MedRecap Privacy Policy
This Privacy Policy describes how MedRecap ("MedRecap", "we", "us", or "our") collects, uses, stores, and protects information when you use the MedRecap mobile application (the "App"). By using the App, you agree to the practices described below.
If you have any questions about this policy, please contact us at support@medrecap.ai.
1. About MedRecap
MedRecap is a personal health record application. It helps you record, transcribe, and summarise your own medical visits, and optionally share that information with people you choose, such as a family member or caregiver.
MedRecap is a personal tool for patients. It is not a clinical system, electronic health record (EHR), or healthcare provider service. We do not transmit your data to your doctor, clinic, hospital, insurance company, or any other healthcare entity. Your records belong to you.
2. Our Privacy Principles
- We will never sell your data. We do not, and will never, sell, rent, or trade your personal information or health information to any third party.
- We will never share your data with advertisers, insurers, employers, or healthcare providers.
- You control your data. You decide what is recorded, what is stored, and who (if anyone) you share it with.
- We collect only what is needed for the App to function.
- We are working to keep more of your data on your device. Today, audio transcription and AI summarisation are performed by a third-party AI provider in the cloud. We are actively developing on-device processing so that, in a future release, your audio and medical content will never need to leave your device.
3. Age Requirement
You must be at least 13 years of age to create an account or use MedRecap.
We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with information, please contact us at the email address above.
A parent or legal guardian aged 13 or older may use MedRecap to record and manage health information about a minor in their care, by creating a patient profile for that minor under the parent/guardian's own account. The account holder remains responsible for the data stored under their account.
4. Information We Collect
4.1 Information You Provide
Account information
- Email address
- Password (stored only in hashed form; we never see or store your plaintext password)
- Full name and preferred name (optional)
- If you sign in with Apple or Google: an identity token, plus the email address and name that the provider returns
Patient profile information
- Patient name and relationship to you (self, parent, child, spouse, sibling, other)
- Date of birth, blood type
- Allergies, chronic conditions
- Emergency contact information, primary doctor name, notes
- Profile photo (optional)
- Language preferences
Health information
- Medications: name, dosage, frequency, purpose, instructions, prescribing doctor, dates, side effects
- Symptoms: name, severity, duration, triggers, vital signs, notes, resolution status
- Appointments: date, doctor name, specialty, facility, reason, preparation notes
4.2 Information Created When You Record a Visit
- Audio recordings of medical visits, captured via your device's microphone
- Transcripts of those recordings (raw and speaker-segmented)
- AI-generated content based on the transcript: visit summary, key takeaways, tone analysis, extracted symptoms, conditions, medications, treatments, action items, keywords, and a glossary of medical terms
- Chat messages you exchange with the AI assistant about a visit
- Visit metadata you provide: doctor or facility name, location, visit reason, visit type, recording consent status
4.3 Information We Collect Automatically
- Device push notification token, used to deliver notifications you have opted in to
- Error logs, including error messages, stack traces, and your user ID, used to diagnose and fix problems
- AI usage records, specifically the number of tokens consumed by AI features for your account, used for service operation and capacity planning. These records contain only counts and timestamps and do not contain the content of your transcripts, summaries, or chats.
We do not collect:
- Behavioural analytics or feature usage tracking
- Advertising identifiers
- Device fingerprints
- Location data (beyond what you voluntarily type into a visit)
- Data from third-party analytics SDKs (we use none)
5. How We Use Your Information
We use your information only for the following purposes:
- To operate the App: store and display your records, generate transcripts and summaries, and sync data across your devices
- To authenticate you and keep your account secure
- To deliver notifications you have asked for (sharing alerts, appointment reminders, summary-ready alerts)
- To enable sharing with people you explicitly invite
- To diagnose and fix technical problems through error logs
- To track aggregate AI token usage for capacity planning
We do not use your data for advertising, profiling, training third-party AI models on your content, or any commercial purpose other than operating the App.
6. How We Store Your Information
6.1 On Your Device
- A local database stores all your visits, transcripts, summaries, profiles, medications, symptoms, appointments, and chat history.
- The database is encrypted at rest using AES-256 encryption (SQLCipher). The encryption key is stored in your device's secure keychain (iOS) or keystore (Android) and is only accessible after the device is unlocked.
- Authentication tokens are stored in your device's secure keychain (iOS) or keystore (Android).
- Audio files are stored only on your device. They are never uploaded to our servers for storage. If you delete a visit, the audio file is deleted from the device.
6.2 In the Cloud
- Structured data (profiles, visits, transcripts, summaries, medications, symptoms, appointments, sharing permissions) is stored in our cloud database.
- All cloud data is protected by row-level security, meaning the database itself prevents any user from accessing another user's data unless it has been explicitly shared.
- The most sensitive personal identifiers, including patient name, date of birth, allergies, and chronic conditions, are additionally encrypted at rest in the cloud database using AES-256.
- All data transmitted between your device and our servers is encrypted in transit using HTTPS / TLS 1.2 or higher.
7. Third-Party Services
We use a small number of third-party services to operate the App. We do not sell or share your data with any third party for advertising, marketing, or commercial purposes.
