Privacy Policy

1. Introduction

Welcome to MedFAQs ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services (collectively, the "Service").

This application is designed to help individuals prepare for doctor visits, organize questions, and store personal notes for their own reference. We are not a healthcare provider, do not offer medical advice, and do not operate as a medical record system.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

We collect several types of information from and about users of our Service:

• Email address
• Authentication credentials (handled securely through our authentication provider)
• Account preferences and settings

• Questions you create or generate using our AI tools
• Notes you enter from your doctor visits
• Personal health information you choose to record (such as medications, conditions, symptoms, or other health-related notes)
• Any other content you voluntarily submit through the Service

• Device type and operating system
• Browser type and version
• IP address
• Usage data (pages visited, features used, time spent)
• Error logs and diagnostic information
• Basic usage metrics (for app reliability and improvement)

We may use cookies, web beacons, and similar tracking technologies to track activity on our Service and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

3. How We Use Information

We use the information we collect for the following purposes:

• To Provide and Maintain Our Service: Enable you to generate and organize questions, save and display personal notes, and access all features of the application
• To Improve Our Service: Analyze usage patterns, identify technical issues, and enhance performance and usability
• To Communicate With You: Send you service-related notices, updates, and support messages
• To Ensure Security: Protect against fraud, abuse, and unauthorized access
• To Comply With Legal Obligations: Meet legal requirements and respond to lawful requests

We do not use your information for:

• Medical diagnosis or treatment recommendations
• Healthcare provider evaluation or recommendations
• Marketing or advertising purposes (unless you explicitly opt-in)
• Selling your personal information to third parties

4. User Control and Ownership

You have full control over your information:

• Ownership: You own all content you enter into the application
• Access: You can view, edit, or delete your information at any time
• Export: You may export your data in a standard format
• Deletion: You may delete individual items or your entire account at any time
• Account Closure: Deleting your account permanently removes all associated content from our systems

5. No Healthcare Provider Access

Important:

Healthcare providers, clinics, insurers, or medical staff:

• Do not have accounts on this platform
• Cannot log in to the Service
• Cannot access your data
• Do not receive information from us
• Are not notified of your use of the Service

Any information you choose to share with a healthcare provider is done outside the application at your sole discretion. We do not facilitate, enable, or participate in any communication between you and healthcare providers.

6. HIPAA Statement

This application is not a HIPAA-covered service.

We do not act as a healthcare provider, healthcare clearinghouse, or business associate under the Health Insurance Portability and Accountability Act (HIPAA). Information stored in the application is user-generated and maintained solely for personal reference. We are not subject to HIPAA regulations, and your use of this Service does not create a HIPAA-covered relationship.

If you require HIPAA-compliant services, please consult with a qualified healthcare provider or HIPAA-compliant service provider.

7. Data Sharing and Disclosure

We respect your privacy and do not sell your personal information.

We may share your information only in the following circumstances:

We may share information with trusted third-party service providers who perform services on our behalf, such as:

• Hosting and cloud storage services
• Authentication and security services
• Analytics and performance monitoring
• AI language model providers (for generating visit preparation questions)
• Payment processing services
• Email delivery services

These service providers are contractually obligated to use your information only to provide services to us, maintain the confidentiality of your information, and not use your information for their own purposes.

When you use our AI chat feature to generate questions for your doctor visit, the text of your messages is transmitted to a third-party AI language model provider to generate a response. This means the content of your chat messages — which may include health-related topics you type — is processed by an external service.

What this means for you: Do not include in chat messages any information you want kept entirely private, such as your full name, date of birth, insurance details, or other identifying information alongside sensitive health details. The AI feature is designed for general topic-based questions (e.g., "diabetes" or "high blood pressure") — not for transmitting your personal medical records.

We do not use your chat messages to train AI models, and our AI providers are prohibited from using your data for their own model training purposes.

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

We may share your information with your explicit consent or at your direction.

8. Data Security

We implement reasonable security measures to protect your information, including:

• Encrypted Connections: All data transmission uses HTTPS/TLS encryption
• Encrypted Storage: Data at rest is encrypted using industry-standard methods
• Access Controls: Strict access controls limit who can view your information
• Regular Security Audits: We conduct regular security assessments
• Secure Authentication: Authentication credentials are handled through secure, industry-standard providers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. You use the Service at your own risk.

9. Data Retention and Deletion

• Active Accounts: Your information remains stored as long as your account is active
• Account Deletion: Upon account deletion, all associated content is permanently removed from our systems within 30 days
• Backup Data: Deleted information may remain in our backup systems for up to 90 days before being permanently purged
• Legal Requirements: We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention)

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries.

11. Children's Privacy

This Service is intended for users 18 years of age or older.

We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

12. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

• Right to Access: Request a copy of the personal information we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information
• Right to Restrict Processing: Request limitation of how we process your information
• Right to Data Portability: Request transfer of your information to another service
• Right to Object: Object to certain types of processing

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to delete personal information we have collected
• The right to opt-out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Effective Date" at the top of this Privacy Policy
• Sending you an email notification (for material changes)
• Displaying a prominent notice on our Service (for significant changes)

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: [Your Support Email]

Address: [Your Company Address]

We will respond to your inquiry within a reasonable timeframe.

Last Updated: January 1, 2025