Empowering People Through Privacy

Last updated: August 18, 2025

Mena Health was born from a simple belief: healthcare conversations shouldn't be forgotten the moment you leave the doctor's office. Founded by a diverse team of patients, physicians, researchers, and technologists, we're building technology that puts you at the center of your healthcare journey. We provide clinicians with tools to capture and document patient conversations, helping improve clinical documentation while ensuring patients have access to clear summaries of their care discussions. As healthcare providers, you trust us to handle these sensitive recordings and patient data with the highest level of security and privacy protection. Our platform is designed to integrate with clinical workflows while maintaining full compliance with healthcare privacy regulations and your institutional security requirements.

How Mena protects your privacy

Five core principles drive every privacy and security decision we make at Mena Health:

  1. Consent from all parties comes first. All personal health data collection and sharing requires explicit consent from both patients and clinicians. We build privacy protections directly into our platform, collecting only essential data and providing clear transparency about data sharing options.
  2. Flexibility is fundamental. Both patients and clinicians maintain the right to delete recordings or terminate participation at any time, and we ensure these processes are straightforward and immediate.
  3. Your data is not our product. We operate on a clear business model that never involves monetizing personal data. Selling identifiable health information is not part of our revenue strategy, period.
  4. Research requires de-identification. All product development and research activities use anonymized data or external datasets obtained with proper consent. Any research involving identifiable data requires separate, explicit consent from all relevant parties before proceeding.
  5. Security from day one. We apply comprehensive HIPAA security standards across all health data, treating security as a foundational requirement rather than an optional enhancement.

Frequently Asked Questions

Common questions about how we handle your data and privacy.

Coorpix AG Blegistrasse 1 6343 Rotkreuz Email: privacy@menahealth.com

Mena Health stores all data securely within Switzerland, in compliance with the Swiss Federal Act on Data Protection (FADP) and relevant healthcare regulations. We use only Swiss data centers that apply strict technical and organisational measures to protect sensitive health data. No storage or processing takes place outside Switzerland.

Your data is stored both on your device and in our cloud. You can edit your personal data at any time in your account. Updated or deleted information may temporarily remain visible in cached versions. We retain your data until your account is deleted – either directly via the settings or by emailing support@menahealth.com. Deletion is normally completed within 24 hours. Legal retention obligations or overriding protection interests may require certain data to be stored for a limited period of time.

Core service functions: We use machine learning to process your audio recordings and create medical transcripts. When you share recordings, we include your name so recipients know who sent them. Account management: We use your name, email, and phone number to manage your account, respond to your requests, and notify you about new features or important updates. Service improvement: We analyze how you use Mena to test features, ensure proper functionality, troubleshoot issues, and develop new tools. This includes using analytics data and conducting research to refine our algorithms and machine learning capabilities. Communications: We'll email you about Mena updates and partner offerings. We also send personalized promotional content about new features, events, and opportunities that match your interests. You can unsubscribe at any time. Safety and security: We use your data to protect Mena and our users from fraud, abuse, and other threats, and to comply with legal obligations.

Your data is never for sale. We're committed to protecting your privacy and go the extra mile to keep your information secure and confidential. We only share it with your consent or when required or permitted by law. We share data with trusted service providers and partners who help us operate according to our instructions and this Privacy Policy. These companies are contractually required to maintain strict confidentiality and security standards. This includes providers for customer support, cloud storage, data analysis, research, and surveys. We may disclose your information when required to comply with laws, court orders, subpoenas, or other legal processes. We may also disclose information when necessary to investigate illegal activities, prevent fraud, protect individual safety, enforce our Terms of Use or Privacy Policy, or defend against legal claims involving Mena Health.

Mena Health provides clinicians with clear tools and guidelines to obtain proper patient consent, ensuring patients understand how AI is used in their care and how their data is handled.

You have the right to: • Access the data stored about you • Correct inaccurate or incomplete data • Erase your data ("right to be forgotten") • Restrict processing • Data portability in a common format • Object to processing • Withdraw previously given consent • Lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland or a relevant EU data protection authority

We use a multi-layered security approach that combines technical, organisational, and legal safeguards. Technical security measures: • End-to-end encryption during transmission (TLS 1.3) • AES-256 encryption for data at rest • Segregated storage to keep health data separate from technical log data • Multi-layer firewall and intrusion detection systems • Continuous system monitoring (24/7 monitoring) • Regular penetration tests by independent security experts Organisational security measures: • Access only for authorised personnel on a need-to-know basis • Confidentiality and privacy commitments for all employees and partners • Regular training on IT security, data protection, and medical confidentiality • Strict onboarding and offboarding processes for all with system access Incident response and reporting processes: • Documented disaster recovery and business continuity plans • Immediate blocking of compromised accounts • Reporting of data breaches to authorities and affected individuals in accordance with FADP and, where applicable, GDPR • Proactive security updates and prompt patching of vulnerabilities Standards & certifications: • Compliance with the Swiss Federal Act on Data Protection (FADP) • Implementation of HIPAA requirements (for US compatibility) • Alignment with ISO 27001 and ISO 27701 (information security and privacy management)

If we use cookies or similar technologies, we will inform you upon your first visit to our website about their type, purpose, duration, and legal basis. You can withdraw your consent at any time and disable cookies in your browser settings.

We reserve the right to change this Privacy Policy at any time. The current version will always be available on our website. For significant changes, we will also notify you by email or in the app.