Privacy Policy

Last Updated May 2026

About This Policy: Quick Summary

What Dmand AI is: A B2B healthcare intelligence platform that compiles publicly available professional data on US healthcare professionals, facilities, and executives, and makes it searchable for HealthIT vendors and healthcare staffing firms.

What data we hold on you (if you are in our database): Professional information only — name, NPI, specialty, credentials, employer, practice address, and publicly disclosed industry payments. No patient data, no personal health information.

You can opt out at any time by visiting https://dmand.ai/legal/remove-my-information or emailing [email protected]. California residents can also opt out of data sale at https://dmand.ai/legal/do-not-sell.

By remaining in our database, HealthIT vendors and staffing companies that subscribe to Dmand AI may contact you in your professional capacity. We cannot guarantee the relevance of all outreach you may receive from our subscribers.

1. Who We Are

Launcheazy, Inc., a corporation incorporated in the State of Delaware, operates the Dmand AI platform ("Dmand AI," "we," "us," or "our") available at https://dmand.ai (the "Platform"). The Platform is a B2B healthcare intelligence service that aggregates, organizes, and provides searchable access to publicly available data Launcheazy, Inc., a corporation incorporated in the State of Delaware, operates the Dmand AI platform ("Dmand AI," "we," "us," or "our") available at https://app.dmand.ai (the "Platform"). The Platform is a B2B healthcare intelligence service that aggregates, organizes, and provides searchable access to publicly available data on healthcare professionals (HCPs), healthcare facilities (Sites of Care), and healthcare executives operating within the United States.

We operate as a data broker as defined under applicable federal and state laws. We are registered, or are in the process of registering, as a data broker in all states where such registration is currently required by law.

For all privacy-related inquiries: [email protected] | Launcheazy, Inc., 360 S Baywood Ave, San Jose, CA 95128.

2. Scope of This Policy

This Privacy Policy governs the collection, use, disclosure, and protection of information in connection with:

Visitors browsing the Dmand AI website at https://dmand.ai
Registered subscribers and organizational account holders of the Platform
Healthcare professionals, executives, and facility administrators whose professional information is compiled into our database ("Profile Subjects")

This Policy does not govern the data practices of our subscribers. If you receive outreach from a company using Dmand AI data, that company's own privacy policies and applicable law govern their contact with you.

3. Information We Collect

We collect two distinct categories of information: data about the businesses and professionals who use our Platform as subscribers, and professional profile data about healthcare professionals whose information appears in our database.

3.1 Information About Platform Subscribers

When you register for, or use, the Platform — whether under a free tier, subscription, per-seat, or pay-per-export plan — we collect:

Account information: full name, work email address, job title, employer/company name
Billing and payment information: processed by our third-party payment processor; we do not store full card numbers or banking credentials
Subscription and usage data: plan type, seats provisioned, searches conducted, profiles viewed, lists created, records exported, API calls made, credits consumed
Device and technical data: IP address, browser type and version, operating system, referring URL, session duration, clickstream data
Communications: support tickets, feedback submissions, email correspondence with our team
Export and integration records: what data was exported, to which CRM or tool, and by which user — maintained for compliance auditing

3.2 Professional Profile Data (Healthcare Professionals in Our Database)

We compile professional profile data from the sources described in Section 4. Depending on availability, a profile may include:

Identity and credentials: full name, professional degree(s), board certifications and year, fellowship designations, credential string (e.g., MD, FACC, FSCAI)
Professional identifiers: National Provider Identifier (NPI), CMS Certification Number (CCN), DEA registration status (active/inactive only — not the DEA number itself)
Practice and employment data: employer or practice name, practice address, primary specialty and subspecialty, NPPES taxonomy code, hospital admitting privileges, group practice membership, practice ownership type
Professional contact data: practice phone, fax number, professional email — only where independently available from public government sources
Clinical activity data: Medicare Part B patient volume, most-billed procedures by CPT family, Medicare and Medicaid participation status — sourced exclusively from CMS public use files
Industry financial disclosure data: payments received from pharmaceutical and medical device companies — sourced exclusively from the CMS Open Payments database (Sunshine Act mandatory disclosure)
Facility data:licensed and staffed bed count, CMS overall star rating and domain ratings, Joint Commission accreditation status, trauma center designation, teaching hospital status, Magnet nursing designation, annual discharge volume, payer mix
Technology profile data: EHR system, practice management system, revenue cycle management, and other healthcare technology platforms — sourced through proprietary research and licensed data
Executive career and education data: current title, organization, career history, educational credentials, professional certifications, board memberships, conference speaking history, professional association memberships

🚫We do not collect, process, store, or publish patient health information, medical records, clinical notes, or any data constituting Protected Health Information (PHI) under HIPAA. We do not collect biometric data. All profile data relates exclusively to healthcare professionals in their professional and business capacities.

