My Med Assistant
Get started for free

Privacy Policy

Last updated: April 2025

1. Who We Are

My Med Assistant is a web service that helps users understand medical documents using artificial intelligence. We are the data controller for the personal data you provide when using our service. Our servers are located in the European Union, and all data processing complies with the General Data Protection Regulation (GDPR).

2. What Data We Collect

  • Account data: email address, password (stored in encrypted form), preferred language, registration date.
  • Profile data: name, date of birth, relation (self, child, parent, etc.) — only what you enter yourself.
  • Medical documents: files you upload (PDF, photos of test results). Stored in encrypted form in EU-based cloud storage.
  • AI analysis results: text of AI explanations for your documents, health indicators.
  • Chat history: your questions to the AI assistant and its answers.
  • Technical data: IP address, browser type, timestamps of actions — used to ensure security and diagnose errors.
  • Payment data: processed by Stripe; we do not store card numbers.

3. How We Use Your Data

  • To provide the service: document analysis, AI explanations, health timeline.
  • To send notifications and reminders you set up yourself.
  • To process payments and manage subscriptions.
  • To ensure security and prevent abuse.
  • To improve the service based on anonymized usage statistics (without transferring personal data to third parties).

We do not sell your personal data or medical information to third parties. We do not use your data for advertising purposes.

4. Third-Party Services

To provide the service, we use the following trusted providers:

  • Supabase — database and authentication (EU servers)
  • Cloudflare R2 — file storage (EU region)
  • Anthropic — AI analysis (your documents are sent to Anthropic API for processing, not stored by Anthropic)
  • Stripe — payment processing
  • Resend — email delivery

5. Data Security

All data is encrypted at rest (AES-256) and in transit (TLS). We apply row-level access control — your data is accessible only to you. Backups are stored for 7 days. We log all access to medical data for security auditing purposes.

6. Data Retention

We store your data for as long as your account is active. After account deletion, all personal data and files are permanently deleted within 30 days. Some technical logs may be retained for up to 90 days for security purposes.

7. Your Rights (GDPR)

As an EU resident, you have the right to:

  • Access — request a copy of all your data (Settings → Download my data)
  • Erasure — delete your account and all associated data (Settings → Delete account)
  • Correction — update inaccurate data in your profile
  • Portability — export your data in a machine-readable format
  • Objection — object to processing for any purpose

To exercise your rights, use the Settings page or contact us at the email below.

8. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

9. Children

The service is available to users aged 13 and older. Users under 18 should use the service with parental supervision. We do not knowingly collect data from children under 13.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: privacy@mymedassistant.com