Privacy Policy
Effective Date: 1 April 2026 · Last Updated: 1 April 2026
Governing Language: English
Our Commitment
We process your data only to deliver the Service. We do not use your data for AI training, marketing, profiling, or resale. Uploaded documents are deleted after analysis. AI Outputs are retained for a strictly limited period and then permanently deleted.
Identity and Contact Details
Medguide (“we”, “us”, “our”, or “the Company”) operates the Medguide.app platform and related services (the “Service”). This Privacy Policy explains how we collect, process, store, and delete personal data in connection with the Service.
Data protection inquiries: privacy@medguide.app
Scope
This Privacy Policy applies to:
- all visitors to medguide.app;
- registered users of the Service;
- individuals whose personal data is contained in documents uploaded to the Service by users.
This Policy does not apply to third-party services linked from the Service. We encourage you to review the privacy policies of any third-party services you use.
Data Processing Roles
3.1 Dual Role Architecture
The Company operates under two distinct data processing roles depending on the category of data:
As Data Controller
We determine the purposes and means of processing for: account and identity data; billing and subscription data; technical and security logs; IP and geolocation data used for access control and abuse prevention.
As Data Processor
We process data on your behalf and under your instruction for: Uploaded Content (medical documents and files you submit for analysis); AI Outputs generated from Uploaded Content.
3.2 Your Role
When you upload documents containing personal data of third parties (including patient data), you are the independent Data Controller for that data. You are responsible for ensuring a valid legal basis for processing and complying with all applicable data protection laws.
3.3 GDPR Article 28
The data processor provisions of this Policy, together with the Terms of Use, constitute the processor-level arrangement under GDPR Article 28. Where your organization requires a separate, signed Data Processing Agreement, please contact privacy@medguide.app.
Categories of Personal Data
4.1 Account Data (Controller)
- Email address — for authentication, account management, and communications
- Display name — from OAuth profile or as provided by you
- Account creation timestamp
- Subscription tier and billing status
We do not collect or store passwords. Authentication is provided via Google OAuth, Microsoft OAuth, or passwordless Magic Link.
4.2 Uploaded Content (Processor)
Medical documents, diagnostic reports, clinical records, and other files uploaded in supported formats, along with all personal and sensitive data contained within them. Health data constitutes Special Category data under GDPR Article 9 and is processed exclusively to generate AI Outputs. The Company does not read, analyze, or use Uploaded Content for any other purpose.
4.3 AI Outputs (Processor)
Structured analysis, clinical summaries, findings, timelines, and reports generated from Uploaded Content; chat interaction history with the document-anchored AI assistant.
4.4 Technical and Security Data (Controller)
- IP address — for rate limiting, geographic access enforcement, and abuse prevention
- Country code derived from IP — for geo-restriction enforcement
- Device type, browser, and operating system (standard HTTP metadata)
- Access timestamps and session data
- Application error logs (processed with data masking via Sentry)
Technical logs are retained for a maximum of 30 days and then automatically deleted.
4.5 Billing Metadata (Controller, limited)
Subscription plan, status, and billing history; limited payment method metadata provided by Stripe for display purposes (e.g., card brand, expiry date, last four digits). The Company does not store full payment card numbers, CVV codes, or bank account details.
Legal Basis for Processing
| Data Category | Legal Basis |
|---|---|
| Account data | Contract performance |
| AI Outputs | Contract performance |
| Uploaded Content | Contract + your instruction |
| Technical / security logs | Legitimate interests |
| Health data in uploads | Explicit consent + healthcare |
| Billing data | Contract performance |
| Legal obligations | Legal obligation |
For Turkish data subjects, processing is based on equivalent grounds under KVKK Articles 5 and 6.
Data Processing Lifecycle
6.1 Upload
Documents are uploaded to encrypted storage within our infrastructure (AES-256 encryption at rest).
6.2 Analysis
Uploaded documents are transmitted to the AI inference engine (Google Gemini API) via an encrypted API call. This is a transient processing operation. Google does not retain your documents for training or secondary use, pursuant to our enterprise API agreement and Google's Data Processing Terms.
6.3 Output Generation
AI Outputs are stored in your private, isolated Workspace within the database.
6.4 Raw Document Deletion
Upon successful completion of AI analysis, the original uploaded document files are permanently deleted from active storage. Deletion covers primary storage and transient processing artifacts. Deleted files cannot be recovered by the Company.
6.5 Failed Processing
If analysis fails, unprocessed uploaded files are automatically removed by an automated cleanup process within 48 hours of upload.
6.6 Retention and Expiry
AI Outputs are stored in your Workspace for the duration of the applicable retention period (see Section 7). Upon expiry, data is automatically and permanently deleted.
6.7 Export
You may export AI Outputs at any time during the retention period. Exported files are made available via temporary, time-limited signed URLs. Exported files are automatically deleted from our systems shortly after generation.
Data Retention
| Data Category | Retention Period |
|---|---|
| Raw uploaded documents | Deleted after successful analysis |
| Failed / orphaned uploads | Max 48 hours from upload |
| AI Outputs — Starter | 7 calendar days |
| AI Outputs — Plus | 14 calendar days |
| AI Outputs — Business | 21 calendar days |
| Account data | Until account deletion |
| Technical / security logs | 30 days |
| Export files | Shortly after generation |
| Billing / payment metadata | Subscription + statutory period |
Retention periods are non-extendable. Users may delete data earlier at any time. Deleted or expired data cannot be recovered.
Data Use Restrictions
The following restrictions apply absolutely and without exception:
- No AI Training. Your data is never used to train, fine-tune, test, benchmark, or improve any AI model.
- No Secondary Use. Data is processed exclusively for the purpose of providing the Service to you.
- No Resale. We do not sell, lease, license, or transfer your data to any third party.
