MDmind

MDmind values your privacy and is committed to protecting your personal data, especially sensitive health-related information. This Privacy Policy describes how we collect, use, store, and protect the data you provide when using our platform. By accessing or using MDmind, you agree to the practices described in this document. If you do not agree, we recommend that you do not use our services.

1. Data We Collect

1.1. User-Provided Data

Registration Data: When creating an MDmind account, we collect information such as name and email. Passwords are stored only in hashed form (never in plaintext).
Usage Data: We collect questions and answers entered on the platform to provide evidence-based responses. IMPORTANT: Do not submit patient-identifying information (e.g., names, document numbers, contact details, addresses, full-face photos, medical record numbers). If such data is submitted, we may remove it and/or delete the content to protect privacy.
Communications: If you contact us (e.g., via email admin@mdmind.ai), we may collect information provided in these communications.

1.2. Automatically Collected Data

Navigation Data: We collect information such as IP address, device type, browser, operating system, access date and time, and pages visited.
Cookies and Similar Technologies: We use cookies to improve user experience, remember preferences and monitor platform usage.

1.3. Sensitive Data

MDmind may process health-related information entered by you during platform use for educational evidence search. This data is treated with the highest level of care and security. You must not enter patient-identifying information. MDmind is designed for general medical education and information purposes only.

1.4. Device Permissions and Media Access

To enhance your experience and support educational evidence search and summarization, MDmind may request access to the following device features: • Microphone Access: We request microphone access to enable voice input for medical questions. Voice input is processed using your device's built-in speech recognition (on-device processing). Audio recordings are not stored or transmitted to our servers. Only the transcribed text is sent for processing. • Camera Access: We request camera access to allow you to capture photos of medical documents or research articles for educational summarization. Do not upload images containing patient-identifying information (e.g., names, faces, medical record numbers). • File and Photo Library Access: We allow you to upload files and images from your device, including PDFs, Word documents, text files, and image files (JPEG, PNG, WebP, HEIC). Maximum file size is 10MB per file, with a maximum of 5 files per message. Do not upload documents containing patient-identifying information. • File Processing: Uploaded files and photos are processed by our backend servers and may be analyzed by third-party AI services (such as OpenAI) to extract text and generate responses. Files are processed temporarily and deleted after processing. Only the extracted text is retained for response generation. • Permission Control: You can deny these permissions and still use other features of the platform. Denying camera or microphone access will only prevent you from using the respective features. All data collected through these device permissions is subject to the same privacy protections described in this policy, including encryption in transit and at rest, and compliance with LGPD and GDPR.

2. How We Use Your Data

We use the collected data for the following purposes:

Legal Bases (LGPD/GDPR): We process personal data to provide the service (contract), for legitimate interests (security, fraud prevention, service improvement), and where applicable based on your consent. Health-related information you choose to enter is processed only to generate educational evidence summaries.

Provide Services: Process your questions and generate educational evidence summaries based on scientific literature.
Personalization: Adapt responses based on conversation history and user preferences.
Security: Protect the platform against unauthorized access, fraud and security violations.
Service Improvement: Analyze platform usage to improve functionality, fix errors and develop new features.
Communication: Send notifications about updates, changes to Terms of Use or Privacy Policy, or respond to your requests.

3. Data Sharing

MDmind does not sell or rent your personal data to third parties. We may share your data in the following situations:

With Service Providers: We share data with third parties who help us operate the platform (e.g., hosting providers, AI services). When you submit a question, we send the text you enter (and extracted text from uploaded files) to AI processors to generate a response. We do not share payment data or personal account information with AI processors. These third parties are required to protect your data and use it only for contracted purposes.
Legal Obligation: We may disclose data if required by law, court order or competent authority.
Rights Protection: To protect the rights, security or property of MDmind, its users or third parties.

4. Data Storage and Security

Storage: Your data is stored on secure cloud servers located in the United States and Brazil. We retain account data and conversation history to provide the service. You control retention through in-app deletion of conversations and your account. Deleted data may persist in encrypted backups for a limited period and will be removed according to our backup rotation schedule.
Security: We adopt technical and organizational measures to protect your data against unauthorized access, loss, alteration or disclosure. This includes encryption in transit and at rest, secure authentication, and input sanitization practices.
Limitations: Despite our efforts, no system is completely secure. Should a security incident occur, we will notify affected users as required by LGPD and GDPR.

5. Your Rights (LGPD/GDPR)

According to Brazilian LGPD and GDPR, you have the following rights regarding your personal data:

Access: Request a copy of the data we have about you.
Correction: Request correction of incomplete, inaccurate or outdated data.
Deletion (in-app): You can delete your account directly in the app. When you delete your account, we delete your profile data (name and email). Your conversation history is anonymized (disassociated from your identity) and may be retained for service improvement, except where full deletion is required by law.
Conversation Deletion: You can delete individual conversations at any time in the app.
Portability: Request transfer of your data to another service.
Consent Revocation: Revoke consent for the use of your data, when applicable.

To exercise these rights, contact us by email: admin@mdmind.ai.

6. Cookies and Tracking Technologies

Essential Cookies: We use cookies for authentication and basic platform operation.
Performance Cookies: We collect analytical data to improve user experience.
Cookie Management: You can manage your cookie preferences in your browser settings. Note that disabling essential cookies may affect platform functionality.

7. Children's Data

MDmind is not intended for minors under 18 years old. We do not intentionally collect data from children. If we become aware that we collected data from a minor without parental consent, we will take steps to delete such data.

8. International Data Transfer

Your data may be transferred to servers outside Brazil (e.g., to AI service providers in the United States). We ensure that such transfers comply with LGPD and GDPR requirements and that adequate security measures are in place.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of significant changes by email or platform notice with at least 7 days advance notice. Continued use of MDmind after such changes constitutes acceptance of the new conditions.

10. Contact

For questions, requests or clarifications about this Privacy Policy, contact us by email: admin@mdmind.ai.

By using MDmind, you confirm that you have read, understood and agree to this Privacy Policy.

MDmind Platform Privacy Policy