Privacy Policy

Last updated: April 15, 2026

MedVault Health ("MedVault," "we," "us") is committed to protecting the privacy and confidentiality of your personal health information. This policy explains what data we collect, how we use it, how we protect it, and what rights you have.

1. What Data We Collect

When you use MedVault, we collect:

• Account information: Phone number (for authentication via OTP), name, date of birth, gender, and country.
• Lab reports: Photos or PDFs of lab reports you upload. These are processed by our OCR and AI systems to extract test values.
• Parsed health data: Test names, values, reference ranges, and AI-generated explanations derived from your uploaded reports.
• Family member profiles: Names and basic information of family members you add to your account.
• Medications: Any medications you choose to add for drug interaction checking.
• Usage data: App usage patterns, feature interactions, and error logs. These never contain your health values or personal identifiers.

2. How We Use Your Data

Your data is used exclusively to provide the MedVault service:

• Report parsing: Your uploaded reports are processed by OCR (Google Cloud Vision) and AI (Anthropic Claude) to extract and explain test values.
• Health tracking: Your parsed values are stored to show trends over time and generate health summaries.
• Doctor sharing: When you create a share link, only the data you choose to share is made visible to the recipient. Links can be revoked at any time.
• Notifications: We may send push notifications about abnormal values or subscription updates. You can disable these anytime.

3. What We Never Do

This is a hard commitment, not a guideline:

• We never sell your personal health data to anyone — not advertisers, not insurance companies, not pharmaceutical companies, not data brokers.
• We never share your identifiable health data with third parties except as required to provide the service (OCR processing, AI parsing) or by law.
• We never log patient names, test values, or report contents in our server logs. Our audit logs record access events (who accessed what, when) but not the data itself.
• We never use your health data to train AI models. Your reports are processed, not learned from.
• We never display advertisements based on your health data.

4. How We Protect Your Data

• Encryption at rest: All uploaded files are encrypted with AES-256 before storage.
• Encryption in transit: All data transmitted between your device and our servers uses TLS 1.3.
• Secure storage: Files are stored on Cloudflare R2 with server-side encryption. Database hosted on PostgreSQL with encrypted connections.
• Share link security: Share tokens are generated with crypto.randomBytes(64) — 128 hex characters, cryptographically random. Every share link access is validated against expiry, revocation status, and view count limits.
• Authentication: Phone-based OTP via Firebase Auth. Rate-limited to 5 OTP attempts per phone number per hour to prevent brute force.
• Audit logging: Every data access is logged with IP address and user agent in an append-only audit log.
• File validation: Uploads are restricted to 10MB max, JPEG/PNG/HEIC/PDF only, with server-side MIME type verification.

5. Data Sharing with Doctors

When you share your health records with a doctor:

• You create a share link with an expiry date you choose.
• The doctor can view your structured health data through a web portal — no app download needed on their end.
• You can revoke access at any time, immediately.
• Every view is logged so you know exactly who accessed your data and when.
• The share token is the only credential — there is no doctor login. If you revoke the link, access stops permanently.

6. Family Member Data

If you add family members to your account:

• Only you (the account holder) can see their data.
• Each family member gets their own profile with separate health history.
• You decide which family member's data to share with which doctor.
• Family members can be removed from your account at any time, which removes your access to their data.

7. Third-Party Services

MedVault uses the following third-party services to operate:

• Google Cloud Vision API: For OCR (reading text from report images). Report images are sent to Google for text extraction only. Google does not retain images after processing.
• Anthropic Claude API: For AI-powered report parsing and explanations. Report text (not images) is sent to Anthropic for analysis. Anthropic does not use API inputs for training.
• Firebase Auth: For phone-based authentication.
• Cloudflare R2: For encrypted file storage.
• Safepay: For payment processing (JazzCash, Easypaisa, cards). We never see or store your payment card details.