7.1 AI Processing Provider
When you record a visit and choose cloud transcription, the audio file and resulting transcript are sent to our AI provider for speech-to-text and analysis. Patient context that you have entered (such as existing conditions or medications) may also be included to improve the quality of the summary.
The AI provider's data handling is governed by their own policies, available here:
We are actively developing on-device AI processing. In a future release, this step will be performed entirely on your device and your audio and transcripts will not be transmitted to any external provider.
7.2 Cloud Backend Provider
We use a cloud backend provider for authentication, database storage, serverless functions, and push notification delivery. This provider acts as a data processor on our behalf and stores your data subject to the security measures described in Section 6.
7.3 Sign-in Providers
If you choose to sign in with Apple or Google, those providers will return an identity token to authenticate you. We do not send your health information to these providers. Their use of the sign-in data is governed by their own privacy policies.
7.4 Email Delivery
When you invite someone to share a profile with you and they do not yet have a MedRecap account, we send an invitation email to the address you provide. The email contains your name and a link to accept the invitation. Invitations expire after 48 hours.
8. Sharing Your Information With Others
You can choose to share a patient profile or an individual visit with another person, such as a family member or caregiver.
- All sharing is initiated by you. We never share your information without an explicit action from you.
- You choose what the recipient can see (summary, transcript, medications, symptoms, appointments, etc.) using granular per-field permissions.
- You can revoke a recipient's access at any time.
- Audio files are never shared with other users, even if you share the visit.
- If the person you invite is not yet a MedRecap user, we send them an email invitation containing your name and a link to sign up. They must accept the invitation to gain access.
9. Permissions the App Requests
| Permission | Why we ask |
|---|---|
| Microphone | To record your medical visits |
| Speech recognition (iOS) | To support on-device speech transcription in future releases |
| Photo library | To let you choose a profile photo |
| Notifications | To deliver sharing and appointment alerts |
| Background audio (iOS) / Foreground service (Android) | To keep recording active when the screen is locked or the app is in the background |
You may decline or revoke any permission in your device settings. Some features will not function without the relevant permission (for example, you cannot record a visit without microphone access).
10. Recording Consent and Your Responsibility
Before each recording, MedRecap displays a consent screen that you are expected to show to your healthcare provider. The provider must explicitly agree before the recording starts.
Recording laws vary by location. Some jurisdictions require all parties to consent to a recording; others require only one party. You are responsible for complying with the laws that apply to you and to the location where the recording takes place. MedRecap provides the tool; the legal responsibility for using it appropriately rests with you.
11. Data Retention
| Data type | How long we keep it |
|---|---|
| Account data, profiles, visits, transcripts, summaries, medications, symptoms, appointments, chat messages | Until you delete the item or your account |
| Audio files (on your device) | Until you delete the visit |
| Error logs | 90 days, then automatically deleted |
| AI token usage records (counts and timestamps only, no content) | Retained indefinitely for service operation and capacity planning |
| Push notification tokens | Until you sign out, uninstall the app, or disable notifications |
| Sharing invitations (email) | 48 hours, then expired |
12. Your Rights and Choices
You can exercise the following rights at any time directly within the App:
- Access: View all your data in the App.
- Export: Settings to "Export All Data" exports your visits, transcripts, summaries, and extracted medical data as a JSON file. The export is generated on your device and shared via your operating system's share sheet. No data is sent to our servers during export. Audio files are not included.
- Correct: Edit any profile, visit, medication, symptom, or appointment record at any time.
- Delete a visit: Removes the visit, transcript, summary, chat history, and audio file. Also revokes access for anyone you shared it with.
- Delete a profile: Removes the profile and all associated visits, medications, symptoms, appointments, and shares.
- Delete your account: Permanently and irreversibly deletes your account and all associated data, including profiles, visits, medications, symptoms, appointments, shares, push tokens, and error logs.
- Sign out: Clears your session on the device. Local data on the device remains until you reinstall or clear app data.
- Manage sharing: Revoke any active share at any time from the Sharing screen.
Depending on where you live, you may have additional rights under laws such as the EU/UK General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), including the right to lodge a complaint with your local data protection authority. To exercise any right that is not already self-service in the App, please contact us at the email address at the top of this policy.
13. Security
We protect your information with the following measures:
- AES-256 encryption of the local database on your device
- AES-256 encryption of the most sensitive identifying fields in our cloud database
- Row-level security on every cloud database table, enforced at the database layer
- HTTPS / TLS 1.2+ for all network traffic
- Authentication tokens stored in the operating system's secure keychain (iOS) or keystore (Android)
- Server-side AI provider keys, never exposed to the App
- Nonce-verified Apple Sign-In and native Google Sign-In
No system can be guaranteed 100% secure. If we ever become aware of a breach affecting your data, we will notify you in accordance with applicable law.
14. International Users
MedRecap is operated from, and your data may be stored or processed in, jurisdictions that may differ from your own. By using the App you consent to this transfer and processing. We apply the security measures described in Section 13 regardless of where your data is processed.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you in the App. Continued use of MedRecap after a change takes effect means you accept the updated policy.
16. Contact Us
If you have any questions, requests, or complaints about this Privacy Policy or how we handle your data, please contact us at:
support@medrecap.ai