Privacy Policy

Introduction

MediConcierge ("we", "us", "our", or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, including any related applications, websites, and tools.

1. What Data We Collect

We collect information from you in various ways:

• •Contact Information: Name, email address, phone number, clinic name, and address when you sign up or contact us.
• •Patient Information: Through your use of MediConcierge, you may provide patient data including appointment preferences, medical history summaries (processed by AI), and appointment notes. You are the data controller for this information.
• •Usage Data: Information about how you interact with our platform, including IP address, browser type, pages visited, time spent, and clickstream data.
• •Cookies and Tracking: We use cookies and similar technologies to enhance your experience.
• •Payment Information: Billing address, payment method, and transaction history (processed securely by payment providers).

2. How We Use Your Data

We use collected data for the following purposes:

• •Providing and maintaining MediConcierge services to you
• •Processing transactions and sending related information
• •Sending administrative and promotional communications
• •Responding to your inquiries and providing customer support
• •Monitoring and improving our service and platform
• •Complying with legal and regulatory obligations
• •Preventing fraud and enhancing security

3. Legal Basis for Processing (GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data based on the following legal bases:

• •Contract Performance: Processing necessary to provide our services to you.
• •Legal Obligation: Compliance with UK law and regulations.
• •Legitimate Interests: Improving our service, preventing fraud, and enhancing security (balanced against your rights).
• •Consent: For marketing communications and optional features (you may withdraw consent at any time).

4. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Patient data will be retained as per your clinic's data retention policies. Once you delete your account, we will retain anonymized usage data for up to 12 months for analytics purposes, unless legally required to retain the data longer. You can request data deletion at any time.

5. Your Rights Under UK GDPR

You have the following rights:

• •Right of Access: You can request a copy of your personal data we hold.
• •Right to Rectification: You can correct inaccurate or incomplete data.
• •Right to Erasure: You can request deletion of your data (subject to legal obligations).
• •Right to Restrict Processing: You can limit how we use your data.
• •Right to Data Portability: You can request your data in a portable format.
• •Right to Object: You can object to processing for marketing or legitimate interests.
• •Right to Withdraw Consent: You can withdraw consent for optional processing at any time.

To exercise any of these rights, please contact us at hello@mediconcierge.ai.

6. Cookies and Tracking Technologies

We use cookies to enhance your experience. These include:

• •Essential Cookies: Required for authentication and platform functionality.
• •Preference Cookies: Remember your settings and preferences.
• •Analytics Cookies: Help us understand how you use our platform.

You can control cookie preferences through your browser settings. Disabling cookies may affect platform functionality.

7. AI Processing and Third-Party Processors

MediConcierge uses AI technology to process patient information and provide intelligent healthcare services. We use the following third-party processors:

• •Anthropic (Claude AI): For AI-powered patient communication and appointment assistance. Your patient data may be processed by Anthropic's API in accordance with their privacy terms. We send only de-identified clinical information where possible.
• •Cloud Hosting Providers: For secure data storage and infrastructure (compliant with UK GDPR).

All third-party processors are bound by Data Processing Agreements (DPAs) to ensure compliance with UK GDPR.

8. Data Security

We implement industry-standard security measures to protect your personal and patient data:

• •End-to-end encryption for data in transit (TLS/SSL)
• •Encryption at rest for stored data
• •Regular security audits and penetration testing
• •Access controls and role-based permissions
• •Incident response procedures

9. International Data Transfers

If we transfer personal data outside the UK, we do so only with appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions. Your data may be processed by Anthropic (US-based) under appropriate contractual protections.

10. Contact Information

For privacy inquiries, data access requests, or to exercise your rights: