MeddySquare

Privacy Policy

Last updated: November 19, 2025

At MeddySquare, your privacy is our top priority. This policy explains how we collect, use, and protect your personal and medical information. We are committed to transparency and maintaining the highest standards of data protection in compliance with GDPR (General Data Protection Regulation) and HIPAA (Health Insurance Portability and Accountability Act) requirements. This Privacy Statement explains how MeddySquare (“we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you use our platform, a digital workspace that allows users to create, organize, and store content (“Service”). By accessing or using the Service, you consent to the practices described in this Privacy Statement.

Information We Collect

We collect information that you provide directly to us, including:

  • Personal information such as name, email address, and phone number
  • Medical records, prescriptions, and health information you choose to upload
  • Account credentials and preferences
  • Payment information for subscription services
  • Communications with our support team

We also automatically collect certain information when you use our services, including device information, usage data, and cookies for functionality and analytics purposes. You can control cookie preferences through our cookie consent banner or in cookie settings.

Legal Basis for Processing (GDPR):

  • Consent: When you explicitly agree to data processing
  • Contract: To provide services you've requested
  • Legal Obligation: To comply with laws and regulations
  • Legitimate Interest: To improve and secure our services

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Store and organize your medical records securely
  • Process transactions and send related information
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms

Data Security

We implement industry-leading security measures to protect your information:

  • End-to-end encryption for all data transmission
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • HIPAA-compliant infrastructure and practices
  • Multi-factor authentication options
  • Strict access controls and employee training

Your Rights and Choices

You have the following rights regarding your personal information:

  • Right of Access: Access and receive a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information ("right to be forgotten")
  • Right to Restrict Processing: Object to or restrict certain processing activities
  • Right to Data Portability: Export your data in a portable format (CSV, JSON)
  • Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing
  • Right to Object: Object to processing based on legitimate interests
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

How to Exercise Your Rights:

To exercise these rights, please contact us at privacy@meddysquare.com or through your account settings. We will respond to your request within 30 days as required by GDPR.

Information Sharing

We do not sell your personal information. We may share your information only in the following circumstances:

  • With your explicit consent
  • With healthcare providers you choose to share your records with
  • With service providers who assist in operating our platform
  • To comply with legal obligations or respond to lawful requests
  • To protect the rights, property, or safety of MeddySquare and our users

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

  • Active account data: Retained while your account is active
  • Marketing data: Retained until you withdraw consent
  • Backup data: Automatically deleted after 90 days

When you delete your account, we will delete or anonymize your data within 30 days, except where we are legally required to retain it.

International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with all third-party processors
  • Adequate security measures during transfer and storage

Children's Privacy

Our services are not intended for children under 16 years of age (or under 13 in some jurisdictions). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email and by posting the new policy on this page with an updated "Last updated" date. For significant changes, we will obtain your consent where required by law.