# Privacy Policy - MediSync
**Effective date: July 12, 2026**
**Version basis: MediSync 2.0.8**
---
## About MediSync
MediSync ("MediSync", "we", "our", or "us") is a healthcare collaboration platform developed by **Rovento Dev**. MediSync provides tools for healthcare professionals, hospitals, clinics, units, and authorized family users to communicate, manage approved care updates, organize clinical workflows, access reference content, and use AI-assisted productivity features.
**Important medical safety notice:** MediSync is not a medical device, not a certified electronic health record, and not a substitute for professional clinical judgment. MediSync does not independently diagnose, prescribe, treat, or make clinical decisions. All medical decisions remain the responsibility of qualified healthcare professionals and their institutions.
This Privacy Policy explains what information we collect, how we use it, when we share it, how long we keep it, and what choices you have.
---
## 1. Who We Are
- **App and service:** MediSync
- **Developer:** Rovento Dev
- **Privacy contact:** roventodev@gmail.com
- **WhatsApp support:** +201000273100
- **Primary release scope at this date:** Web and Android. iOS may be offered later after its platform configuration is completed.
---
## 2. Information We Collect
The information we collect depends on the portal, role, and features you use.
### 2.1 Account, Identity, and Professional Profile
We may collect:
- Full name, email address, username, and account identifiers
- Authentication information handled by Supabase Auth, Google Sign-In, or other enabled sign-in providers
- Password credentials for password-enabled web access, stored only as secure authentication hashes by the auth provider
- Role, specialty, professional title, language, country, and profile completion information
- Optional profile photo or avatar
- Admin status, staff role, hospital role, department assignment, invitation status, and access permissions
- Subscription, trial, and portal access status
### 2.2 Hospital, Clinic, Unit, and Workspace Data
When you use institutional features, we may collect:
- Hospital, clinic, unit, department, and private workspace records
- Membership, ownership, staff roster, role, and permission records
- Invitations, join requests, access requests, and role-upgrade requests
- Operational records such as archived entities, restoration actions, and destructive-action confirmations
### 2.3 Patient and Clinical Workflow Data
When authorized users enter or manage patient data, MediSync may store clinical and administrative information such as:
- Patient identifiers entered by the care team, including name, MRN, age, date of birth, gender, phone, address, national ID, insurance information, emergency contacts, admission details, and discharge details
- Diagnoses, complaints, history, allergies, vital signs, medications, prescriptions, nursing notes, consultations, hospital course, care plans, diet or nutrition notes, discharge summaries, and follow-up details
- Laboratory, radiology, pharmacy, order, request, result, report, and attachment information
- Patient family access records, Family Access Codes, approved family-facing updates, family messages, read status, and related audit events
- Patient record access logs, edit history, retention dates, deletion requests, and compliance/audit records
Patient data is scoped to the authorized hospital, clinic, unit, workspace, patient, or family relationship. Access is controlled by authentication, role checks, Row-Level Security, and server-side functions where implemented.
### 2.4 Communication, Community, and Content Data
We may collect:
- Direct messages, group messages, global chat messages, replies, reactions, read receipts, and moderation reports
- Case posts, educational case content, images, attachments, comments, polls, bookmarks, and reports
- Admin moderation actions, shared-session reviews, support messages, and audit-log entries
Do not post identifiable patient information in public or community areas such as global chat, cases, comments, or shared AI sessions.
### 2.5 AI Assistant, Shared AI Sessions, and Voice Features
MediSync includes AI-assisted features. Depending on what you use, we may process:
- AI chat prompts, conversation context, and AI responses
- AI chat session history stored in MediSync for your account
- Shared AI sessions submitted for admin review, including session title, messages, review status, and moderation decisions
- Approved shared AI sessions that become visible in the shared AI knowledge area
- Audio recordings that you explicitly record for voice dictation, AI chat voice input, patient autofill, field editing, or quick reports
- Transcripts and structured outputs produced from audio
- Optional user-provided Groq API keys for bring-your-own-key voice usage, stored locally using secure storage where supported
Voice recording starts only after an explicit in-app action. MediSync does not intentionally access the microphone in the background.
