Privacy Policy

MedRev is committed to protecting your privacy and ensuring the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications (MedRev Patient App and MedRev Doctor App) and related services.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

1.1 Personal Information

We collect information that you provide directly to us, including:

• Account Information: Name, email address, phone number, date of birth, gender, and profile photo
• Health Information: Medical history, current medications, allergies, height, weight, BMI, body images, and health goals
• Communication Data: Messages exchanged with healthcare providers, support team communications, and consultation notes
• Appointment Information: Scheduled appointments, consultation history, and follow-up records
• Prescription Data: Medications prescribed, dosage instructions, and adherence tracking
• Payment Information: Billing address, payment method details (processed securely through Stripe), and transaction history

1.2 Automatically Collected Information

When you use our services, we automatically collect certain information, including:

• Device Information: Device type, operating system, unique device identifiers, and mobile network information
• Usage Data: How you interact with our app, features used, time spent, and access patterns
• Location Data: General location information (with your consent) for timezone and appointment scheduling purposes
• Technical Data: IP address, browser type, and app version

1.3 Health and Medical Data

As a healthcare application, we collect sensitive health information necessary to provide medical services, including:

• Screening questionnaire responses
• Side effect reports and medication adherence data
• Diet challenge responses and daily records
• BMI and weight tracking history
• Video consultation recordings (if applicable and with consent)

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Provision

• To create and manage your account
• To facilitate communication between you and healthcare providers
• To schedule and manage appointments
• To process prescriptions and medication orders
• To provide diet support and nutritional guidance
• To track your health progress and generate reports

2.2 Healthcare Operations

• To enable healthcare providers to deliver medical care
• To maintain medical records and treatment history
• To coordinate care between doctors, diet specialists, and pharmacists
• To ensure medication safety and adherence
• To comply with medical and legal obligations

2.3 Communication

• To send appointment reminders and notifications
• To provide customer support and respond to inquiries
• To send important service updates and health-related information
• To deliver push notifications (with your consent)

2.4 Business Operations

• To process payments and manage subscriptions
• To improve our services and develop new features
• To conduct analytics and research (using anonymized data)
• To ensure security and prevent fraud
• To comply with legal obligations and regulatory requirements

3. Information Sharing and Disclosure

We share your information only in the following circumstances:

3.1 Healthcare Providers

We share your health information with:

• Assigned Doctors: Your primary and secondary assigned physicians who provide medical oversight
• Diet Support Team: Specialized diet support staff who provide nutritional guidance
• Pharmacists: Licensed pharmacists who process and fulfill medication prescriptions

3.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our services, including:

• Payment processors (Stripe) for secure payment processing
• Cloud hosting providers for data storage
• Email and notification services
• Analytics providers (using anonymized data)

All service providers are contractually obligated to protect your information and use it only for specified purposes.

3.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders, subpoenas, or legal processes
• Government or regulatory requests
• Protection of rights, property, or safety
• Compliance with healthcare regulations (e.g., HIPAA, GDPR where applicable)

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4. Data Security

We implement comprehensive security measures to protect your information:

4.1 Technical Safeguards

• Encryption: All data in transit is encrypted using TLS/SSL protocols
• Secure Storage: Health data is stored in encrypted databases with restricted access
• Authentication: Multi-factor authentication and secure login systems
• Access Controls: Role-based access controls ensuring only authorized personnel can access your data
• Regular Audits: Security assessments and vulnerability testing

4.2 Administrative Safeguards

• Staff training on data protection and privacy
• Strict confidentiality agreements for all employees
• Regular security reviews and updates
• Incident response procedures

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

5. Your Rights and Choices

You have the following rights regarding your personal information:

5.1 Access and Portability

• Request access to your personal and health information
• Receive a copy of your data in a portable format
• View your medical records and treatment history

5.2 Correction and Updates

• Update or correct inaccurate information through your account settings
• Request corrections to your medical records (subject to healthcare provider approval)

5.3 Deletion

• Request deletion of your account and personal information
• Note: Some information may be retained as required by law or for legitimate business purposes (e.g., medical records retention requirements)

5.4 Communication Preferences

• Opt-out of marketing communications (you will still receive important service-related messages)
• Manage push notification preferences in your device settings
• Control email notification preferences in your account settings

5.5 Data Processing Restrictions

• Request restriction of certain data processing activities
• Object to certain uses of your information (where legally applicable)

To exercise these rights, please contact us at admin@medrev.co.uk or through the app's support feature.

6. Health Information Privacy (HIPAA Compliance)

As a healthcare service provider, we are committed to compliance with applicable health information privacy laws, including:

• HIPAA (Health Insurance Portability and Accountability Act): For U.S. users, we comply with HIPAA requirements for Protected Health Information (PHI)
• GDPR (General Data Protection Regulation): For EU/UK users, we comply with GDPR requirements for health data processing
• Local Healthcare Regulations: We comply with applicable healthcare privacy laws in your jurisdiction

6.1 Notice of Privacy Practices

This Privacy Policy serves as our Notice of Privacy Practices. By using our services, you acknowledge that you have received and reviewed this notice.

6.2 Authorization and Consent

We obtain your explicit consent before:

• Sharing your health information with healthcare providers
• Processing sensitive health data
• Using your information for purposes beyond direct care

7. Children's Privacy

Our services are intended for users aged 18 and older. We do not knowingly collect personal information from individuals under 18 years of age. If you believe we have inadvertently collected information from a minor, please contact us immediately, and we will take steps to delete such information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

9. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (e.g., medical record retention requirements)
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

Medical records are typically retained in accordance with healthcare regulations, which may require retention for several years after the last service date. When you delete your account, we will delete or anonymize your information, except where retention is required by law.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and authentication
• Remember your preferences
• Analyze app usage and improve our services
• Ensure security and prevent fraud

You can control cookies through your device or browser settings, though this may affect some app functionality.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

• Posting the updated policy on our website and in the app
• Updating the "Last Updated" date
• Sending you a notification (for material changes)

Your continued use of our services after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

12. Third-Party Links and Services

Our services may contain links to third-party websites or integrate with third-party services (e.g., payment processors, video call providers). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

13. Contact Us

For privacy-related complaints, you also have the right to contact your local data protection authority or healthcare regulatory body.