3.3 What We Publish Publicly vs. Gate Behind Subscription

Publicly visible on profile pages: name, credentials, NPI, primary specialty, employer name and city/state, hospital affiliations, Medicare volume tier, CMS Open Payments summary, facility quality ratings.

Available to verified subscribers only: direct phone numbers, professional email addresses, technology stack details, buying intent signals, executive career network, referral patterns.

Profile Subjects may request suppression of any or all data — see Section 7.

4. Sources of Profile Data

We compile profile data from the following categories of sources. We do not use data obtained from private, non-public databases or in violation of any source website’s terms of service.

4.1 Federal Government Open Data (Primary Sources)

Source	What We Collect
NPPES NPI Registry (CMS)	Provider identifiers, specialty taxonomy, practice location, license state
CMS Open Payments	Disclosed industry financial payments to physicians and teaching hospitals (Sunshine Act)
CMS Medicare Part B PUF	Aggregated procedure volume and Medicare beneficiary counts per provider
CMS Care Compare	Facility quality star ratings, bed counts, HCAHPS scores, readmission rates
CMS Cost Reports & Provider of Services File	Facility financial, operational data, and certification type

4.2 State Government Public Records

State medical board license verification records (publicly accessible portals)
State health department facility registration and inspection records
State trauma center designation registries
State data broker registries where applicable

4.3 Accreditation and Certification Bodies (Public Records)

American Board of Medical Specialties (ABMS) — board certification status (public verification)
American Nurses Credentialing Center (ANCC) — Magnet designation (publicly listed)
The Joint Commission — facility accreditation status (publicly listed on QualityCheck.org)

4.4 Proprietary Research and Licensed Data

Publicly available information on health system, hospital, and medical practice websites
Published conference agendas and speaker listings from industry events (HIMSS, CHIME, ViVE, Becker's, etc.)
Peer-reviewed publications indexed in publicly accessible databases (PubMed/MEDLINE)
Licensed data feeds from authorized third-party healthcare data providers
User-contributed corrections and profile claims submitted voluntarily through our platform

5. How We Use Information

5.1 Platform Operations

Providing and maintaining access to the Platform across all plan tiers (free, subscription, per-seat, pay-per-export)
Processing subscription payments, per-seat billing, and credit/export transactions
User authentication, account management, and security
Delivering technical support and responding to inquiries

5.2 Platform Improvement and Product Development

Analyzing usage patterns to improve search relevance, data quality, and coverage
Developing and testing new features, data categories, and product tiers
Conducting internal analytics and market research

5.3 Communications

Transactional communications: billing receipts, subscription renewals, account alerts, password resets
Product and feature updates, release notes, and service notifications
Marketing communications about Dmand AI products and services — with opt-out available at any time
Responding to support, correction, and removal requests

5.4 Compliance, Legal, and Safety

Complying with applicable federal and state laws, including data broker registration requirements
Enforcing our Terms and Conditions and Acceptable Use Policy
Detecting, investigating, and preventing fraud, abuse, unauthorized access, and prohibited use
Responding to valid legal process, government investigations, and court orders

5.5 Legitimate Purposes for Profile Data Publication

Profile data is compiled and made available on the Platform for the following legitimate B2B business purposes:

Enabling HealthIT vendors and software companies to identify, research, and contact healthcare decision-makers for business development
Enabling healthcare staffing and recruiting firms to identify and research professional candidates and institutional clients in their professional capacities
Supporting healthcare market research, competitive intelligence, and account-based marketing
Facilitating physician referral network analysis, provider relationship management, and territory planning
Supporting healthcare technology procurement evaluation, vendor selection research, and RFP preparation

⚠️What we do not do: We do not use profile data to make determinations affecting any individual's eligibility for credit, employment, housing, insurance, or any other purpose governed by the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq. Dmand AI is not a consumer reporting agency and our data may not be used as a consumer report.

6. How We Share Information

6.1 With Verified Platform Subscribers

Professional profile data is made available to verified B2B subscribers who have agreed to our Terms and Conditions and represented that they will use data exclusively for lawful business purposes. Under California law, this sharing constitutes “sale” or “sharing” of personal information. California residents may opt out at https://dmand.ai/legal/do-not-sell.

6.2 With Service Providers (Data Processors)

We share information with carefully selected third-party service providers who process data on our behalf, including:

Cloud infrastructure and hosting providers (data stored in the United States)
Payment processors (subject to PCI-DSS compliance obligations)
Analytics and business intelligence platforms
Customer support and helpdesk software
Email delivery and marketing automation services

All service providers are bound by written data processing agreements that restrict their use of data to the services they provide to us and prohibit independent use or onward transfer.