AI and voice features may send prompt text, audio, transcript, or structured clinical text to server-side Edge Functions and upstream AI providers for processing. You must review AI output before using or saving it. Do not include patient identifiers in AI prompts, public shared sessions, or voice dictation unless the feature is being used within an authorized clinical workflow and your institution permits that use.
### 2.6 Drug, Reference, Calculator, and Knowledge Features
We may collect:
- Drug searches, selected drug records, evidence-source lookups, and issue reports
- Calculator inputs and outputs when used inside the app workflow
- Knowledge-base topic requests, learning activity, and related feedback
Drug and reference lookups should not include patient identifiers.
### 2.7 Billing, Trial, and Subscription Data
We may collect:
- Medical portal trial status, plan tier, expiry dates, renewal status, entitlement status, and payment provider status
- RevenueCat customer identifiers, mobile store entitlement information, purchase status, and receipt-related metadata
- Paymob checkout records, order identifiers, merchant order identifiers, transaction status, payment confirmation, billing email, and billing contact information required by Paymob
- Refund, restore, cancellation, and support information
MediSync does not store full card numbers or card security codes. Card and wallet payment details are handled by the relevant payment provider or app store.
### 2.8 Device, Security, Notification, and Diagnostic Data
We may collect:
- Device type, operating system, platform, app version, build version, locale, and basic device diagnostics
- IP address, request metadata, session state, and security/rate-limit signals
- Firebase Cloud Messaging tokens, notification preferences, notification delivery logs, and notification interaction metadata
- Crash reports, error reports, stack traces, app logs, and user-submitted diagnostic descriptions
- Security signals related to tampering, rooted or jailbroken devices, hooking frameworks, emulator checks, and app integrity checks where supported
Error and crash handling is designed to redact sensitive values such as emails, tokens, URLs, patient IDs, MRNs, phone-like strings, and secret-like values before logs are stored or forwarded. Redaction reduces risk but cannot guarantee that every user-entered sensitive value will be removed.
---
## 3. How We Use Information
We use information to:
- Create, authenticate, secure, and manage accounts
- Provide Medical, Hospital, Family, Admin, chat, case, patient-management, notification, AI, drug, calculator, billing, and support features
- Enforce portal access, Medical trial rules, subscriptions, hospital membership, staff roles, and admin controls
- Route authorized users to the correct portal and protect tenant boundaries
- Send transactional notifications, clinical workflow notifications, family updates, support alerts, and security notices
- Process AI prompts, voice dictation, transcription, structured extraction, and AI-assisted summaries
- Process subscription status, web checkout, mobile entitlement restoration, refunds, and payment support
- Maintain audit logs, access logs, retention workflows, deletion workflows, moderation records, and legal/compliance records
- Detect abuse, fraud, security threats, unauthorized access, app tampering, and service misuse
- Debug errors, improve reliability, measure performance, and support users
- Comply with applicable laws, app-store requirements, valid legal requests, accounting obligations, and regulatory obligations
We do not sell personal data or patient data. We do not use patient data for advertising or behavioral ad targeting.
---
## 4. Medical Safety and AI Safety
MediSync is a collaboration and workflow platform. It is not a replacement for clinicians, institutional protocols, official drug labels, emergency services, or authoritative medical references.
- **AI Assistant:** AI responses are informational and may be incomplete, outdated, or wrong. Always verify with clinical judgment and authoritative sources.
- **AI Voice and Autofill:** Transcription and structured extraction are productivity aids. You must review and confirm all output before saving.
- **Drug Library:** Drug data and summaries are reference material only. They are not prescribing instructions.
- **Calculators:** Clinical calculators are aids and may require local policy validation. They do not replace clinician responsibility.
- **Family Portal:** Family-facing content is limited to approved updates and is not a complete medical record.
