Privacy Policy
Effective Date: January 20, 2026 | Last Updated: January 29, 2026
Introduction
MediVision ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.
Summary
Information We Collect
Information You Provide
- Health Information: Symptom descriptions, medical history, medication lists, and related health data you enter into the app
- Profile Information: Name, age, gender, and emergency contacts you choose to provide
- Images: Photos of symptoms or medications you choose to capture
Automatically Collected Information
- Crash Reports: Anonymized technical information when the app encounters errors (via Sentry)
- Usage Analytics: Non-identifiable usage patterns to improve the app
How Your Data is Stored
Local-Only Storage
All personal health information is stored exclusively on your device using Apple's iOS Keychain, which provides:
- Hardware-level encryption
- Biometric protection (Face ID/Touch ID when enabled)
- No transmission to external servers
What We Do NOT Store
- We do NOT store your health data on any servers
- We do NOT create cloud accounts for users
- We do NOT have access to your personal health information
How We Use Your Information
Health Data (Processed Locally)
Your health information is used to:
- Provide AI-powered symptom triage guidance
- Track your symptom history
- Identify potential medication interactions
Crash Reports
Anonymized crash data is used to:
- Identify and fix bugs
- Improve app stability
- Enhance user experience
Important: Crash reports are automatically filtered to remove any health-related information before transmission.
AI Processing
When you request symptom analysis, your description is sent to Google's Gemini API for processing. This transmission:
- Is encrypted in transit (TLS 1.3/HTTPS)
- Passes through our secure proxy server that removes identifying information
- Is not stored by us or used for training AI models
De-identification (Safe Harbor Method)
Before any symptom data is sent for AI analysis, we remove all personal identifiers following the HIPAA Safe Harbor de-identification standard. The following 18 identifier types are stripped:
- Names
- Geographic data smaller than state
- Dates (except year)
- Phone numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers
- Device identifiers
- Web URLs
- IP addresses
- Biometric identifiers
- Full-face photos
- Any unique identifying code
This ensures that even if you accidentally include personal information in your symptom description, it will be removed before reaching any external service.
FTC Health Breach Notification Rule
As a consumer health app, MediVision complies with the FTC's Health Breach Notification Rule (HBNR). This means:
- All locally stored health data is encrypted at rest (AES-256)
- We do not share health data with advertisers or third-party analytics
- In the unlikely event of a security breach affecting your health data, we will notify you and the FTC
- We maintain internal breach response procedures
Note: Because your health data is stored only on your device and we never have access to it, the risk of a breach from our systems is minimal. However, we recommend enabling device encryption and biometric lock on your phone.
Third-Party Services
Services We Use
| Service | Purpose | Data Shared |
|---|---|---|
| Google Gemini | AI symptom analysis | Anonymized symptom text only |
| Sentry | Crash reporting | Anonymized technical data |
| RevenueCat | Subscription management | Purchase receipts (no health data) |
| Apple App Store | App distribution | Standard App Store data |
Services We Do NOT Use
- No advertising networks
- No social media SDKs
- No third-party analytics on health data
Your Rights and Choices
Data Control
- View: Access all your stored data within the app
- Export: Export your health records as JSON files
- Delete: Delete all data by uninstalling the app or using the reset function
Opt-Out Options
- Disable crash reporting in app settings
- Decline location permissions for Find Care feature
- Use the app without creating a profile
Data Security
Technical Safeguards
- AES-256 encryption via iOS Keychain
- Biometric authentication support
- No data transmission except for AI analysis requests
- Secure API proxy with rate limiting
Organizational Safeguards
- Privacy-by-design architecture
- Regular security assessments
- Minimal data collection principle
Children's Privacy
MediVision is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If you are a parent and believe your child has provided us with personal information, please contact us.
Medical Disclaimer
MediVision is designed for informational purposes only and does not provide medical diagnoses, treatment recommendations, or medical advice. Always consult with a qualified healthcare provider for medical concerns.
The information provided by MediVision:
- Is NOT a substitute for professional medical advice
- Should NOT be used for emergency medical situations
- Does NOT create a doctor-patient relationship
California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information
We do not sell personal information.
European Privacy Rights (GDPR)
If you are in the European Economic Area, you have rights under GDPR including:
- Right of access
- Right to rectification
- Right to erasure
- Right to data portability
Since all data is stored locally on your device, you have complete control over your information.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Providing in-app notification for significant changes
Contact Us
If you have questions about this Privacy Policy, please contact us at:
Email: privacy@medivision.app
This privacy policy applies to the MediVision mobile application for iOS.