🔒 MyMedVault Privacy Policy

MyMedVault ("we", "us", or "our") is committed to protecting the privacy and security of your personal health information. This Privacy Policy explains how we collect, use, store, and protect your data when you use the MyMedVault mobile application.

1. Information We Collect

• Account information: Email address and hashed password (we never store your plain-text password).
• Medical documents: PDF and image files (including photos taken via camera scan) you upload for OCR processing and storage. You may upload up to 10 files in a single session.
• Extracted health data: Text extracted from your documents by Google Cloud Vision API, including structured data such as test results, diagnoses, prescriptions, and imaging findings.
• AI-generated summaries: Patient-friendly insights generated by Google Gemini based on extracted text. These can be regenerated on demand at any time.
• Vaccination reminder preferences: Reminder schedules you configure are stored locally on your device only — they are never transmitted to our servers.

2. How We Use Your Information

• To authenticate your account securely.
• To store and organise your medical documents in your private vault.
• To extract text from documents using OCR (Google Cloud Vision API), including structured extraction of test results, imaging findings, and prescription details.
• To generate and regenerate AI health insights (Google Gemini / Vertex AI).
• To enable full-text search across your own records.
• To support family profile management — documents can be organised per family member.

We do not use your medical data for advertising, profiling, or any purpose other than providing you the service.

3. Data Storage & Security

• Documents are stored in Google Cloud Storage (private bucket — no public access). Access is granted only via short-lived signed URLs tied to your authenticated session.
• Database records are stored in Google Cloud SQL (PostgreSQL 15, encrypted at rest).
• All API communication is encrypted in transit via HTTPS / TLS 1.2+.
• Authentication tokens (JWT) are stored in your device's hardware-backed secure storage (Android Keystore).
• Your data is isolated at the database level — no user can access another user's records.

4. Third-Party Services

We use the following Google Cloud Platform services to operate MyMedVault:

• Google Cloud Vision API — OCR text extraction
• Google Vertex AI (Gemini) — AI health summaries
• Google Cloud Storage — Document file storage
• Google Cloud SQL — Structured data storage
• Google Cloud Run — API backend hosting

These services are governed by Google's Privacy Policy. We do not share your data with any other third parties.

5. Your Rights & Data Deletion

You have full control over your data:

• Delete individual documents at any time from within the app — this permanently removes the file from storage and all extracted records.
• Delete your entire account via Account → Delete Account in the app. This permanently and irreversibly removes your account, all uploaded documents, all extracted records, and all AI summaries from our systems within seconds.

There is no recovery from account deletion. We do not retain backups of deleted user data beyond our standard database backup retention of 7 days.

6. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all data is immediately purged. Inactive accounts with no login activity for 24 months may be subject to deletion with prior email notice.

7. Children's Privacy

MyMedVault is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the app or by email. Continued use of the app after changes constitutes acceptance of the updated policy.

9. Contact Us

For privacy-related questions or requests, please contact us at:
support@cloudnova.one