- **Clinical alerts and notifications:** Alerts are informational workflow aids and may be delayed, missed, duplicated, or unavailable.
Do not use MediSync as the sole basis for diagnosis, treatment, prescribing, triage, emergency care, or any clinical decision.
---
## 5. Third-Party Services and Data Sharing
We share information only as needed to provide MediSync, comply with law, process payments, protect security, or support users. The exact services used may vary by platform, configuration, and feature.
| Service or category | Purpose | Data that may be processed |
|---|---|---|
| Supabase and self-hosted backend infrastructure | Authentication, database, storage, Edge Functions, realtime, access control | Account, app, workflow, patient, chat, AI session, billing-status, and audit data |
| Firebase Cloud Messaging | Push notifications | Device push tokens, notification metadata, and notification delivery data |
| Firebase Crashlytics | Native crash diagnostics | Crash and diagnostic data, app version, platform, user id or role context where configured, with redaction before forwarding where supported |
| Google Sign-In and Google services | Authentication and selected app features | Google account sign-in tokens, email/profile information, and feature-specific requests |
| Google ML Kit | On-device OCR/document scanning where used | Text recognition may run on device; do not scan documents unless you are authorized to process their contents |
| Google Places or Maps services | Location/address lookup features where used | Search text, place/address data, and related request metadata |
| RevenueCat | Mobile subscription entitlement management | App user id, store receipt metadata, entitlement status, purchase status, and restore information |
| Google Play and App Store | Mobile purchases and distribution | Store account, purchase, refund, and app distribution data handled by the app stores |
| Paymob | Web checkout and payment confirmation | Billing contact details required by Paymob, order ids, transaction status, and payment confirmation metadata |
| AI providers such as GitHub Models/Azure, Google Gemini, DeepSeek, OpenRouter, MiniCPM/ModelBest, Groq, and self-hosted Zicus MiniCPM | AI chat, transcription, structured extraction, summaries, and fallback routing | AI prompt text, conversation context, audio, transcript, or clinical text needed for the selected AI feature |
| RxNorm, DailyMed, openFDA, DDInter, and other drug/reference sources | Drug lookup, evidence, labels, adverse event reference, and interaction reference | Drug names, identifiers, and reference queries |
| Email or notification delivery providers where configured | Admin alerts, support, and operational notices | Email address, alert content, support content, and delivery metadata |
We may also disclose information if required by law, court order, regulatory request, security investigation, merger, acquisition, or to protect the rights, safety, and security of users, patients, institutions, Rovento Dev, or the public.
---
## 6. Security Measures
We use technical and organizational safeguards intended to protect MediSync data, including:
- HTTPS/TLS for data in transit
- Supabase authentication and session controls
- Row-Level Security and role-based access controls
- Server-side functions for sensitive operations where implemented
- Audit logging for patient access and administrative actions
- Secure local storage for sensitive local values where supported by the platform
- Tamper, root, jailbreak, hook, emulator, and integrity detection where supported
- Notification-token management and stale-token cleanup
- Redaction before error/crash reporting where supported
- Backups, operational monitoring, and access controls for infrastructure
No system can be guaranteed 100 percent secure. You are responsible for keeping your login credentials secure, using authorized devices, following institutional policy, and reporting suspected unauthorized access promptly.
---
## 7. Retention and Deletion
Retention depends on the data type, portal, facility policy, legal obligations, and operational requirements.
