MedSync ("we", "our", or "us") is committed to protecting the privacy of healthcare professionals and their patients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the MedSync platform.
We collect information you provide directly to us, such as when you create an account, record clinical sessions, or contact us for support. This includes:
MedSync processes Protected Health Information as a Business Associate under HIPAA. All PHI is encrypted at rest using AES-128 field-level encryption (Fernet) with PBKDF2-HMAC-SHA256 key derivation (480,000 iterations). PHI is never transmitted to third-party AI services without prior redaction of HIPAA Safe Harbor identifiers.
We retain clinical data for as long as your account is active or as needed to provide services. You may request deletion of your data at any time via Settings → Account → Request Data Erasure, which permanently removes all associated PHI in compliance with GDPR Article 17.
If you are located in the European Economic Area, you have the right to access, correct, export, or delete your personal data. Contact us at [email protected] to exercise these rights.
For privacy-related questions, contact us at [email protected].