Data Protection

Privacy Policy

Effective Date: 1 April 2026 · Last Updated: 1 April 2026

Governing Language: English

Our Commitment

We process your data only to deliver the Service. We do not use your data for AI training, marketing, profiling, or resale. Uploaded documents are deleted after analysis. AI Outputs are retained for a strictly limited period and then permanently deleted.

1

Identity and Contact Details

Medguide (“we”, “us”, “our”, or “the Company”) operates the Medguide.app platform and related services (the “Service”). This Privacy Policy explains how we collect, process, store, and delete personal data in connection with the Service.

Data protection inquiries: privacy@medguide.app

2

Scope

This Privacy Policy applies to:

  • all visitors to medguide.app;
  • registered users of the Service;
  • individuals whose personal data is contained in documents uploaded to the Service by users.

This Policy does not apply to third-party services linked from the Service. We encourage you to review the privacy policies of any third-party services you use.

3

Data Processing Roles

3.1 Dual Role Architecture

The Company operates under two distinct data processing roles depending on the category of data:

As Data Controller

We determine the purposes and means of processing for: account and identity data; billing and subscription data; technical and security logs; IP and geolocation data used for access control and abuse prevention.

As Data Processor

We process data on your behalf and under your instruction for: Uploaded Content (medical documents and files you submit for analysis); AI Outputs generated from Uploaded Content.

3.2 Your Role

When you upload documents containing personal data of third parties (including patient data), you are the independent Data Controller for that data. You are responsible for ensuring a valid legal basis for processing and complying with all applicable data protection laws.

3.3 GDPR Article 28

The data processor provisions of this Policy, together with the Terms of Use, constitute the processor-level arrangement under GDPR Article 28. Where your organization requires a separate, signed Data Processing Agreement, please contact privacy@medguide.app.

4

Categories of Personal Data

4.1 Account Data (Controller)

  • Email address — for authentication, account management, and communications
  • Display name — from OAuth profile or as provided by you
  • Account creation timestamp
  • Subscription tier and billing status

We do not collect or store passwords. Authentication is provided via Google OAuth, Microsoft OAuth, or passwordless Magic Link.

4.2 Uploaded Content (Processor)

Medical documents, diagnostic reports, clinical records, and other files uploaded in supported formats, along with all personal and sensitive data contained within them. Health data constitutes Special Category data under GDPR Article 9 and is processed exclusively to generate AI Outputs. The Company does not read, analyze, or use Uploaded Content for any other purpose.

4.3 AI Outputs (Processor)

Structured analysis, clinical summaries, findings, timelines, and reports generated from Uploaded Content; chat interaction history with the document-anchored AI assistant.

4.4 Technical and Security Data (Controller)

  • IP address — for rate limiting, geographic access enforcement, and abuse prevention
  • Country code derived from IP — for geo-restriction enforcement
  • Device type, browser, and operating system (standard HTTP metadata)
  • Access timestamps and session data
  • Application error logs (processed with data masking via Sentry)

Technical logs are retained for a maximum of 30 days and then automatically deleted.

4.5 Billing Metadata (Controller, limited)

Subscription plan, status, and billing history; limited payment method metadata provided by Stripe for display purposes (e.g., card brand, expiry date, last four digits). The Company does not store full payment card numbers, CVV codes, or bank account details.

6

Data Processing Lifecycle

6.1 Upload

Documents are uploaded to encrypted storage within our infrastructure (AES-256 encryption at rest).

6.2 Analysis

Uploaded documents are transmitted to the AI inference engine (Google Gemini API) via an encrypted API call. This is a transient processing operation. Google does not retain your documents for training or secondary use, pursuant to our enterprise API agreement and Google's Data Processing Terms.

6.3 Output Generation

AI Outputs are stored in your private, isolated Workspace within the database.

6.4 Raw Document Deletion

Upon successful completion of AI analysis, the original uploaded document files are permanently deleted from active storage. Deletion covers primary storage and transient processing artifacts. Deleted files cannot be recovered by the Company.

6.5 Failed Processing

If analysis fails, unprocessed uploaded files are automatically removed by an automated cleanup process within 48 hours of upload.

6.6 Retention and Expiry

AI Outputs are stored in your Workspace for the duration of the applicable retention period (see Section 7). Upon expiry, data is automatically and permanently deleted.

6.7 Export

You may export AI Outputs at any time during the retention period. Exported files are made available via temporary, time-limited signed URLs. Exported files are automatically deleted from our systems shortly after generation.

7

Data Retention

Data CategoryRetention Period
Raw uploaded documentsDeleted after successful analysis
Failed / orphaned uploadsMax 48 hours from upload
AI Outputs — Starter7 calendar days
AI Outputs — Plus14 calendar days
AI Outputs — Business21 calendar days
Account dataUntil account deletion
Technical / security logs30 days
Export filesShortly after generation
Billing / payment metadataSubscription + statutory period

Retention periods are non-extendable. Users may delete data earlier at any time. Deleted or expired data cannot be recovered.

8

Data Use Restrictions

The following restrictions apply absolutely and without exception:

  • No AI Training. Your data is never used to train, fine-tune, test, benchmark, or improve any AI model.
  • No Secondary Use. Data is processed exclusively for the purpose of providing the Service to you.
  • No Resale. We do not sell, lease, license, or transfer your data to any third party.
  • No Profiling. We do not create profiles of users or patients for any commercial or advertising purpose.
  • No Marketing Use. Uploaded Content and AI Outputs are not used for any marketing or promotional purpose.
9

Workspace & Access Control

All AI Outputs and Workspace data are stored in logically isolated, per-user environments enforced by Row-Level Security (RLS) policies at the database level. No other user can access your Workspace.

