Magnus Health Product Privacy Policy

Magnus Health Product Privacy Policy

Last Updated: January 2026

We at Magnus Health are committed to protecting the information we have about you, users of our Services (as defined hereunder).  We only use that information to help our Customers (as defined hereunder) manage their medical information. We are committed to being transparent about our practices surrounding how we manage and store your information.

Our Privacy Policy below describes how we collect personal information (including your medical information), how we protect that information, and what we do with it. Although we recommend that you read the entire policy, here is a summary of its main points:

We will only use information to provide services to your school or camp.

We will not sell your data.

Our school or camp customers (our “Customers”) use Magnus Health in part because of the security measures we use to protect information. Those measures are often substantially stronger than what our Customers were previously using internally. You can find out more about our security measures on our Trust Center.

Please contact your school or camp with any questions you may have about how your information is protected and used. Our service is just a small part of how they protect and use that data.

1. What This Privacy Policy Covers

This Privacy Policy describes how we, Magnus Health, LLC, collect, use and disclose personal information that we collect and receive through our main Magnus Health service (located at  https://secure.magnushealthportal.com ), our apps for smartphones and tablets, our website www.magnus911.com (collectively, our “Service”), our Magnus Health Community website accessible at https://community.magnushealth.com/ (the “Community Site”), and our related services. The use of information collected through our service is limited to the purpose of providing the service for which our Customer has engaged Magnus Health, LLC. This Policy does not apply to the practices of companies that we do not own or control, or to people who we do not employ or manage. Similarly, this Privacy Policy does not affect any of the privacy policies, terms, and/or agreements between our Customers and their constituents.

This Privacy Policy uses the term “Personal Information” to refer to any information about a person which can be used to identify them or to distinguish them from other people. Personal Information includes information like a person’s name, address, phone number, login information to our Service, and demographic and health information.

When Personal Information relates to an individual (or their legal guardian), we refer to this as “Personal Information.” If it relates to a Customer, prospective Customer, vendor, or business partner (or any of their employees), then we refer to it as “Business Information.”

By accessing and using our Service and Community Site, you agree that you have read and understand this Product Privacy Policy and you consent to the privacy practices (and any uses and disclosures of information about you) that are described in this Product Privacy Policy. Please read carefully this Product Privacy Policy together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Information about you so that you understand how we collect, share, and protect your information. This Product Privacy Policy supplements other notices and privacy policies and is not intended to override them.

2. Personal Information We Collect

We collect the following Personal Information:

  1. Personal Information received from Customers in connection with the implementation and provision of the Service. For example, Customers provide basic personal information, manually or through integration with student information systems, in connection with the Service when they are setting up the Service for use.
  2. Personal information received from parents or guardians when they use the Service on behalf of their students. This includes age, immunization history, allergies, and other information used by Customers in connection with the Service. Note that children under age 18 may not have their own account in the Service. Instead, their accounts are administered by their parent or guardian. We do not contact children under age 18 about our Service and do not ask them for Personal Information.
  3. Information regarding individuals who maintain accounts with our Service.

Please note that our Community Site is not designed for Sensitive Information. We do not intend to collect or process Sensitive Information through the Community Site services. Please do not submit Sensitive Information in any part of the services accessible through the Community Site, including free-text fields, uploads, attachments, custom properties, tags, tickets, logs, screenshots, or screen recordings.

For this Privacy Policy, “Sensitive Information” means information that law treats as requiring extra protection, including:

  • U.S. Users: “Sensitive Information” under the CPRA and “Sensitive Data” under other state privacy laws (e.g., government IDs such as SSN, driver’s license/passport; financial account numbers with passwords/access codes; precise geolocation as defined by law; health information/genetic/biometric identifiers; race/ethnicity, religion, union membership; sexual orientation/sex life; citizenship/immigration status; contents of communications where we’re not the intended recipient; and children’s data).
  • Canadian Users: information treated as sensitive under federal and provincial law—PIPEDA (sensitivity is context-dependent, with categories like Medical/income deemed typically sensitive) and Québec’s Law 25 (personal information is “sensitive” where, due to its nature — e.g., medical/biometric — or the context, it entails a high expectation of privacy). It also includes government identifiers such as SIN and provincial health numbers and comparable identifiers.
  • All Users: this also includes government-issued identifiers; full financial account numbers with access credentials, and any other information that applicable law classifies as sensitive, or that a reasonable person would consider highly confidential.

