Public Privacy Policy

Last updated: 2026-05-31

About this policy

A-PAX Imaging, Inc. (“A-PAX”) operates apaximaging.com and pacs.apaximaging.com and provides the A-PAX Imaging Platform — a hosted medical imaging storage, routing, and viewing service. This public Privacy Policy describes the information A-PAX collects from visitors to the public websites and how that information is used.

Patient health information (PHI) handled by the platform on behalf of customer organizations is governed by the Business Associate Agreement (BAA) entered into between A-PAX and each customer organization, not by this Privacy Policy. Detailed customer-side terms are presented at onboarding and remain available to that organization’s administrators after sign-in at /app/settings/legal/.

What we collect on the public websites

Visit telemetry: anonymous information about pages viewed, time on page, referrer, and standard browser metadata (language, timezone, screen size, country/region inferred from your IP). This telemetry is used to understand how the public site is used and to improve content.

Inquiry submissions: if you submit the “Interested in A-PAX?” form, A-PAX collects the name, email address, organization name, geographic location, description of PACS needs, and budget range you provide, together with the submitting IP address and browser user agent. This information is used solely to evaluate and respond to your inquiry.

Cookies and similar storage: A-PAX uses a small number of first-party cookies and browser-storage values strictly to operate the public site (for example, an anonymous visitor identifier used to deduplicate visit telemetry) and to maintain authenticated sessions on the platform sign-in surface. A-PAX does not use third-party advertising cookies on the public websites.

What we do not collect on the public websites

The public apaximaging.com and pacs.apaximaging.com surfaces do not collect patient health information, medical images, or other protected health information. PHI is only processed inside the authenticated A-PAX Imaging Platform on behalf of customer organizations, and is governed by the BAA and Services Agreement entered into with each customer.

How we use the information we collect

A-PAX uses the information collected on the public websites to:

respond to inquiries submitted through the public interest form;
understand aggregate usage of the public website and improve its content;
protect the websites and the platform from abuse, fraud, and unauthorized access;
comply with legal obligations applicable to A-PAX.

How we share information

A-PAX does not sell information collected from public website visitors. A-PAX may share information:

with service providers and infrastructure operators (such as our hosting providers and the captcha verification service Cloudflare Turnstile) that process information on A-PAX’s behalf under appropriate confidentiality obligations;
when required by law, court order, or other valid legal process;
in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to standard confidentiality protections.

How we protect information

A-PAX uses encryption in transit (TLS) for the public websites and the platform. Inquiry submissions and visit telemetry are stored inside A-PAX infrastructure protected by access controls, audit logging, and the same security posture used for the A-PAX Imaging Platform. Information collected on the public surfaces is retained only as long as needed for the purposes described above.

Captcha verification

The public inquiry form uses Cloudflare Turnstile to verify that submissions are not automated. Cloudflare may collect device-level signals to perform this check. Cloudflare’s own privacy practices apply to that interaction.

Your choices

You can decline to submit an inquiry through the public form. Browser settings can be used to limit cookies or browser storage, though doing so may affect the operation of the websites.

If you have submitted an inquiry and would like A-PAX to delete that submission, send us a message from the email address you used to submit, and A-PAX will delete the submission within a reasonable period unless retention is required by law.

PHI requests

Requests regarding patient health information held in the A-PAX Imaging Platform on behalf of a customer organization should be directed to that customer organization, which is the HIPAA-covered entity responsible for the PHI. A-PAX, acting as a Business Associate, will support customer organizations in responding to such requests as required by the applicable BAA.

Changes to this policy

A-PAX may update this Privacy Policy from time to time. The “Last updated” date above reflects the most recent revision. Material changes will be reflected on this page.

Contact

Privacy questions about the public websites can be sent through our contact form.

Customer-specific terms

Authorized Users of a customer organization or dealer can review the detailed Services Agreement, Business Associate Agreement, and any organization-specific Order Form terms after signing in, at /app/settings/legal/.