6.3 Business Transfers

In the event of a merger, acquisition, financing, reorganization, or sale of all or a portion of our assets, information held by us may be transferred as part of that transaction. We will provide advance notice via email and prominent website posting.

6.4 Legal Disclosure

We may disclose information when required by law, court order, subpoena, regulatory request, or valid legal process, or when we have a good-faith belief that disclosure is necessary to protect our legal rights, prevent imminent harm, detect fraud, or protect the safety of any person.

6.5 What We Do Not Do

We do not sell subscriber account information or personal data of our users to third-party data brokers or marketing list companies
We do not share profile data with entities for consumer marketing, consumer solicitation, or any FCRA-governed purpose
We do not share data with foreign government entities except as required by U.S. law

7. Your Rights — Profile Subjects

If you are a healthcare professional, executive, or facility administrator whose professional information appears in our database, you have the following rights regardless of your state of residence.

🗑️ Remove or Suppress Your Profile

Request complete removal of your profile from Dmand AI. We process suppression requests within 10 business days of identity verification.

✏️ Correct Inaccurate Information

If specific data on your profile is factually incorrect, submit a correction request with supporting documentation. We verify and apply updates within 40 business days.

🚫 Opt Out of Sale (California CCPA)

California residents have the right to opt out of the sale or sharing of their personal information under the CCPA/CPRA. Exercise that right here.

🔍 Request Access to Your Data

Want to know what professional information Dmand AI holds about you? Submit a data access request and we'll send you a summary within 45 days.

🎯 Partial Data Removal

Remove specific fields (direct phone, email) without suppressing your full profile. Government-sourced identifiers cannot be removed.

📄 Read Our Privacy Policy

Learn how we collect, use, and protect data — including our full list of data sources, retention periods, and your rights under applicable law.

7.1 How to Submit a Request

Submit

Online, email, or mail

Visit https://dmand.ai/legal/remove-my-information, email [email protected], or mail our Privacy Officer, Launcheazy, Inc., 360 S Baywood Ave, San Jose, CA 95128.

Confirmation

Within 2 business days

You receive an acknowledgment email with a unique reference number.

Identity Verification

Within 5 business days

We verify your identity using your professional email and NPI number.

Action Taken

10 business days (removal) / 40 business days (corrections)

Profile suppressed, corrected, or updated. Written confirmation sent same day.

Search Engine Cache

7–30 days (outside our control)

We submit URL removal requests to Google and Bing within 2 business days of suppression.

7.2 What We Cannot Remove

Data in federal government databases (NPI Registry, CMS Open Payments, CMS Care Compare) — these are government records we have no ability to alter
CMS Open Payments records — legally mandated Sunshine Act disclosures
Official license status, board certifications, or disciplinary records — controlled by state boards and ABMS

7.3 Non-Discrimination

We will not discriminate against any person in any way for exercising the privacy rights described in this Policy.

8. Your Rights — Platform Subscribers

As a subscriber to the Platform under any plan tier, you have the following rights regarding your account data:

Access: Request a copy of the personal data associated with your account
Correction: Request correction of inaccurate account information through account settings or by contacting [email protected]
Deletion: Request deletion of your account and associated personal data, subject to legal retention obligations
Portability: Request export of your account data in a machine-readable format
Marketing opt-out: Unsubscribe from marketing communications at any time via the unsubscribe link in any email or through account settings
Downgrade or cancel: Manage your subscription tier, seat count, or export credits through your account dashboard\

To exercise these rights, contact [email protected] or use your account settings.

9. Data Retention

Data Category	Retention Period	Legal Basis
Subscriber account data	Duration of subscription + 3 years	Contract / Legal
Billing and financial records	7 years	Tax compliance
Export and API access logs	3 years	Compliance auditing
Professional profile data	Continuously refreshed from source databases	Legitimate interest
Suppressed profiles	Permanently in suppression registry	To prevent re-publication
Usage and analytics logs	24 months	Product improvement
Support and correspondence	3 years	Customer service / Legal
Legal hold data	Until hold is lifted	Legal obligation

We apply data minimization principles and delete data when it is no longer necessary for the purposes described in this Policy or required by applicable law.

10. Data Security

We implement administrative, technical, and physical security measures appropriate to the sensitivity of the data we process, including:

Encryption of all data in transit using TLS 1.2 or higher
Encryption of stored data using AES-256
Role-based access controls and least-privilege principles for internal staff
Multi-factor authentication for administrative access to production systems
Regular vulnerability assessments and penetration testing
Incident response and breach notification procedures compliant with applicable law
Written data processing agreements with all third-party service providers

📋Certification status: Dmand AI does not currently hold SOC 2 Type II, ISO 27001, or similar third-party security certifications. We implement industry-standard security practices and are pursuing formal certifications as the company scales. This section will be updated when certifications are achieved.