Please avoid including Sensitive Information in emails to us, support tickets or chat. If you need help that might involve Sensitive Information, contact us at privacy@magnushealth.com so we can suggest alternatives.

If we learn that Sensitive Information was submitted in violation of this section, we may take reasonable steps to delete, redact, or restrict that data and contact the submitter to help remediate. Where deletion is not technically feasible, we will minimize further processing and apply appropriate safeguards. These actions are without prejudice to any rights you may have under applicable law (e.g., access, deletion, or restriction requests).

3. What we do with Personal Information

The Service helps schools and camps manage health care matters relating to their constituents, including students, their parents, their faculty, staff, and other related persons. We use Personal Information, such as demographic, health, and collected form information to provide the Service to our Customers and to provide support to them, which might include answering their questions and resolving their issues about individuals.

We may also provide Personal Information to emergency personnel and other healthcare professionals as described in our Service, consistent with applicable laws regarding privacy of Personal Information. These professionals may use your Personal Information to perform medical services as authorized, and to communicate with you.

We may also use Personal Information to derive aggregate information about large groups of individuals. That aggregate information might include, for example, the average age at which individuals are vaccinated against various diseases or the percentage of people who have nut allergies, but will not include any Personal Information. We may use this aggregate information for any purpose.

We use Business Information for our business purposes. We may use Business Information about Customers and prospective Customers to provide information about our products and services, other companies’ products and services and educational information. Business Information may be stored in our customer relationship management system and other systems in order to help us run our business.

4. Who We Disclose Your Information To

We may provide Personal Information to affiliates, and to companies that assist us in providing the Service, such as a hosting provider, or a customer service provider.

These companies are authorized to use Personal Information only as necessary to provide these services. If any of these providers receive Personal Information, we will ensure that they are bound to restrictions at least as protective of Personal Information as those contained in this Privacy Policy.

We may also disclose your Personal Information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us is among the assets transferred. In such event we will ensure that the acquirer adheres to substantially equivalent privacy principles as those contained in this Privacy Policy.

5. Disclosure for legal reasons

In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose Personal Information in response to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.

In addition, we may share Personal Information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.

When we make any disclosure of Personal Information described by this section, we will limit the disclosure to only the minimum amount of information which is necessary, and will attempt to ensure that any information we do disclose is kept protected by, for example, submitting it under seal, obtaining a protective order or by requiring the party to whom it is disclosed to agree to keep the information confidential.

6. When we delete Personal Information

We generally keep Personal Information for the duration required to comply with legal requirements. We will, however, hold it longer if needed to provide the Service to our Customers, if we have a legal obligation to keep it for longer, if we require it to resolve a legal dispute, and for safety, security and fraud prevention. This means that we consider our legal and business obligations, potential risks of harm, and nature of the information when deciding how long to retain Personal Information.

We may delete Business Information when we determine that it is no longer useful to us, when required by law, or in accordance with our internal data retention practices and policies.

7. Technical Information

We gather certain information about the use of our Service and Community Site automatically. This information includes internet addresses, browser types, internet service providers (ISP), referring/exit pages, operating systems, date/time information, and click-stream data. Mobile devices may record information such as how often our app is used, the events that occur within the app, aggregated usage, performance data, and where the app was downloaded from.

We and our partners, analytics provider, and online customer support provider use this information to analyze trends, to administer the Service and/or Community Site, to track users’ movements around the Service and/or Community Site and to gather overall demographic information about our user base. We do not link this automatically collected data to other Personal Information.

Visitors to our Service and Community Site can control the use of cookies at the individual browser level. Rejecting cookies may, however, limit some features or areas of the Service and/or Community Site. Our mobile apps may also use and record geolocation data to provide location-based services to users. Users may opt-out of location-based services at any time by editing the setting at the device level. This may limit some features of the app.

