Privacy Policy

1. Introduction

MedVault ("we," "our," or "us") is committed to protecting your privacy and personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical records management platform.

This policy explains how we handle your health information. While we implement security measures, please note that this is currently a personal project and not a certified healthcare service. We recommend consulting with healthcare professionals for medical decisions.

2. Information We Collect

2.1 Personal Health Information (PHI)

• Medical records, test results, and diagnostic images
• Prescription information and medication history
• Appointment records and healthcare provider information
• Insurance information and billing details
• Emergency contact information

2.2 Account Information

• Name, email address, and phone number
• WhatsApp contact information for authentication
• Profile information and preferences
• Usage data and platform interactions

2.3 Technical Information

• Device information and IP addresses
• Browser type and operating system
• Log files and analytics data
• Security and authentication data

3. How We Use Your Information

We use your information solely for the purpose of providing and improving our medical records management services:

• To store, organize, and manage your medical records securely
• To provide AI-powered analysis and insights from your health data
• To enable secure sharing of records with healthcare providers
• To authenticate your identity and secure your account
• To provide customer support and technical assistance
• To comply with legal and regulatory requirements
• To improve our services and develop new features

4. Data Security

We implement comprehensive security measures to protect your health information:

• Encryption: Data is encrypted using standard encryption methods provided by our hosting provider
• Access Controls: User authentication and authorization controls
• Secure Infrastructure: Data stored using Supabase cloud infrastructure
• Data Control: You can view, edit, and delete your data at any time
• Transparency: We're open about our data practices and limitations
• User Rights: You have full control over your personal information

5. Important Notice

This is a personal project, not a certified healthcare service. Please note:

• This application is not HIPAA certified or regulated
• We are not a licensed healthcare provider or business associate
• This tool is for personal use and organization only
• Always consult with qualified healthcare professionals for medical decisions
• We implement basic security measures but cannot guarantee enterprise-level compliance
• Use this service at your own discretion and risk

6. Your Data Rights

You have the following rights regarding your personal data:

• Access: You can view all your data at any time
• Edit: You can update or correct your information
• Delete: You can delete your account and all associated data
• Export: You can download your data in a portable format
• Control: You decide what information to share and store
• Transparency: We're open about how we use your data

7. Information Sharing

We do not sell, trade, or rent your personal health information. We may share information only in these limited circumstances:

• With your explicit consent for sharing with healthcare providers
• To comply with legal obligations or court orders
• To protect the rights, property, or safety of MedVault or others
• With trusted service providers who assist in our operations (under strict confidentiality agreements)
• In connection with a business transfer or acquisition (with prior notice)

8. Your Rights

You have the following rights regarding your personal health information:

• Access: Request a copy of all your health information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your information (subject to legal requirements)
• Portability: Request transfer of your data to another service
• Restriction: Request limitation on how we use your information
• Objection: Object to certain uses of your information
• Withdrawal: Withdraw consent for data processing at any time

9. Data Retention

We retain your personal health information for as long as necessary to provide our services and comply with legal obligations:

• Medical records are retained while your account is active
• Account information is retained while your account is active
• You can delete your data at any time through the application
• Deleted data is removed from our systems within 30 days
• We don't retain data longer than necessary for the service
• You have full control over your data retention

10. Breach Notification

In the unlikely event of a data breach involving your personal health information, we will:

• Notify you within 72 hours of discovering the breach
• Provide details about what information was involved
• Explain the steps we're taking to address the breach
• Offer guidance on how to protect yourself
• Report the breach to relevant authorities as required by law

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

12. Policy Updates

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date. Your continued use of our services after any changes constitutes acceptance of the updated policy.