How we protect your data
Your data is yours.
What we collect
Your name, email address, and the medical information you choose to enter about the person you are caring for. We also collect uploaded documents such as lab results, discharge summaries, and imaging reports.
Where it lives
All data is stored on Supabase, a secure cloud database platform. Data is encrypted at rest using AES-256 encryption and encrypted in transit using TLS. Your uploaded files are stored in a private storage bucket accessible only by your authenticated account.
Who can see it
Only you. Supabase Row Level Security ensures that every query is restricted to your own data at the database level. No Medalyn employee can access your records without your explicit permission.
How AI processing works
When you upload a document or send a message, the content is sent to Anthropic’s Claude API to generate a response. Anthropic does not use your data to train AI models. Your data is processed and discarded. Anthropic’s full data handling policy is available at anthropic.com/privacy.
What we will never do
We will never sell your data. We will never share your data with advertisers. We will never use your medical information for any purpose other than providing the service to you.
Research opt-in
Medalyn has an optional research program where anonymized, de-identified data can be shared with IRB-approved researchers. This is always opt-in, never automatic, and you can withdraw at any time.
Your rights
You can export all your data at any time from the app. You can delete your account and all associated data permanently from your profile settings. We respond to all privacy requests within 30 days.
Disclaimer
Medalyn is not a HIPAA covered entity. We apply security practices consistent with HIPAA standards but have not signed a Business Associate Agreement with our infrastructure providers. If you require formal HIPAA compliance please contact samira@cassinidesigngroup.com.
Questions
samira@cassinidesigngroup.com. We respond within 24 hours.