Regulatory Oversight

Cedaron is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission (FTC).

15. Children’s Data

Cedaron’s services are not directed to children under 16.

16. Changes to this Privacy Policy

Cedaron may update this Privacy Policy periodically.

17. Contact Information

Cedaron Medical, Inc.
Email: privacy (at) cedaron.com
Address: 1644 Da Vinci Court, Davis, CA 95618

How Can We Help?

CardiacCare+ AI data abstraction
Una Vita Perinatal Database
CONNECT rehab EMR
ImpairmentCare workers’ comp
CENTO Analytics & CENTO AI
Request a Demo

About
Careers & Culture
News & Events

Privacy Policy & Site Terms

Certified EHR Technology | CMS

1990 — From NASA to You: Celebrating 36 Years of Innovation — 2026

Let’s Connect

info@cedaron.com

800.424.1007 or 530.758.7007

1644 Da Vinci Court
Davis, CA 95618

P.O. Box 2100
Davis, CA 95617