# Privacy Policy **Last Updated: April 24, 2026** ## Not Affiliated with Government MedLogAI is an independent third-party application and is **NOT affiliated with, endorsed by, or connected to** Taiwan's National Health Insurance Administration (NHIA), the Ministry of Health and Welfare, or any other government agency. All data is imported by users themselves from the NHI Health Passbook — MedLogAI does not integrate directly with any government system. --- ## Contact & Account Deletion For help, bug reports, data export, or to **request account deletion**, please scroll to the **Contact Us** section on our main page or email us directly at **medlogaimedlogai@gmail.com**. You do **not** need to have the MedLogAI app installed to contact us or request account deletion. Email alone is sufficient. Account deletion requests follow a 7-day grace period, after which all your data is permanently removed. If you signed in with Apple, your Apple authorization token will be revoked as part of deletion. --- MedLogAI ("we", "our", or "us") operates the MedLogAI mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. ## 1. Information We Collect ### 1.1 Personal Information - **Account Data**: Email address, display name, and authentication credentials when you create an account. - **Health Data**: Health passbook (NHI) data that you voluntarily import into the app, including but not limited to lab results, outpatient visit records, hospitalization records, imaging reports, dental records, vaccination records, and cancer screening results. - **Profile Data**: Birth year, gender, relationship labels, and health notes you provide for managed profiles. - **Payment Data**: In-app purchase transaction records processed through Apple App Store or Google Play Store. We do not directly collect or store credit card information. ### 1.2 Automatically Collected Information - Device type, operating system version, and anonymous device identifiers. - App usage analytics and crash reports (no health data included). - IP address and general location (country/region level only). ## 2. How We Use Your Information We use collected information to: - Provide and maintain the Service, including importing, parsing, and displaying your health passbook data. - Generate AI-powered health summaries and analysis using third-party AI services (Google Gemini API), subject to your explicit consent. - Manage your account, profiles, and subscription status. - Process in-app purchases and manage credit balances. - Improve the Service through aggregated, anonymized usage analytics. - Communicate with you about service updates, security alerts, and support. ## 3. AI Data Processing (Google Gemini API) ### 3.1 Explicit Prior Consent Before you first use any AI feature (lab summary, health summary, timeline analysis, imaging report interpretation, free-form questions, etc.), the app displays a full disclosure and requires your explicit consent. Users who do not consent cannot use AI features, but all other functions (import, browsing, charts) remain fully available. You may withdraw consent at any time in **Settings → Legal & Support → AI Data Processing Consent**. ### 3.2 Data Categories Transmitted When you actively invoke an AI feature, the following data is sent to the Google Gemini API: - Age and gender - Health notes you've entered in your profile - Lab test codes, values, and reference ranges - Visit dates and summaries (depending on the feature) The following data is **never** transmitted to Gemini: your name, email address, national ID, contact details, or any directly identifying personal information. ### 3.3 Recipient and Transfer Region Data is transmitted via API to **Google LLC's Gemini service**, with servers located in the **United States and Google's global data centers** — this constitutes a cross-border transfer. Google processes data under its API Terms of Service; the paid Gemini API **does not use your content to train Google's AI models by default**. We only share data with third parties that commit to **the same or equivalent data-protection standards** as those we apply ourselves. Google LLC processes your data under its API Terms of Service and Privacy Policy, and commits that the paid Gemini API does not use your content to train AI models by default. Its security controls include encryption in transit, encryption at rest, and access controls that meet enterprise-grade data-protection requirements. ### 3.4 Retention AI analysis results are stored in your account until you delete them or delete your account. Requests sent to Google are retained per Google's own policies (typically short-term caching for safety and abuse detection). ### 3.5 Important Disclaimer AI-generated health summaries and responses are for **informational and reference purposes only**. They do not constitute medical advice, diagnosis, treatment, prescription, or emergency judgment. Always consult a qualified