This Privacy Policy describes how Medcol FZCO ("Medcol", "we", "us", or "our"), a company registered in Dubai Silicon Oasis, Technohub 1b, Dubai, United Arab Emirates, collects, uses, stores, and protects your personal information when you use the Medcol platform and related services (the "Service").
We are committed to safeguarding patient privacy and handling health data with the highest standards of care and security.
1. Information We Collect
We may collect the following categories of information:
- Patient health information: symptoms, medical history, current medications, allergies, concerns, and visit goals submitted through the pre-visit intake process.
- Account information: name, email address, role, and organization details for clinicians and administrators.
- Usage data: interaction logs, device information, browser type, and IP address for service improvement and security.
- Uploaded documents: medical records, test results, and other files patients choose to share before a visit.
2. How We Use Your Information
We process personal information for the following purposes:
- To generate AI-powered pre-visit summaries for healthcare providers.
- To operate, maintain, and improve the Service.
- To communicate with you about your account and service updates.
- To ensure the security and integrity of the platform.
- To comply with applicable laws, regulations, and legal obligations.
We do not sell, rent, or trade your personal or health information to third parties. We do not use your data for advertising purposes.
3. Data Storage and Security
Your data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We use industry-standard security measures to protect against unauthorized access, alteration, disclosure, or destruction of your information. Access to patient data is restricted to authorized personnel on a need-to-know basis.
Data is stored on secure cloud infrastructure with servers located in regions that comply with applicable data protection standards.
4. Data Sharing
We may share your information only in the following circumstances:
- With your healthcare provider: patient-submitted data and AI-generated summaries are shared with the clinician or clinic associated with the visit.
- Service providers: trusted third-party vendors who assist in operating the platform (e.g., cloud hosting, AI processing), bound by strict data protection agreements.
- Legal requirements: when required by law, court order, or governmental authority.
5. Data Retention
We retain personal and health information only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Patient intake data is retained in accordance with the healthcare organization's retention policies. You may request deletion of your data at any time by contacting us.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Correction: request correction of inaccurate or incomplete data.
- Deletion: request erasure of your personal data where applicable.
- Portability: request your data in a structured, machine-readable format.
- Objection: object to processing of your data in certain circumstances.
To exercise any of these rights, contact us at leo@medcol.io.
7. International Data Transfers
As a company based in the UAE, your data may be transferred to and processed in jurisdictions outside your country of residence. We ensure appropriate safeguards are in place for such transfers, including contractual clauses and compliance with applicable cross-border data transfer regulations.
8. Cookies and Tracking
Our website uses essential cookies to ensure proper functionality. We do not use third-party advertising or tracking cookies. Analytics data, if collected, is anonymized and used solely for service improvement.
9. Children's Privacy
The Service is not directed at children under 18. Patient intake for minors must be completed by a parent or legal guardian. We do not knowingly collect personal information from children without parental consent.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email. The "Last updated" date below reflects the most recent revision.
11. Contact Information
For questions, concerns, or data requests, please contact:
Medcol FZCO
Dubai Silicon Oasis, Technohub 1b
Dubai, United Arab Emirates
Email: leo@medcol.io
