Medroid AI, Inc – Privacy Policy

Updated: 12 May 2025

Medroid AI, Inc
131 Continental Dr, Suite 305
Newark, DE 19713, USA

Throughout this Privacy Policy, "we," "us" and "our" refer to Medroid AI, Inc., and "you" and "your" refer to users of our Website, Apps and Services.

1. Introduction

This Privacy Policy explains how we collect, use, disclose and safeguard your personal and health-related information when you:

Visit our website at https://www.medroid.ai (the "Website");
Use our applications, APIs, web services and related interfaces (the "Apps"); or
Access any other online or mobile services we provide (together, the "Services").

Please read it carefully. By accessing or using our Services, you consent to the practices described herein and to our Terms of Service. If you do not agree, please do not use our Services.

2. Information We Collect

2.1 Anonymous Usage

Technical Data: We automatically collect non-identifiable technical data (e.g. IP address, browser type, operating system, device identifiers, pages visited, timestamps) to provide and improve our Services.
No Health Data: When using the Service anonymously, you provide no personal or medical data, and your sessions are not linked to your identity.

2.2 Member Accounts

When you create a member account, we collect the following personal and health information, as necessary to provide the Services:

Account Data: Name, email address, telephone number, postal address.
Health Data: Medical history, symptoms, diagnoses, treatment information and any other health-related data you choose to input or share.
Communications Content: Messages, attachments and notes exchanged via the Apps.

We will clearly explain at the point of collection which fields are mandatory and why.

3. How We Use Your Information

We use your information to:

Provide & Improve Services: Run, maintain and customise our AI triage and assistance features; diagnose and troubleshoot technical issues; enhance user experience and develop new functionalities.
Facilitate Communication: Format and relay your health data to human healthcare professionals you choose to consult, or to those we triage you to.
Account Management: Create and manage your account; send administrative, security and support messages.
Legal Compliance: Meet our legal and regulatory obligations (e.g. data breach notification, public-health reporting).
Research & Analytics: Analyse aggregated, de-identified data to improve algorithms and for academic or clinical research, always in compliance with applicable laws.

4. Disclosure of Your Information

We will not sell your personal or medical information. We share it only in the following circumstances:

Recipient	Purpose	Legal Basis / Safeguard
Your Chosen Healthcare Professionals	To facilitate consultation and treatment	You consent at the time of consultation
Contracted Medical Experts	To train and audit our AI, under strict confidentiality agreements	Encrypted, de-identified data whenever possible
Service Providers (e.g. hosting, analytics, messaging platforms)	To operate and maintain the Services	Under data-processing agreements
Legal Authorities	To comply with laws, regulations or court orders	Where required by statute
Public Health & Research Bodies	For population-health monitoring or approved research	Only aggregated, fully de-identified data; subject to governance processes

5. Cookies & Tracking Technologies

We use cookies, web beacons and similar technologies to:

Remember your preferences and settings;
Analyse usage patterns and site performance;
Serve personalised content (with your explicit consent, where required).

You may disable cookies in your browser, but some features of our Services may not function correctly.

6. SMS & Push Notifications

With your consent, we may send appointment reminders, triage updates and service alerts via SMS or push notifications. We do not share your opt-in status with third parties other than our messaging providers, who are bound by confidentiality.

Third Parties that Help Provide the Messaging Service: We will not share your opt-in to an SMS short code campaign with a third party for purposes unrelated to supporting you in connection with that campaign. We may share your Personal Data with third parties that help us provide the messaging service, including, but not limited to, platform providers, phone companies, and other vendors who assist us in the delivery of text messages.

Additional Disclosures: Affiliates: We may disclose the Personal Data to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Data will be subject to this Policy. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

7. Your Data Protection Rights

7.1 Access & Portability

Right to Access: You may request a copy of your personal and health data.
Right to Portability: You may ask for your data in a structured, commonly used electronic format.

7.2 Rectification & Erasure

Right to Rectify: You may correct inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): To the extent permitted by law, you may request deletion of your data.

7.3 Restriction & Objection

Right to Restrict Processing: You may ask us to limit how we use your data.
Right to Object: You may object to our processing on grounds relating to your situation.

7.4 Consent Withdrawal

Where processing is based on consent, you may withdraw consent at any time; this will not affect processing already completed.

To exercise any of these rights, contact our Data Protection Officer as set out below. We will respond within the time required by applicable law (typically one month).

8. Children's Privacy

Our Services are intended for adults (age 18+). We do not knowingly collect personal data from children under 13. If you believe your child has provided us with personal data, please contact us and we will delete it promptly.

9. Data Security & Breach Notification

We implement administrative, technical and physical safeguards to protect your data.
In the unlikely event of a breach affecting your personal data, we will notify you and any relevant supervisory authorities without undue delay and in accordance with applicable law.

10. International Transfers

Medroid AI operates globally. When we transfer personal data across borders (e.g. from the UK or EU to the US), we rely on permitted mechanisms such as Standard Contractual Clauses or adequacy decisions to ensure an adequate level of protection.

11. Changes to This Privacy Policy

We may update this Policy from time to time. Any material changes will be notified by posting the revised Policy with a new "Updated" date. Your continued use of the Services constitutes acceptance of the updated Policy.

12. Contact Us

If you have questions, wish to exercise your rights, or lodge a complaint, please contact:

Data Protection Officer

Email: [email protected]

Postal: Medroid AI, Inc, 131 Continental Dr, Suite 305, Newark, DE 19713, USA

If you remain dissatisfied, UK and EU residents may lodge a complaint with their supervisory authority (e.g. the ICO in the UK).

Thank you for entrusting Medroid AI with your data.