Introduction
At MEDIVAI, privacy is not a technical detail or a regulatory checkbox — it is an operating principle that governs how we design our systems, make decisions, and communicate with the people who trust us. This Privacy Policy outlines how we handle your personal information and why we approach data with transparency, restraint, and security. By interacting with MEDIVAI’s website, services, mobile applications, or connected platforms, you are engaging with systems intentionally engineered to respect your privacy and limit data exposure. Our obligation goes beyond meeting global regulatory requirements — it extends to meeting the ethical responsibility we hold when handling health-related and personally sensitive information.
What Personal Data We Collect
We interpret personal data broadly and apply protective principles even in borderline cases. Personal data, as defined by this policy, includes any information that can be used to identify you directly or indirectly, whether on its own or in combination with other information. This may include your name, phone number, email address, geolocation, IP address, device metadata, and any behavioral patterns captured during your interaction with our platform. When you engage with MEDIVAI, you may provide data actively by completing profiles, submitting inquiries, or uploading health metrics. Additionally, data may be collected passively via cookies, session analytics, or integrations with third-party platforms such as wearable devices, mobile operating systems, or health data aggregators, provided that you have authorized those connections. We do not rely on ambiguity to collect data; any collection is deliberate and justifiable.
How and Why We Use Your Data
The use of personal data is confined to purposes that are legitimate, proportionate, and clearly defined. Primarily, we use your data to enable secure access to the MEDIVAI platform and to personalize your user experience based on contextual health factors. This includes adapting our algorithms to offer insight based on your metrics, tailoring the delivery of services to align with your preferences or needs, and alerting you to trends that may be medically relevant. We may also process data to detect fraudulent activity, maintain the functional integrity of our infrastructure, ensure contractual performance, and comply with regulatory mandates. In cases where your consent is the lawful basis for processing, such consent is always explicit, revocable, and informed. We do not use your identifiable health data for targeted marketing, nor do we use sensitive data to train machine learning models unless it has first been anonymized or aggregated beyond the point of individual identification.
Your Rights and Choices
MEDIVAI users have enforceable rights over their personal data, regardless of jurisdiction. These rights include the ability to request access to your information, rectify inaccuracies, object to certain processing activities, limit how we use your data, delete your data, and request a copy of your data for portability. If you believe your rights have been violated, or if you wish to exercise any of these entitlements, you may contact our privacy team via the methods outlined at the end of this policy. In some regions, such as the European Economic Area (EEA), the United Kingdom, or the State of California, users may also lodge complaints with their respective data protection authorities. However, we encourage direct contact first, as we are committed to resolving concerns swiftly and respectfully. Withdrawing consent is as easy as giving it, and we will never penalize you for doing so.
Data Security and Safeguards
Your data is protected using multilayered technical and organizational safeguards. While we do not publicly disclose the specific technologies or vendors involved in these systems, we employ best-practice encryption methodologies, secure storage environments, internal access controls, and continuous vulnerability assessments to prevent unauthorized access, alteration, disclosure, or destruction of your data. Access to personal information is strictly restricted to personnel whose roles explicitly require it, and such access is governed by audit-logged permissions and confidentiality agreements. We have procedures in place for the management of data breaches, including immediate containment, risk analysis, user notification (where required), and remediation strategies. In short, we take the view that safeguarding your data is not an option — it is an operational imperative.
Data Sharing and Disclosure
Data is never shared arbitrarily. We disclose personal data only when necessary to deliver our services or fulfill legal and contractual obligations. This may include sharing data with infrastructure providers, analytics partners, or customer support systems — but only under strict contractual terms that prohibit the use of data for any purposes outside of MEDIVAI’s direct instructions. We do not allow subprocessors to retain, analyze, or repurpose personal data for their own objectives. Where we are legally compelled to disclose data to authorities, we limit such disclosure to what is required, inform affected individuals where permitted, and assess all such requests for overreach or lack of legal justification. In the context of a business transaction, such as an acquisition or merger, user data may be considered part of the transferred assets, but this policy and its protections will remain in force unless materially revised with appropriate notice.
Transfer of Data Across Borders
Because MEDIVAI is available globally, your personal data may be processed in countries that do not offer the same data protection standards as your home jurisdiction. However, regardless of where your data travels, we maintain a uniform standard of privacy protections. For users located in the EEA, UK, or countries with equivalent data export requirements, transfers are conducted in accordance with established legal mechanisms such as standard contractual clauses or comparable arrangements. We apply rigorous internal controls to ensure that access is limited, monitored, and justifiable. The physical location of servers or data centers does not diminish your rights or our obligations. Transparency around international transfers is critical, and we invite you to contact us if you require more information about the locations or frameworks involved in processing your data.
Data Retention Practices
Personal data is retained only for as long as it is needed to fulfill the purposes outlined in this policy — or as long as we are legally obligated to do so. Retention periods vary depending on the category of data, the context of collection, and any applicable compliance obligations. Once data is no longer needed, we either delete it securely or anonymize it irreversibly, ensuring that it cannot be reconstructed or linked back to any individual. We do not maintain dormant archives of user data without justification. If you request deletion of your data, we will honor that request promptly, except in cases where we must retain certain records to comply with law, enforce our agreements, or support legal claims. Where automated deletion is not feasible, manual procedures are used to ensure compliance with retention timelines.
Children and Minor Users
Our services are intended for general use, but we strongly advise that children under the age of digital consent in their respective countries use MEDIVAI only under adult supervision. We do not knowingly collect personal data from minors without verified parental consent. Where such data is discovered to have been collected inadvertently, we act swiftly to remove it and notify appropriate stakeholders. Parents and legal guardians are encouraged to monitor and guide their children’s use of digital health tools and to contact us immediately with any concerns about the misuse of our services by a minor.
Updates to This Policy
This Privacy Policy may be revised periodically to reflect changes in our practices, legal developments, or feature updates. Any material changes will be communicated clearly through official MEDIVAI channels, and a new effective date will be published at the top of this page. Your continued use of our services after such changes constitutes your acceptance of the updated terms, but where required by law, we will seek your consent before applying material changes retroactively. Historical versions of this policy are archived and available upon request.
Contact Information
If you have questions, concerns, or wish to exercise your rights under this policy, please contact us directly. We are committed to responding with professionalism, transparency, and respect.
MEDIVAI Privacy Team, info@medivai.com