No system is completely secure. In the event of a data breach that triggers notification obligations under applicable law, we will notify affected parties within the timeframes required by law.

11. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. We use three types:

Strictly necessary cookies: required for Platform authentication, session management, and core functionality. Cannot be disabled without impairing service.
Analytics cookies: to understand usage patterns and improve the Platform (e.g., anonymized page view and session analytics).
Marketing and attribution cookies: to measure advertising effectiveness. Can be disabled through our cookie consent manager.

You may manage cookie preferences through your browser settings or our cookie preference center (available in the website footer). Disabling strictly necessary cookies will materially impair Platform functionality.

We do not currently respond to browser “Do Not Track” signals, as no industry standard for such signals has been established. California residents may separately opt out of the sale or sharing of their data at https://dmand.ai/legal/do-not-sell.

12. HIPAA Notice

🏥Launcheazy, Inc. is not a Covered Entity or Business Associateunder the Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R. Parts 160 and 164. The Platform does not handle Protected Health Information (PHI) relating to patients. All profile data relates exclusively to healthcare professionals in their business and professional capacities. Subscribers are strictly prohibited from uploading, entering, or processing PHI through the Platform. Dmand AI does not collect or process biometric data of any kind.

13. FCRA Notice

🚨Launcheazy, Inc. d/b/a Dmand AI is NOT a consumer reporting agency as defined by the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq. Data available through the Platform does not constitute a consumer report and may NOT be used for any FCRA-governed purpose, including: employment background screening, tenant screening, credit underwriting, insurance underwriting, or any other eligibility determination affecting a natural person. Subscribers who use Platform data for FCRA-governed purposes violate our Terms and Conditions and do so at their own legal risk.

14. Other Special Disclosures

California (CCPA / CPRA)

California residents have all rights described in this Policy under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including rights to know, delete, correct, and opt out of sale or sharing. We do not discriminate against individuals who exercise their privacy rights.

We disclose that we sell or share personal information as part of our B2B platform operations. California residents may opt out at https://dmand.ai/legal/do-not-sell or by emailing [email protected] with subject line “CCPA Opt-Out Request.”

Data broker registration: We are registered or registering as a California data broker under Civil Code § 1798.99.80 et seq. with the California Privacy Protection Agency. We respond to California rights requests within 45 days (extendable to 90 days with notice).

Vermont

Dmand AI is registered or registering as a data broker with the Vermont Secretary of State as required under 9 V.S.A. § 2430. Vermont residents may request that we stop selling their information by emailing [email protected].

Texas

Dmand AI is registered or registering as a data broker with the Texas Secretary of State as required under Texas Business & Commerce Code § 503.001 et seq. Texas residents have rights under the Texas Data Privacy and Security Act (TDPSA), including rights to access, correct, delete, and opt out of processing. To exercise Texas rights: email[email protected] with “Texas Privacy Request” in the subject.

Nevada

Nevada residents may opt out of the sale of covered information by emailing [email protected] with the subject line “Nevada Opt-Out Request.” .

Virginia, Colorado, Connecticut, Montana, Oregon, and Other States

Residents of states with comprehensive privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Montana, Oregon, and others) have rights to access, correct, delete, port, and opt out of certain processing. We honor all applicable rights under in-effect state privacy laws.

To exercise state privacy rights: email [email protected]specifying your state of residence and the right you wish to exercise. We respond within the timeframe required by your state's law. If you are unsatisfied with our response, you may appeal by replying to our decision email within 60 days, or file a complaint with your state Attorney General.

15. Children's Privacy

The Platform is a B2B service intended exclusively for use by business professionals who are at least 18 years of age. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a minor has provided us with personal information, we will delete it promptly. If you believe a minor has submitted information to us, please contact [email protected].

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the Effective Date at the top of this page
Notify registered subscribers by email at least 30 days before the effective date where practicable
Post a prominent notice on our website

Your continued use of the Platform after the effective date of a material change constitutes acceptance of the updated Policy. If you do not agree, you must stop using the Platform before the effective date and may cancel your subscription.

Version history: This is the initial publication of the Dmand AI Privacy Policy, effective May 1, 2026.

17. Questions and Complaints

For privacy requests, corrections, removals, opt-outs, and complaints:

Privacy Officer, Launcheazy, Inc. d/b/a Dmand AI

Email[email protected]

Online portalhttps://dmand.ai/legal/privacy-center

MailPrivacy Officer, Launcheazy, Inc., 360 S Baywood Ave, San Jose, CA 95128

CCPAhttps://dmand.ai/legal/do-not-sell

Get Startedhttps://app.dmand.ai/signup

Book a Demohttps://dmand.ai/legal/privacy-center

If you believe your privacy rights have been violated and we have not resolved your complaint, you may file a complaint with your state Attorney General or applicable data protection authority.

Google API Disclosure

Dmand’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.