Privacy Policy

Last Updated: 21 November, 2025

This Privacy Policy explains how Medis Media Pty Ltd (“Medis Media,” “we,” “our,” “us”) collects, uses, stores, and protects information across all products and services, including 3D Organon, 3D Organon XR, Examverse, Medverse, and related modules and platforms. By using our Services, you agree to the practices described in this policy.

1. Company Details

This policy applies to Medis Media Pty Ltd, headquartered in Australia, with branch offices in the United States and the European Union. It governs all associated brands and services.
For any privacy-related inquiries, you may contact us at [email protected].

2. Definitions

Throughout this Privacy Policy, terms such as “Company,” “we,” or “our” refer to Medis Media and all affiliated branches. “Services” covers all software applications, platforms, XR/VR modules, websites, and cloud tools we provide. “Personal Data” refers to any data that can identify an individual, whereas “PHI” signifies protected health information subject to HIPAA or similar laws. “DICOM data” describes CT or MRI imaging files that may contain identifiers before processing. “De-identified data” refers to data that cannot be linked back to any individual. “User” refers to any individual, educator, institution, or professional using our Services. Terms such as “Device Sync Data” and “Anonymized 3D Model” describe data types used to support secure cross-device synchronization and medical imaging workflows.

3. How We Use and Disclose Information

We collect and retain only the minimal information required to operate and authenticate our Services. Account and licensing systems store basic login credentials and subscription metadata needed for user authentication and entitlement; these systems do not store sensitive personal data, or PHI.

Certain exam-related information may be stored on our servers when institutions use Examverse. All such materials—including exam questions, cases, OSCE stations, evaluation criteria, submissions, and results—are encrypted end-to-end. Medis Media cannot decrypt or view any exam content or student information. Institutions retain full control of their encrypted data and determine access rights for their faculty and staff.

Our medical imaging workflows are designed to protect patient privacy at every stage. DICOM files are processed exclusively on the user’s device, where all patient identifiers are automatically removed upon import. The system generates only an anonymized 3D reconstruction of the imaging data. No identifiable DICOM files or patient information ever leave the user’s local environment. Users may store anonymized models on their device or sync them across their own devices if they choose to use optional cloud synchronization features.

We do not collect or store student personal information, PHI, patient identifiers, raw DICOM files, identifiable exam records, or institution-owned educational or clinical content.

We may share limited operational metadata with trusted third-party service providers—such as hosting providers or authentication services—to support the delivery and maintenance of our Services. These providers operate under strict confidentiality and data protection agreements. We do not share exam data, DICOM content, PHI, or student information with any external parties. We may use anonymized or aggregated usage information for analytics, product improvement, or service optimization.

4. International Data Transfers

Our systems operate through secure data centers located in the United States and the European Union. As a result, users outside those regions may have certain operational data transferred internationally in order to enable login, licensing, optional cloud sync, and general service functionality. Only minimal operational data—such as account credentials, encrypted licensing metadata, encrypted exam blobs (which we cannot decrypt), or anonymized 3D models for device sync—is transmitted.

Sensitive information such as patient identifiers, raw DICOM data, PHI, student personal data, and identifiable exam results is never transmitted internationally, never stored on our servers, and remains entirely within the user’s institution or local device.

All international data transfers occur over encrypted channels, comply with GDPR requirements, and are protected by strong technical and contractual safeguards. These measures ensure that sensitive or identifiable information is never exposed beyond the user’s jurisdiction.

5. Data Security

We employ industry-standard security practices, including encryption in transit and at rest, role-based access control, multi-factor authentication for privileged accounts, secure development workflows, continuous monitoring, and internal security reviews.

All DICOM processing occurs locally, and only de-identified 3D models are produced. Exam materials and results are stored in fully encrypted form on our secure servers, and Medis Media does not have the ability to decrypt or view this data. Institutions maintain control of encryption keys and access rights.

6. Data Retention

We retain only the minimal operational information needed to maintain accounts and licensing services. We do not retain patient data, PHI, student information, raw DICOM files, exam results, or institutional content. When operational data is no longer required, it is securely deleted or irreversibly anonymized.

7. Children’s Privacy

Our Services are not designed for children under the age of 13, and we do not knowingly collect data from individuals in this age group.

8. Cookies and Tracking Technologies

Our website uses cookies to support basic analytics and improve performance. Our applications—including XR apps, desktop software, tablet interfaces, mobile apps, touchscreens, and web modules—do not use tracking cookies.

9. Google Analytics (Website Only)

We use Google Analytics to collect anonymized statistical information about website usage. Users may disable cookies or use the Google Analytics opt-out browser add-on.

10. Marketing Communications

With your consent, we may send updates, announcements, or product-related communications. You may unsubscribe at any time. We do not share marketing information with external parties without explicit permission.

11. Your Rights

Depending on applicable law, you may have rights to access, correct, delete, restrict, or object to the processing of your data, as well as the right to withdraw consent or request data portability. Verification of identity may be required before we can process such requests.

12. GDPR Compliance

Residents of the European Economic Area are protected by the GDPR. We process personal data based on lawful bases such as consent, contractual necessity, legitimate interests, or legal obligations. You may contact your local data protection authority if you believe your rights under GDPR have been infringed.

13. CAN-SPAM Compliance

Our marketing communications comply with the CAN-SPAM Act. Emails will include our business address and a clear option to unsubscribe. We do not use misleading subject lines or deceptive sender information.

14. Links to Third-Party Sites

Our Services may contain links to external websites. We are not responsible for the privacy practices of those entities, and we encourage users to review their policies before providing any information.

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our Services, legal requirements, or business processes. When updates occur, the “Last Updated” date will be modified. Significant changes may be communicated via email, our website, or in-app notices. Continued use of the Services following such changes constitutes acceptance of the revised policy.