Privacy Policy

When you use MyDoctorSaid, we collect the following types of information:

• Account Information: Your name, email address, and encrypted password when you create an account.
• Medical Visit Recordings: Audio recordings of your medical visits that you choose to record, along with transcripts generated from those recordings.
• Visit Details: Doctor name, specialty, visit date, and any AI-generated summaries of your visit instructions.
• Chat Conversations: Questions you ask our AI assistant about your visit instructions. These conversations are not permanently stored after your session ends.

We use your information solely to:

• Provide transcriptions, summaries, and AI-assisted organization of your medical visit instructions
• Answer your questions about your medical instructions through our AI assistant
• Allow you to share visit summaries with family members or caregivers when you choose to
• Read your medical instructions aloud using text-to-speech technology

We do not sell your health-related information. We may share information with service providers that help us operate the app, such as secure hosting, transcription, AI processing, authentication, payments, or customer support, subject to contractual confidentiality and security obligations.

These service providers are contractually obligated to protect your information and may only use it to perform services on our behalf.

We take the security of your information seriously and implement the following measures:

• Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest. Your password is hashed using industry-standard bcrypt with 12 rounds.
• Secure Storage: Audio recordings and data are stored in secure cloud infrastructure with access controls.
• Session Security: We use JWT-based authentication with secure session management.
• Audit Logging: We maintain audit logs for account activities and data access for security monitoring.

If we discover a breach of unsecured health-related information, we will notify affected users and regulators as required by applicable law, including the FTC Health Breach Notification Rule and any applicable state laws.

Your medical information is shared only when YOU choose to share it:

• You can share visit summaries with family members or caregivers via secure links that expire after 30 days.
• You can delete individual visits (which removes any associated shared links) from the app at any time.
• Shared links can only be accessed by people who have the specific link. They are not publicly searchable.
• Important: Anyone with a shared link can view the visit summary it contains. Only share links with people you trust.

• MyDoctorSaid uses AI to transcribe audio recordings, generate visit summaries, and answer questions about your medical instructions. AI transcription and summaries may contain errors or inaccuracies.
• AI-generated content is for informational purposes only and does not constitute medical advice.
• Always follow your doctor’s actual instructions. If there is a discrepancy between what the AI says and what your doctor told you, follow your doctor’s advice.
• For medical emergencies, call 911 (or your local emergency number) immediately.

You have the right to:

• Access: View all your stored medical visit data at any time through the app.
• Export: Download a complete copy of all your data from Settings.
• Delete: Delete individual visits or your entire account and all associated data from Settings.
• Portability: Your data export includes all visits, transcripts, and summaries in a portable format.