MDmind Platform Privacy Policy

MDmind values your privacy and is committed to protecting your personal data, especially sensitive health-related information. This Privacy Policy describes how we collect, use, store, and protect the data you provide when using our platform. By accessing or using MDmind, you agree to the practices described in this document. If you do not agree, we recommend that you do not use our services.

1. Data We Collect

1.1. User-Provided Data

• Registration Data: When creating an MDmind account, we collect information such as name, email, professional registration number (e.g., CRM, COREN) and password.
• Usage Data: We collect questions and answers entered on the platform, including information about clinical cases discussed, to provide evidence-based responses.
• Communications: If you contact us (e.g., via email support@mdmind.com.br), we may collect information provided in these communications.

1.2. Automatically Collected Data

• Navigation Data: We collect information such as IP address, device type, browser, operating system, access date and time, and pages visited.
• Cookies and Similar Technologies: We use cookies to improve user experience, remember preferences and monitor platform usage.

1.3. Sensitive Data

• MDmind may process sensitive data, such as health-related information, entered by you during platform use. This data is treated with the highest level of care and security.

2. How We Use Your Data

We use the collected data for the following purposes:

• Provide Services: Process your questions and generate responses based on scientific evidence and medical guidelines.
• Personalization: Adapt responses based on conversation history and user preferences.
• Security: Protect the platform against unauthorized access, fraud and security violations.
• Service Improvement: Analyze platform usage to improve functionality, fix errors and develop new features.
• Communication: Send notifications about updates, changes to Terms of Use or Privacy Policy, or respond to your requests.

3. Data Sharing

MDmind does not sell or rent your personal data to third parties. We may share your data in the following situations:

• With Service Providers: We share data with third parties who help us operate the platform (e.g., hosting providers, AI services like OpenAI). These third parties are required to protect your data and use it only for contracted purposes.
• Legal Obligation: We may disclose data if required by law, court order or competent authority.
• Rights Protection: To protect the rights, security or property of MDmind, its users or third parties.

4. Data Storage and Security

• Storage: Your data is stored on secure servers, located in [country/region, e.g., Brazil or cloud servers]. We keep data for the time necessary to fulfill the purposes described in this Policy or as required by law.
• Security: We adopt technical and organizational measures to protect your data against unauthorized access, loss, alteration or disclosure. This includes data encryption in transit (HTTPS), secure authentication (OAuth2 with JWT), and input sanitization practices.
• Limitations: Despite our efforts, no system is completely secure. Should a security incident occur, we will notify affected users as required by GDPR.

5. Your Rights

According to GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of the data we have about you.
• Correction: Request correction of incomplete, inaccurate or outdated data.
• Deletion: Request deletion of your data, except when retention is necessary for legal reasons.
• Portability: Request transfer of your data to another service.
• Consent Revocation: Revoke consent for the use of your data, when applicable.

To exercise these rights, contact us by email: support@mdmind.com.br.

6. Cookies and Tracking Technologies

• Essential Cookies: We use cookies for authentication and basic platform operation.
• Performance Cookies: We collect analytical data to improve user experience.
• Cookie Management: You can manage your cookie preferences in your browser settings. Note that disabling essential cookies may affect platform functionality.

7. Children's Data

MDmind is not intended for minors under 18 years old. We do not intentionally collect data from children. If we become aware that we collected data from a minor without parental consent, we will take steps to delete such data.

8. International Data Transfer

Your data may be transferred to servers outside Brazil (e.g., to service providers like OpenAI). We ensure that such transfers comply with GDPR requirements and that adequate security measures are in place.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of significant changes by email or platform notice with at least 7 days advance notice. Continued use of MDmind after such changes constitutes acceptance of the new conditions.

10. Contact

For questions, requests or clarifications about this Privacy Policy, contact us by email: support@mdmind.com.br.