healthcare professional for medical decisions. ## 4. Data Storage and Security ### 4.1 Storage - Your account and imported health data are stored securely on **Supabase** cloud infrastructure (EU servers), with Row-Level Security (RLS) policies ensuring data isolation between users. - Data is encrypted in transit (TLS) and at rest. ### 4.2 Security Measures - Authentication via secure providers (email/password, Google Sign-In, Apple Sign-In). - Row-Level Security policies on all database tables. - Secure token storage on device using platform-native secure storage. - Audit logs are maintained for AI consent events and AI guardrail firings (metadata only — no response text is stored). ## 5. Data Sharing and Disclosure We do **not** sell your personal or health data. We may share information only in the following circumstances, and only the minimum data necessary with each recipient: - **Supabase** (database, authentication, row-level security) — stores your account and imported health data. Region: EU. - **Google Gemini API** (AI health summaries and Q&A) — receives the data categories listed in Section 3.2, only when you explicitly consent and actively invoke an AI feature. Region: United States and global. - **RevenueCat** (subscription and in-app purchase management) — receives only your anonymous user id, subscription status, and purchase events. - **Sentry** (crash reporting and error diagnostics) — receives crash stack traces, device model, OS version, app version, and your anonymous user id. **Never receives any health data, profile information, lab values, diagnoses, or medication names.** Region: EU. - **Mixpanel** (anonymous product analytics to improve the app) — receives app interaction events (e.g. screen views, import started, purchase completed, feature usage) along with device model, OS version, app version, and your anonymous user id. **Never receives any health data, profile names, lab values, diagnoses, medication names, or any field that could identify your medical condition.** Region: EU. - **Legal Requirements**: When required by law, regulation, or legal process. - **Safety**: To protect the rights, safety, or property of our users or the public. ## 6. Family Profiles The Service allows you to manage health data for family members. You represent and warrant that you have obtained proper consent from any family member whose data you import and manage through the Service. ## 7. Data Retention and Deletion ### 7.1 Retention We retain your data for as long as your account is active or as needed to provide the Service. ### 7.2 Account Deletion You may request account deletion through the app Settings or by emailing medlogaimedlogai@gmail.com. Upon deletion request: - A 7-day grace period begins, during which you can cancel the deletion. - After the grace period, all your data — including health records, profiles, AI summaries, AI consent records, and account information — will be permanently deleted. - Apple Sign-In tokens will be revoked as required by Apple's guidelines. - You do NOT need to have the app installed to request deletion. ## 8. Children's Privacy The Service is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. The family profile feature is intended for parents/guardians to manage their children's health data. ## 9. International Data Transfers Your data may be transferred to and processed in countries other than your country of residence, specifically: - **European Union**: Supabase (database), Sentry (error monitoring), Mixpanel (analytics). - **United States and Google's global data centers**: Google Gemini API (only when you consent and actively invoke an AI feature). - **Global**: RevenueCat (subscription management). We ensure appropriate safeguards are in place for each transfer, per the standards applicable in the recipient's jurisdiction. ## 10. Your Rights (Taiwan PDPA Article 3) You may at any time: 1. **Inspect** your data in the app Settings. 2. **Copy/Export** your imported health passbook data. 3. **Supplement / Correct** your profile, health notes, and imported data. 4. **Request processing to stop**: Withdraw AI consent in **Settings → Legal & Support → AI Data Processing Consent**. AI features will be disabled; other features remain functional. 5. **Delete**: individual records or the entire account (7-day grace period). 6. **Withdraw consent**: at any time, without affecting your other rights. For additional assistance, contact us via the email below. ## 11. Changes to This Policy We may update this Privacy Policy from time to time. For material changes (new data categories, new third-party recipients, changed purposes), we will **re-request your consent** in the app via versioned consent, and notify you through the app or email. ## 12. Contact Us If you have questions about this Privacy Policy or wish to exercise any of the above rights, please contact us at: **Email**: medlogaimedlogai@gmail.com