| Data type | General retention approach |
|---|---|
| Account and profile data | Kept while your account is active, then deleted or retained only as required for legal, security, audit, payment, or dispute purposes |
| Patient records | Retained according to facility policy and legal/medical record obligations; default retention workflows may use 5 years plus 1 month after discharge or archive where configured |
| Patient access logs and audit records | Retained for compliance, security, and accountability even when some related user data is deleted |
| Direct and global chat messages | May expire or be deleted according to chat retention rules; global chat has a default expiry workflow |
| Cases, comments, shared AI sessions, and community content | Kept until deleted, removed by moderation, or removed through account/content deletion workflows, subject to audit and legal retention |
| AI chat sessions | Kept with your account unless deleted or submitted/approved as shared content; shared sessions may remain available until removed by you or an admin |
| Voice audio | Processed transiently by the voice feature; MediSync does not intentionally store raw voice audio after processing |
| Voice transcripts and structured outputs | Kept only if returned, saved into a record, message, report, or other app feature |
| Subscription, payment, refund, and entitlement records | Kept as needed for account access, accounting, tax, fraud prevention, disputes, refunds, and legal obligations |
| Push tokens | Kept while notifications are enabled or the device remains registered; stale tokens may be removed |
| Crash/error logs | Kept for debugging and security for a limited period or as configured by the logging service |
| Backups | Retained on operational backup schedules and may persist briefly after deletion until backup rotation completes |
If you delete your account, MediSync will attempt to delete your personal account data and associated app data through the in-app deletion flow. Some records may be retained where necessary for legal, audit, security, accounting, dispute, medical-record, or institutional obligations.
Hospital owners must transfer hospital ownership before deleting their personal account so institutional and patient data remain under an accountable owner.
Google Play also requires a web link where users can request account and data deletion. If you cannot access the app deletion flow, contact **roventodev@gmail.com** with the subject **MediSync Account Deletion Request**.
---
## 8. Your Choices and Rights
Depending on your location and applicable law, you may have rights to:
- Access personal data we hold about you
- Correct inaccurate profile information
- Delete your account or request deletion
- Request a copy or export of your data
- Object to or restrict certain processing
- Withdraw optional consent, such as disabling push notifications
- Ask questions or complain to a data protection authority
To exercise rights, contact **roventodev@gmail.com**. We may need to verify your identity before acting on a request.
For patient records, the healthcare institution or authorized care team may be the primary controller or responsible party. Patient-record requests may need to be directed to the relevant hospital, clinic, unit, or healthcare professional.
---
## 9. International Processing
MediSync may be operated, accessed, supported, or processed from countries other than where you live or where care is delivered. By using MediSync, you understand that data may be processed on infrastructure and by service providers in other jurisdictions, subject to this Privacy Policy and applicable law.
---
## 10. HIPAA, GDPR, and Healthcare Compliance Notice
MediSync is designed with healthcare privacy and security in mind, but MediSync is not claiming to be a HIPAA-certified product, a certified EHR, or a medical device. Healthcare professionals and institutions are responsible for determining whether MediSync is permitted under their local laws, patient-consent requirements, institutional policies, and contractual obligations.
If your organization requires a specific data processing agreement, business associate agreement, or similar contract before using a third-party tool with protected health information, do not enter protected health information into MediSync until that agreement is completed.
---
## 11. Children's Privacy
MediSync professional accounts are intended for adults and authorized healthcare workers, not for children. Family portal accounts are intended for authorized adult relatives or caregivers.
Patient records may include information about minors when entered by authorized healthcare professionals or institutions as part of care coordination. Such data must be handled according to applicable healthcare, consent, guardian, and institutional rules.
---
## 12. Breach and Incident Response
If we become aware of a security incident involving personal information or health information, we will investigate and take steps required by applicable law, which may include notifying affected users, institutions, regulators, service providers, or other required parties.
---
## 13. Changes to This Policy
We may update this Privacy Policy as MediSync changes or as legal, platform, security, or operational requirements evolve. The effective date will be updated when material changes are made. Continued use of MediSync after the updated policy is posted means you accept the updated policy, where permitted by law.
---
## 14. Contact Us
For privacy questions, support, account deletion, data requests, or security concerns:
- **Email:** roventodev@gmail.com
- **WhatsApp:** +201000273100
- **In-app:** Profile > Contact Us
Please do not send patient-identifiable information by email or WhatsApp unless necessary and authorized.
---
*MediSync - healthcare collaboration with careful privacy, safety, and accountability.*
*Developed by Rovento Dev.*