Privacy Policy

When you use MediPulse, we collect the following types of information: • Account Information: When you register, we collect your name and email address. Passwords are hashed using industry-standard bcrypt encryption and are never stored in plain text. • Health Interaction Data: Symptom check inputs, chat conversation history, and analysis results are stored to provide you with a history of your interactions and to improve service quality. • Usage Data: Basic usage metrics such as session timestamps, feature usage counts, and general interaction patterns may be collected to improve the service. We do not collect precise device identifiers or location data. • Cookies: We use session-related cookies and local storage tokens solely for authentication purposes. We do not use advertising, tracking, or third-party analytics cookies.

Your data is stored securely on Amazon Web Services (AWS) infrastructure: • Database: All user data, health interactions, and content are stored in Amazon DynamoDB, a fully managed NoSQL database with encryption at rest enabled by default using AWS-managed keys. • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS). We do not serve any content over unencrypted HTTP connections. • Authentication Tokens: Authentication is handled using JWT (JSON Web Tokens) stored in your browser's local storage. These tokens expire and are invalidated on logout. • Backups: AWS DynamoDB provides automatic replication across availability zones. Point-in-time recovery may be enabled for additional data protection.

We use your information for the following purposes: • To create and manage your account and authenticate your identity. • To provide the AI chat, symptom checker, and health information features. • To maintain your history of chat sessions and symptom checks for your personal reference. • To improve the quality, accuracy, and relevance of our AI-generated responses. • To send verification emails and, if requested, password reset emails. • To enforce our terms of service and prevent abuse. We do not use your health information for advertising, profiling, or any commercial purpose beyond providing the MediPulse service.

We do not sell, rent, trade, or share your personal information or health data with third parties, except in the following limited circumstances: • AI Processing: Symptom check and chat inputs are processed by an AI language model to generate responses. These interactions may be processed by third-party AI providers under strict confidentiality and data processing agreements. • Cloud Infrastructure: AWS services process and store your data as described above, subject to AWS's own privacy and security standards. • Legal Requirements: We may disclose your information if required to do so by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of MediPulse, our users, or others. • Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified of any such change.

Depending on your jurisdiction, you may have the following rights regarding your personal data: • Access: You may request a copy of the personal data we hold about you. • Correction: You may request correction of inaccurate or incomplete data. You can update your display name directly in the app dashboard. • Deletion: You may request deletion of your account and associated data. Contact us to initiate account deletion. • Data Portability: You may request an export of your data in a common machine-readable format. • Objection: You may object to certain types of data processing. To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to valid requests within 30 days.

MediPulse uses browser local storage (not traditional cookies) to store your authentication token. This token is: • Required for authenticated features (chat, symptom checker, dashboard). • Stored only on your device and never transmitted in a URL or insecure channel. • Cleared when you log out or manually clear your browser storage. We do not use any third-party tracking cookies, advertising pixels, or social media tracking scripts. Our site does not include Google Analytics, Facebook Pixel, or similar tracking tools.

MediPulse is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with their personal information, please contact us immediately so we can take appropriate action.

We may update this Privacy Policy from time to time. When we make significant changes, we will update the date at the top of this page. Continued use of MediPulse after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us via the MediPulse platform. We are committed to addressing your concerns promptly and transparently.