- No Profiling. We do not create profiles of users or patients for any commercial or advertising purpose.
- No Marketing Use. Uploaded Content and AI Outputs are not used for any marketing or promotional purpose.
Workspace & Access Control
All AI Outputs and Workspace data are stored in logically isolated, per-user environments enforced by Row-Level Security (RLS) policies at the database level. No other user can access your Workspace.
Company personnel do not access Uploaded Content or AI Outputs except:
- where you have explicitly requested technical support involving your specific data;
- where access is required to investigate a confirmed security incident;
- where required by law or a lawful regulatory order.
Any access by Company personnel is logged, limited to the minimum necessary, and subject to contractual confidentiality obligations.
Payments & Billing
Payment processing is provided by Stripe, Inc. (or Stripe's applicable EU entity), which operates as an independent Data Controller for payment card data and associated billing information. Stripe's processing of your financial data is governed by Stripe's Privacy Policy.
The Company receives from Stripe only: subscription status confirmation, billing confirmation, and limited payment method metadata for display purposes (card brand, expiry, last four digits).
We do not process, store, or have access to full payment card numbers, CVV codes, or bank account credentials.
Subprocessors
We use the following third-party service providers (“Subprocessors”) to deliver the Service. Each is contractually prohibited from secondary use of your data.
| Subprocessor | Purpose |
|---|---|
| Google Cloud AI (Gemini) | AI inference & document analysis |
| Supabase | Database, auth & storage |
| Stripe | Payment processing |
| Vercel | Hosting & edge delivery |
| Resend | Transactional email |
| Sentry | Error monitoring |
| Upstash | Rate limiting |
Written Data Processing Agreements are maintained with all Subprocessors. Where a Subprocessor is located outside the EEA or UK, transfers are governed by Standard Contractual Clauses (SCCs) or equivalent mechanisms under applicable law.
Material changes to this list will be communicated with reasonable advance notice via this Policy or direct notification.
International Data Transfers
Processing may involve transfers of personal data to countries outside the European Economic Area (EEA) and United Kingdom, primarily in connection with AI inference via Google Cloud AI (transient API calls) and application hosting infrastructure.
All international transfers are governed by:
- Standard Contractual Clauses (SCCs) pursuant to GDPR Article 46(2)(c) and the UK International Data Transfer Addendum (IDTA) where applicable;
- Subprocessor compliance frameworks (SOC 2 Type II, ISO 27001);
- Data Processing Agreements restricting secondary use.
No original Uploaded Content is stored in jurisdictions outside the EEA/UK beyond the transient duration required for AI inference.
Geographic Restrictions
The Service is not available in the United States of America or the United Arab Emirates.
Access from these jurisdictions is restricted at the network level. The Company expressly disclaims any compliance with the laws of these jurisdictions.
If access occurs through VPN or other circumvention technology, any resulting data processing is entirely at the User's own legal risk and responsibility. The Company is not liable for any regulatory, legal, or other consequences arising from circumvention.
Data Subject Rights
14.1 GDPR and UK GDPR Rights
If you are a data subject in the EEA or UK, you have the following rights:
Right of Access (Art. 15)
Request a copy of your personal data.
Right to Rectification (Art. 16)
Correct inaccurate personal data.
Right to Erasure (Art. 17)
Delete your personal data (exercisable by deleting your account).
Right to Restriction (Art. 18)
Restrict processing in defined circumstances.
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format.
Right to Object (Art. 21)
Object to processing based on legitimate interests.
Right to Withdraw Consent
Where processing is based on consent, withdraw at any time.
14.2 KVKK Rights
If you are a data subject under Turkish law, you have the rights set out in KVKK Article 11, including the right to access, correct, delete, transfer, and object to processing of your personal data.
14.3 How to Exercise Rights
Submit all requests to privacy@medguide.app. We will respond within 30 days, or within the shorter period required by applicable law. We may request reasonable identity verification before processing requests.
14.4 Supervisory Authorities
You may lodge a complaint with:
- Your local data protection supervisory authority (e.g., the ICO in the UK, the relevant national DPA in EU Member States);
- The Personal Data Protection Authority of Turkey (Kişisel Verileri Koruma Kurumu — KVKK) for Turkish data subjects;
- Any other competent supervisory authority in your jurisdiction.
Security Measures
We implement the following technical and organizational security measures in accordance with GDPR Article 32:
| Measure | Implementation |
|---|---|
| Encryption in transit | TLS 1.2+ enforced on all connections |
| Encryption at rest | AES-256 on all stored data |
| Access control | Row-Level Security (RLS) on all user data |
| Authentication | OAuth 2.0 + passwordless Magic Link |
| Rate limiting | IP and user-based limiting on critical endpoints |
| Error monitoring | Masked application monitoring (Sentry) |
| Geo-restriction | IP-based geographic access controls |
| Audit logging | Access and operation logs (30-day retention) |
No security measure provides absolute protection against all threats. In the event of a personal data breach, the Company will notify affected users and relevant supervisory authorities in accordance with GDPR Article 33 and applicable law.
Children's Privacy
The Service is not intended for individuals under 18 years of age. The Company does not knowingly collect personal data from children. If you believe a child has provided personal data to the Company, contact privacy@medguide.app immediately and the Company will take steps to delete that data.
Changes to This Policy
The Company may update this Privacy Policy to reflect changes in law, technology, or practice. For material changes, at least 30 days' advance notice will be provided via email or prominent notice on the Service. Continued use of the Service after the effective date constitutes acceptance. If you do not agree to changes, you must stop using the Service and delete your account before the effective date.
Contact
We will respond to all data protection inquiries within 30 days as required by applicable law.
© 2026 MedGuide. All rights reserved. The English-language version of this Privacy Policy is the governing version.