Skip to main content

Privacy Policy

Last updated: April 10, 2026

1. Introduction

DiMana Systems, LLC ("EMS1R," "we," "us," or "our") operates the EMS1R platform, a cloud-based Emergency Medical Services operations platform. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website ems1r.us or use our platform services.

EMS1R is designed to comply with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH"), and applicable state privacy laws including the California Consumer Privacy Act ("CCPA/CPRA").

2. Information We Collect

2.1 Information You Provide

  • Contact information (name, email, phone, company name)
  • Account credentials and profile information
  • Billing and payment information
  • Communications with our support team
  • Form submissions and demo requests

2.2 Protected Health Information (PHI)

In the course of providing our platform services, our customers may transmit Protected Health Information as defined under HIPAA. EMS1R acts as a Business Associate under HIPAA and processes PHI only as directed by our customers (Covered Entities) pursuant to a Business Associate Agreement (BAA).

2.3 Automatically Collected Information

  • Device information (browser type, operating system)
  • IP address and approximate location
  • Usage data and interaction patterns
  • Cookies and similar tracking technologies

3. How We Use Your Information

  • Provide, maintain, and improve our EMS operations platform
  • Process dispatch, ePCR, fleet management, and scheduling operations
  • Facilitate NEMSIS-compliant data submissions to state agencies
  • Send operational alerts, notifications, and communications via email, SMS, and internal messaging
  • Respond to inquiries and provide customer support
  • Ensure platform security and prevent unauthorized access
  • Comply with legal obligations and regulatory requirements
  • Generate de-identified, aggregated analytics for platform improvement

4. HIPAA Compliance

EMS1R operates as a Business Associate under HIPAA. We maintain the following safeguards:

  • Administrative Safeguards: Workforce training, access management policies, incident response procedures
  • Physical Safeguards: Secure data center facilities with restricted access
  • Technical Safeguards: AES-256 encryption at rest and in transit, role-based access controls, multi-factor authentication, complete audit trails
  • Row-Level Security (RLS): Agency-level data isolation ensuring each customer can only access their own data

We execute Business Associate Agreements (BAAs) with all customers who transmit PHI through our platform. PHI is never sold, shared for marketing purposes, or disclosed except as permitted under HIPAA and the terms of the BAA.

Breach Notification: In the event of a breach involving unsecured PHI, EMS1R will notify affected Covered Entities without unreasonable delay and no later than 60 days following discovery, in compliance with the HIPAA Breach Notification Rule.

5. Data Security

  • SOC 2 aligned security controls
  • AES-256 bit encryption for data at rest and TLS 1.2+ for data in transit
  • Biometric authentication, RFID, and multi-factor authentication support
  • 24/7 infrastructure monitoring with automated threat detection
  • Platform uptime backed by cloud provider SLA with automated failover (<30 seconds)
  • Regular penetration testing and vulnerability assessments
  • Complete audit trails for all data access and modifications

6. Data Retention

We retain customer data for the duration of the service agreement. Upon termination, customer data is retained for a period consistent with applicable EMS regulations and state record retention requirements (typically 7-10 years for patient care records). De-identified data may be retained for analytics purposes. You may request data export or deletion subject to legal retention obligations.

7. NEMSIS Data Submissions

The EMS1R ePCR system was built directly from the NEMSIS v3.5 data format and continuously syncs with any updates to the standard in real time. NEMSIS certification is currently in progress. Data is transmitted directly to authorized state repositories using secure, encrypted channels. EMS1R validates data integrity prior to submission and maintains submission audit logs.

8. Information Sharing and Disclosure

We do not sell your personal information. We may share information only in the following circumstances:

  • Service Providers: Cloud infrastructure providers (Google Cloud Platform) operating under strict data processing agreements
  • Legal Requirements: When required by law, subpoena, or regulatory authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Consent: When you have given explicit consent to share
  • NEMSIS Submissions: State EMS agencies as required by regulation

9. Your Rights

HIPAA Rights

Patients whose PHI is processed through EMS1R maintain all rights under HIPAA, including the right to access, amend, and receive an accounting of disclosures. These requests should be directed to the Covered Entity (the EMS agency).

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

10. Cookies

Our website uses essential cookies for site functionality. We do not use third-party advertising cookies. Analytics cookies, if used, collect only de-identified usage data to improve our website experience.

11. Children's Privacy

Our platform is not directed to individuals under 18. We do not knowingly collect personal information from children. Patient data involving minors is handled exclusively through the Covered Entity under HIPAA protections.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to account holders and posted on this page with an updated revision date.

13. Contact Us

For privacy-related inquiries, data requests, or to report a concern: