Privacy Policy

1. Introduction

Welcome to MedCrypt (also known as MedVault or HealthCrypt). We are committed to protecting your privacy and ensuring the security of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical practice management platform.

By using MedCrypt, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

• Name, email address, phone number
• Medical license number and specialty
• Clinic or practice information
• Professional credentials and certifications
• Billing and payment information

2.2 Patient Information (PHI)

As a healthcare provider using our platform, you may input Protected Health Information (PHI) including:

• Patient demographics (name, contact information, date of birth)
• Medical history, conditions, and diagnoses
• Prescription information and medication lists
• Lab results and test findings
• Clinical notes and treatment plans
• Medical images and prescription scans

2.3 Usage Data

We automatically collect certain information when you use our services:

• IP address and device information
• Browser type and version
• Pages visited and features used
• Time and date of access
• Diagnostic and performance data

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve our medical practice management platform
• AI Features: To power AI-driven features such as prescription OCR, medical insights, and intelligent assistant capabilities
• Communication: To send you technical notices, updates, security alerts, and support messages
• Analytics: To understand usage patterns and improve user experience
• Security: To detect, prevent, and address technical issues and security threats
• Compliance: To comply with legal obligations and industry regulations including HIPAA
• Integration Services: To facilitate integrations with Google Meet, Google Calendar, and Google Drive as authorized by you

4. HIPAA Compliance

MedCrypt is committed to full compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its regulations:

• Business Associate Agreement (BAA): We execute BAAs with all healthcare providers using our platform
• Administrative Safeguards: Security management processes, workforce training, and access controls
• Physical Safeguards: Secure data centers with restricted access and environmental controls
• Technical Safeguards: Encryption, authentication, audit controls, and transmission security
• Breach Notification: Procedures in place to notify you of any unauthorized access to PHI

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Authentication: Multi-factor authentication (2FA) available for enhanced security
• Access Control: Role-based access controls ensure users only see their own data
• Rate Limiting: Protection against brute force attacks and unauthorized access attempts
• Regular Audits: Security assessments and penetration testing conducted regularly
• Secure Infrastructure: Hosted on enterprise-grade cloud infrastructure (Supabase, Vercel)

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services and fulfill the purposes outlined in this policy
• Comply with legal, regulatory, and professional obligations (typically 7 years for medical records)
• Resolve disputes and enforce our agreements

Upon account deletion, we will securely delete or anonymize your personal information within 30 days, unless retention is required by law.

7. Your Rights

Under HIPAA and applicable privacy laws, you have the following rights:

• Access: Request access to your personal information we hold
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Export: Download your data in portable formats (CSV, PDF, Excel)
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing of your personal information
• Breach Notification: Be notified of any data breaches affecting your PHI

To exercise these rights, please contact us at medcryptsoftware@gmail.com

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze usage patterns and improve our services
• Ensure security and prevent fraud

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our platform.

9. Children's Privacy

MedCrypt is designed for use by healthcare professionals. Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws, including HIPAA for U.S.-based healthcare providers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide prominent notice or obtain your consent as required by law.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Acknowledgment

By using MedCrypt, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. You also acknowledge your responsibilities as a healthcare provider under HIPAA and other applicable regulations when using our platform to handle patient information.