8. International Transfers (Canadian residents)

We largely operate in the United States (“U.S.”), and therefore, if you reside in Canada you understand and agree that your Personal Information may be transferred to, stored or processed in, the U.S. by us and our third-party hosting providers. Furthermore, you understand that U.S. law may not afford the same level of protection to personal information as those afforded in Canada. Personal Information may be transferred for the performance of a contract or as required for the implementation of pre-contractual measures taken at your request or to establish or exercise our legal rights. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of the United States may be able to obtain access to your Personal Information through the laws of the United States.

Whenever we engage a service provider, we require that its privacy and security standards adhere to this policy and applicable Canadian privacy legislation.

If you want further information on the specific mechanism used by us when transferring your Personal Information out of Canada, please contact us.

9. Access and Changes to Your Data

U.S. Residents: Your State Privacy Rights

Depending on your state of residency, you may have certain rights related to your Personal Information.

You may determine if we have any of your Personal Information and access, obtain a copy, correct, or request deletion of your Personal Information by submitting a request through our Privacy Portal. Please note that the exact scope of these rights varies by state.

Before providing you with any information or allowing you to make changes, we will need evidence of your identity. In addition, much of the Personal Information we have can be updated through the Service. We will respond to your request within a reasonable timeframe.

Note that we do not have a direct relationship with individuals. Individuals may also contact their school or camp to determine how to access or correct Personal Information, including Information that is imported into the Service from an Information System.

Canadian residents

Rights of users located in Canada are governed by the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, the Personal Information Protection Act, R.S.A. 2003, c. P-6.5, the Personal Information Protection Act, R.S.B.C. 2003, c. 63 and an Act respecting the protection of personal information in the private sector, CQLR, c. P-39.1, as amended by Law 25, An Act to modernize legislative provisions as regards the protection of personal information (as applicable based on the location of the user in Canada).

Since the adoption of Law 25, Quebec residents have enhanced rights with respect to their personal information, including: 

  • Access Rights: the right to receive confirmation of the processing of their personal information, of the nature of the information being processed, and to receive a copy of it.
  • Data Portability Right: the right, subject to certain exceptions, to ask that the processing organization communicate to them computerized personal information in a written, intelligible transcript, and any collected personal information in a structured, commonly used, technological format.
  • Rectification Right: subject to certain requirements and exceptions, the right to ask to correct the information in the processing organization’s possession is inaccurate, incomplete, or ambiguous, or if collecting, communicating, or keeping it is not authorized by law. 
  • De-indexation Right or “Right to be Forgotten”: the right to ask organizations to stop disseminating their personal information or to de-index any hyperlink attached to their name giving access to information if this dissemination causes them harm or contravenes the law or a court order.
  • Automated Decision Making: the right to be informed when they are the subject of a decision based exclusively on automated processing of their personal information. Organizations must also, on request, inform them about the personal information used to make the decision, the reasons and main factors leading to the decision, and the right to request correction of the personal information used to make the decision. They must also be given the opportunity to present their observations to a member of their staff for review of this decision. 
  • Here again, if you wish to exercise any of the above rights, please contact your school or camp directly.

10. Data Security

We maintain a comprehensive security program designed to protect Personal Information in our possession, which includes organizational, physical and technical safeguards. Certain of these measures are described on our Trust Center.

However, no website, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your Personal Information transmitted to, though, using, or in connection with the use of our Service and/or Community Site. In particular, email, texts, and chats sent to or from the Service or Community Site may not be secure, and you should carefully decide what information you send to us via such communications channels. Any transmission of Personal Information is at your own risk.

The safety and security of your information also depends on you. You are responsible for taking steps to protect your Personal Information against unauthorized use, disclosure, and access.

11. Testimonials

We display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at privacy@magnushealth.com.

12. Third-party links

We may provide links within our Service and/or Community Site to the sites or services of third parties. We are not responsible for the collection, use, monitoring, storage or sharing of any personal information by such third parties, and we encourage you to review those third parties’ privacy policies and to ask them questions about their privacy practices as they relate to you.

13. Questions about Data Privacy

If you have questions or suggestions regarding our Privacy Policy or our privacy practices, please contact us at privacy@magnushealth.com.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time by posting a new version on our Service as well as our Community Site. We will notify users of the Service about significant changes in how we treat Personal Information by sending a notice to the primary email addresses listed in their accounts or by placing a prominent notice in the Service at least 30 days before the changes become effective.