Effective Date: April 30, 2026
MediSync ("we," "our," or "us") is a healthcare professional communication and medical community platform developed by Rovento Dev. MediSync is designed exclusively for verified healthcare professionals to communicate, collaborate, share medical knowledge, and coordinate care within and across healthcare institutions.
⚠️ Important Notice: MediSync is NOT a clinical decision-making tool.
MediSync is a communication and community platform for healthcare professionals. It does not provide diagnoses, prescriptions, or clinical recommendations. All clinical decisions must be made by qualified healthcare professionals based on their own professional judgment, training, and access to authoritative clinical resources.
Platform: MediSync — Healthcare Professional Community
Developer: Rovento Dev
Support Email: roventodev@gmail.com
WhatsApp Support: +201000273100
Full name (dual-word enforced, must match official professional ID)
Professional email address
Password (hashed — never stored in plain text)
Medical role (Consultant, Specialist, Resident, or Nurse)
Declared medical specialty
Profile photo (optional)
Specialty verification status (peer-consensus from 10 verified colleagues)
Hospital, clinic, or unit affiliation and your assigned role
Department assignments and invitation history
Patient demographics, vitals, labs, radiology, diagnoses, treatment plans, nursing notes, consultations, and medical history
Patient edit history for audit purposes
Transfer records (admissions, discharges, department transfers)
Direct messages, group chats, attachments
Reactions, replies, and read receipts
Community case posts, comments, threaded replies, polls, and bookmarks
Drug searches (drug names only — no patient data transmitted to APIs)
Drug issue/inaccuracy reports you submit
Messages processed via our secure server-side proxy
Not stored on our servers — local device only (last 50 messages, cleared on sign-out)
Do not input identifiable patient information
2.7 Voice & Audio Data (AI Voice Patient Autofill)
Audio recordings captured via your device microphone when you use the AI Voice Patient Autofill or per-field voice editing features (Android and iOS only — microphone permission required and requested at first use)
Audio is transmitted to our server-side infrastructure and forwarded to Groq AI for transcription (Whisper model) and structured medical data extraction (Llama model), then immediately discarded — audio is not stored on our servers or retained by Groq after processing
Extracted output contains clinical text only — patient names are intentionally excluded by AI system prompt design and are never written to any record by this feature
Extracted data is applied to patient records within your authorized workspace, subject to your review and confirmation before saving
The microphone is never accessed in the background; recording is initiated only by an explicit in-app tap action
Device type, OS, app version
FCM push notification tokens
Anonymized crash/error reports
IP address (security, rate limiting, fraud prevention)
Purpose
Legal Basis
Providing platform features
Contract performance
Professional identity & peer verification
Legitimate interest
Patient record management within your facility
Contract + Legal obligation
Security monitoring & anti-tampering
Legitimate interest
Push notifications
Consent
Bug fixing & performance
Legitimate interest
GDPR compliance
Legal obligation
Patient data access audit logging
Legal obligation
We do not use your data for advertising, behavioral profiling, or selling to third parties.
| AI Voice transcription and medical data extraction (clinical text only, no patient names) — feature used at user discretion | Contract performance + Consent |
Drug Library: Reference information from RxNorm/NIH, DailyMed/FDA, FDA FAERS, DDInter. Each field shows its data source. AI-generated summaries are labeled unverified until admin-reviewed. For reference only — not prescribing advice.
AI Assistant: A general-purpose communication aid. Must NOT be used for diagnosis or treatment decisions.
Clinical Alerts: Configurable rule-based reference alerts — informational aids only, not replacing physician judgment.
Cases Community: Anonymized educational case sharing — not a platform for advice on active patients.
Privately managed, self-hosted server infrastructure operated by Rovento Dev
All data in transit via encrypted HTTPS/TLS
Row-Level Security (RLS) enforced at the database layer — users access only their authorized data
Anti-tampering (freeRASP): Detects rooted devices, hooking frameworks, and app tampering
Secure local storage: Auth tokens in device secure enclave (Android Keystore / iOS Secure Enclave)
Admin second-factor: System admin functions require OTP sent to email
Signed release: Android build signed with dedicated release keystore
HTTP security headers: HSTS, X-Frame-Options DENY, CSP, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
Audit logging: All patient data access logged with timestamp and user identity
Rate limiting: API endpoints rate-limited per user
Isolated by facility via RLS — no cross-facility access without explicit consent
Cross-facility data sharing requires consent recorded in the system
Retention policies configurable per facility (default: 5 years + 1 month); expired records automatically anonymized
GDPR-compliant deletion workflow; processed within 30 days
Legal hold support blocks deletion when legally required
Service
Purpose
Data Shared
Firebase (Google)
Push notification delivery (FCM)
Device push tokens only
DeepSeek AI
AI Assistant (via secure server proxy)
Your message text — never patient data
RxNorm (NIH/NLM)
Drug name resolution
Drug names only
DailyMed (FDA)
Drug monograph retrieval
Drug identifiers only
FDA FAERS
Adverse event / side-effect data
Drug names only
DDInter
Drug-drug interaction database
Drug names only
RevenueCat
Subscription management
Subscription status & purchase receipts
We never share patient-identifiable information with any third-party service.
| Groq AI | AI Voice Patient Autofill — transcription (Whisper) and medical data extraction (Llama) via our secure server-side proxy | Audio recordings — transient only, immediately discarded after processing; no patient names, no storage |
You have the right to: Access · Correct · Delete (within 30 days) · Data Portability · Withdraw Consent · Object to Processing · Lodge a complaint with your local supervisory authority.
Contact us: roventodev@gmail.com | WhatsApp: +201000273100
Data Type
Retention
Account profile
Until account deletion
Patient records
Facility-configured (default 5 years + 1 month)
Chat messages
10-day auto-expiry (default)
Community cases & comments
Until user deletion
Patient access audit logs
2 years
AI Assistant history
Device-local only (cleared on sign-out)
| Voice/audio recordings (AI Voice feature) | Not stored — discarded immediately after transcription and extraction |
Error/crash reports
90 days (anonymized)
MediSync is not a certified EHR system. Patient data entered is the responsibility of the professional and their institution. We implement technical safeguards consistent with healthcare data best practices. Follow your institution's policies on third-party app use.
MediSync is for licensed healthcare professionals only. We do not collect data from individuals under 18. Discovered minor accounts are immediately deleted.
The "Effective Date" will be updated for any changes. Material changes notified via in-app notification. Continued use constitutes acceptance.
Email: roventodev@gmail.com
WhatsApp: +201000273100
In-App: Profile → Contact Us
Response within 30 days.
MediSync — Connecting healthcare professionals. Building a stronger medical community.
Developed by Rovento Dev.