Company personnel do not access Uploaded Content or AI Outputs except:

  • where you have explicitly requested technical support involving your specific data;
  • where access is required to investigate a confirmed security incident;
  • where required by law or a lawful regulatory order.

Any access by Company personnel is logged, limited to the minimum necessary, and subject to contractual confidentiality obligations.

10

Payments & Billing

Payment processing is provided by Stripe, Inc. (or Stripe's applicable EU entity), which operates as an independent Data Controller for payment card data and associated billing information. Stripe's processing of your financial data is governed by Stripe's Privacy Policy.

The Company receives from Stripe only: subscription status confirmation, billing confirmation, and limited payment method metadata for display purposes (card brand, expiry, last four digits).

We do not process, store, or have access to full payment card numbers, CVV codes, or bank account credentials.

11

Subprocessors

We use the following third-party service providers (“Subprocessors”) to deliver the Service. Each is contractually prohibited from secondary use of your data.

SubprocessorPurpose
Google Cloud AI (Gemini)AI inference & document analysis
SupabaseDatabase, auth & storage
StripePayment processing
VercelHosting & edge delivery
ResendTransactional email
SentryError monitoring
UpstashRate limiting

Written Data Processing Agreements are maintained with all Subprocessors. Where a Subprocessor is located outside the EEA or UK, transfers are governed by Standard Contractual Clauses (SCCs) or equivalent mechanisms under applicable law.

Material changes to this list will be communicated with reasonable advance notice via this Policy or direct notification.

12

International Data Transfers

Processing may involve transfers of personal data to countries outside the European Economic Area (EEA) and United Kingdom, primarily in connection with AI inference via Google Cloud AI (transient API calls) and application hosting infrastructure.

All international transfers are governed by:

  • Standard Contractual Clauses (SCCs) pursuant to GDPR Article 46(2)(c) and the UK International Data Transfer Addendum (IDTA) where applicable;
  • Subprocessor compliance frameworks (SOC 2 Type II, ISO 27001);
  • Data Processing Agreements restricting secondary use.

No original Uploaded Content is stored in jurisdictions outside the EEA/UK beyond the transient duration required for AI inference.

13

Geographic Restrictions

The Service is not available in the United States of America or the United Arab Emirates.

Access from these jurisdictions is restricted at the network level. The Company expressly disclaims any compliance with the laws of these jurisdictions.

If access occurs through VPN or other circumvention technology, any resulting data processing is entirely at the User's own legal risk and responsibility. The Company is not liable for any regulatory, legal, or other consequences arising from circumvention.

14

Data Subject Rights

14.1 GDPR and UK GDPR Rights

If you are a data subject in the EEA or UK, you have the following rights:

Right of Access (Art. 15)

Request a copy of your personal data.

Right to Rectification (Art. 16)

Correct inaccurate personal data.

Right to Erasure (Art. 17)

Delete your personal data (exercisable by deleting your account).

Right to Restriction (Art. 18)

Restrict processing in defined circumstances.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Right to Object (Art. 21)

Object to processing based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, withdraw at any time.

14.2 KVKK Rights

If you are a data subject under Turkish law, you have the rights set out in KVKK Article 11, including the right to access, correct, delete, transfer, and object to processing of your personal data.

14.3 How to Exercise Rights

Submit all requests to privacy@medguide.app. We will respond within 30 days, or within the shorter period required by applicable law. We may request reasonable identity verification before processing requests.

14.4 Supervisory Authorities

You may lodge a complaint with:

  • Your local data protection supervisory authority (e.g., the ICO in the UK, the relevant national DPA in EU Member States);
  • The Personal Data Protection Authority of Turkey (Kişisel Verileri Koruma Kurumu — KVKK) for Turkish data subjects;
  • Any other competent supervisory authority in your jurisdiction.
15

Security Measures

We implement the following technical and organizational security measures in accordance with GDPR Article 32:

MeasureImplementation
Encryption in transitTLS 1.2+ enforced on all connections
Encryption at restAES-256 on all stored data
Access controlRow-Level Security (RLS) on all user data
AuthenticationOAuth 2.0 + passwordless Magic Link
Rate limitingIP and user-based limiting on critical endpoints
Error monitoringMasked application monitoring (Sentry)
Geo-restrictionIP-based geographic access controls
Audit loggingAccess and operation logs (30-day retention)

No security measure provides absolute protection against all threats. In the event of a personal data breach, the Company will notify affected users and relevant supervisory authorities in accordance with GDPR Article 33 and applicable law.

16

Children's Privacy

The Service is not intended for individuals under 18 years of age. The Company does not knowingly collect personal data from children. If you believe a child has provided personal data to the Company, contact privacy@medguide.app immediately and the Company will take steps to delete that data.

17

Changes to This Policy

The Company may update this Privacy Policy to reflect changes in law, technology, or practice. For material changes, at least 30 days' advance notice will be provided via email or prominent notice on the Service. Continued use of the Service after the effective date constitutes acceptance. If you do not agree to changes, you must stop using the Service and delete your account before the effective date.

18

Contact

We will respond to all data protection inquiries within 30 days as required by applicable law.

© 2026 MedGuide. All rights reserved. The English-language version of this Privacy Policy is the governing version.

Privacy Policy — MedGuide | MedGuide