Medistill
PricingPlans for individuals and teams
CompareSee how Medistill stacks up
How ToGuides and walkthroughs
Schedule a Demo30-minute live walkthrough
M&A Due DiligenceFor PE, corp dev, and M&A advisors
Legal & Medical MalpracticeLitigation support and provider due diligence
Staffing & Locum TenensWorkforce data and credential checks
Compliance & CredentialingScreening, exclusions, and provider verification
Pharma & Life SciencesDrug data, clinical trials, and FDA intelligence
Health Systems & HospitalsFacility benchmarks and quality metrics
Insurance & PayersClaims, enrollment, and cost transparency
Medical DevicesDevice recalls, approvals, and tracking
Benefits BrokersForm 5500 teardowns and prospect packets
Provider IntelligenceFull physician dossier in one query
Direct Pharmacy ContractingPBM prospecting and Cost Plus savings models
NPI LookupFree provider verification tool
Med-Mal Caps & SOLFree state-by-state damage cap + SOL lookup
Drug Launch ScannerProfile any drug across both benefit sides
ResearchOriginal analyses on healthcare data
BlogInsights and updates
SupportGet help from our team
AboutOur mission and team
ContactReach out to us
Get StartedConnect to ClaudeSign In

Privacy Policy

Last updated: April 20, 2026

1. Who we are

Medistill is a product of Hub132 LLC, a company registered in the United States. When we say “Medistill,” “we,” “us,” or “our,” we mean Hub132 LLC operating the Medistill platform at medistill.ai.

Medistill is intended for use by businesses located in the United States. We do not market or offer the service to users outside the United States, and the platform is not configured to comply with the privacy laws of other jurisdictions. If you access the service from outside the United States, you do so at your own initiative and are responsible for compliance with local law.

2. Information we collect

Account information. When you sign up, we collect your name, work email address, organization name, and a password. We require a work email, free email providers (Gmail, Yahoo, etc.) are not accepted.

Payment information. We use Stripe to process payments. Your card number, expiration date, and CVC are sent directly to Stripe and never touch our servers. We receive only a card brand, last four digits, and a token from Stripe.

Usage data. We log API requests including the endpoint called, HTTP method, response status, response time, and your IP address. We use this data to monitor service health, debug errors, and prevent abuse.

We do not collect protected health information (PHI), patient data, Social Security numbers, or any data regulated under HIPAA from our users. The healthcare datasets available through Medistill are publicly released by government agencies (CMS, FDA, CDC, and others).

3. How we use your information

We use the information we collect to:

  • Provide, maintain, and improve the Medistill platform
  • Process payments and manage your subscription
  • Send transactional emails (account verification, password resets, billing receipts)
  • Monitor for abuse, enforce rate limits, and maintain platform security
  • Respond to support requests

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Third-party services

We use the following third-party services to operate Medistill:

  • Stripe, payment processing. Stripe's privacy policy applies to all payment data.
  • Resend, transactional email delivery (verification, password reset, billing emails).
  • Anthropic (Claude), AI model provider. Queries you send through the MCP connector are processed by the Anthropic API. Anthropic does not train its models on API traffic, and inputs are retained for up to 30 days for abuse monitoring before deletion.
  • Google Analytics, website usage analytics (page views, traffic sources, aggregate device and region information). We do not send user names, email addresses, or account identifiers to Google.

We also rely on U.S.-based cloud infrastructure providers for application hosting, object storage, and server hosting. We do not disclose specific infrastructure vendors publicly for security reasons. Enterprise customers executing a Data Processing Addendum receive the complete subprocessor list on request.

We do not use advertising networks or third-party cookies for marketing purposes.

Medistill is operated from the United States and all of our service providers process data in the United States.

5. Cookies and local storage

We use a small number of first-party cookies set by Google Analytics to measure aggregate website traffic (for example, _ga and _ga_<id>). These cookies do not carry your name, email address, or account identifier. We do not use third-party advertising cookies, retargeting pixels, or cross-site trackers.

We store authentication tokens (JWT) in your browser's local storage to keep you signed in. These tokens are not shared with any third party and are removed when you sign out.

6. Data retention

We retain your account information for as long as your account is active. Usage logs are retained for up to 90 days for debugging and security purposes. If you cancel your account, we delete your personal data within 30 days, except where we are required by law to retain it (e.g., billing records for tax compliance).

7. Data security

Medistill operates exclusively on government regulatory data and licensed sources that contain no protected health information. PHI is not collected, stored, or processed, and HIPAA does not apply to our platform.

Passwords are hashed using bcrypt and never stored in plain text. All data in transit is encrypted via TLS. Data at rest is encrypted on our hosting infrastructure. Database access is restricted to authenticated services only. We enforce single-device sessions, signing in on a new device invalidates previous sessions. Role-based access controls restrict administrative functions to authorized personnel.

8. Your rights

You can:

  • Access your data by visiting your account page
  • Update your email or password from your account settings
  • Delete your account by contacting us at [email protected]
  • Export your data by requesting it at [email protected]

California residents. If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, gives you the right to (i) know the categories and specific pieces of personal information we have collected about you, (ii) request deletion of your personal information, (iii) request correction of inaccurate personal information, and (iv) opt out of the “sale” or “sharing” of your personal information. We do not sell personal information in exchange for money. Our use of Google Analytics may qualify as “sharing” for cross-context behavioral advertising under the CPRA even though we do not run advertising; to opt out, email [email protected] with the subject line “CCPA Opt-Out,” or use a browser-level Global Privacy Control signal, which we honor. We will not discriminate against you for exercising any of these rights.

To exercise any right above, email [email protected] from the address on your account. We respond within 45 days.

9. Children

Medistill is a business-to-business platform and is not directed at individuals under 18. We do not knowingly collect information from children.

10. Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website. Your continued use of Medistill after any changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this privacy policy or how we handle your data, contact us at [email protected].