8. Server Location & Data Residency

Transparency about where your data physically lives:

• Application servers: Hosted on Railway (US-based infrastructure). API requests are processed here.
• Database: PostgreSQL on Neon, with encrypted connections. Data at rest is encrypted.
• File storage: Uploaded report images and PDFs are stored on Cloudflare R2 with AES-256 server-side encryption. R2 stores data across Cloudflare's global network with automatic redundancy.
• Cache & queue: Redis on Upstash for temporary processing queues. No health data is permanently stored in cache.
• OCR processing: Report images are sent to Google Cloud Vision API for text extraction. Google processes these in their cloud infrastructure and does not retain images after processing.
• AI processing: Extracted text is sent to Anthropic's API for parsing. Anthropic does not store or train on API inputs.

Important note: As of launch, MedVault's infrastructure is hosted on international cloud providers. We are actively evaluating Pakistan-based hosting options to offer full data residency within Pakistan. Users will be notified when local data residency becomes available.

9. Data Protection Officer (DPO)

MedVault has appointed a Data Protection Officer responsible for overseeing data protection strategy and compliance:

• Role: The DPO ensures that MedVault handles personal health information in compliance with applicable data protection laws and internal policies.
• Responsibilities:
  • Reviewing and approving data processing activities before deployment
  • Conducting periodic internal audits of data access and security controls
  • Responding to data subject requests (access, correction, deletion)
  • Managing data breach response and notification procedures
  • Maintaining records of processing activities
• Contact: For any data protection concerns, reach the DPO at dpo@medvault-health.com or via WhatsApp at +92 324 456 5313.

10. Compliance & Audit

MedVault maintains the following compliance practices for handling medical records:

• Access control audit: All access to patient health data is logged in an append-only audit trail. Logs include timestamp, user ID, IP address, user agent, and action performed. These logs are reviewed periodically and retained for 12 months.
• Internal security reviews: We conduct regular internal reviews of our encryption practices, access controls, authentication systems, and third-party integrations.
• Breach notification: In the event of a data breach affecting personal health information, we will notify affected users within 72 hours via push notification and WhatsApp, detailing what data was affected and what steps we are taking.
• Data Processing Impact Assessment: Before introducing new features that process health data (e.g., AI chat, trend analysis, drug interactions), we conduct an internal data protection impact assessment to evaluate risks and safeguards.
• Third-party review: We review the data protection practices of all third-party services (Google, Anthropic, Cloudflare, Safepay) before integration and re-evaluate annually.
• Regulatory alignment: While Pakistan's data protection legislation (Personal Data Protection Bill) is evolving, MedVault proactively aligns with international standards including GDPR principles for data minimization, purpose limitation, and user consent. We will comply with local regulations as they are enacted.

For audit reports or compliance documentation, contact our DPO at dpo@medvault-health.com.

11. Data Retention

• Your health data is retained as long as your account is active.
• If you delete your account, all your data (reports, parsed results, family profiles, share links) is permanently deleted within 30 days.
• Audit logs are retained for 12 months for security purposes, then automatically purged.
• Revoked share links are immediately deactivated. The share token record is kept for audit purposes but the data is no longer accessible.

12. Your Rights

You have the right to:

• Access: View all your stored health data at any time through the app.
• Correct: Edit or correct any parsed values that were extracted incorrectly.
• Delete: Delete individual reports or your entire account.
• Export: Download your health data as PDF (Premium feature).
• Revoke: Revoke any share link at any time.
• Withdraw consent: Stop using the service at any time. Your data will be deleted upon account deletion.

13. Children's Privacy

MedVault can store health records for children as family members, managed by a parent or guardian. Children cannot create their own accounts. The parent or guardian has full control over their child's health data.

14. Changes to This Policy

We may update this policy from time to time. When we make significant changes, we will notify you via push notification and display a notice in the app. Continued use of MedVault after changes constitutes acceptance of the updated policy.

15. Contact

If you have any questions about this privacy policy or how your data is handled:

• WhatsApp: +92 324 456 5313
• Email: privacy@medvault-health.com