Our core commitments
This Privacy Policy describes how Medroid AI, Inc. collects, uses, stores, discloses and safeguards your personal, health-related and clinical information when you use any of the following (together, the "Services"):
This single Policy governs all of the above. By accessing or using our Services, you agree to this Policy and our Terms of Service. If you do not agree, please do not use our Services.
About the Medroid Max – AI Clinician Copilot Extension
The Extension is a productivity tool for healthcare professionals. It captures consultations via microphone (and optionally active browser-tab audio), transcribes speech in real time, generates clinical notes and AI suggestions in a side panel, and inserts reusable clinical snippets into any web-based EHR. Sections 2–5 and Section 14 comprehensively disclose every category of data the Extension handles and every party it is shared with — satisfying the Chrome Web Store User Data Policy disclosure requirements.
We collect the following categories of data. The specific categories that apply to you depend on which products and features you use.
| Category | Examples of data collected | How collected |
|---|---|---|
| Account & Identity | Name, email address, hashed password, phone number, date of birth, postal address, profile image, clinic/practice details, professional role, licence number, specialisation, credentials, clinician signature, clinic logo. | Provided by you at registration or in settings; or via "Sign in with Google" (email + basic Google profile). |
| Patient & Health | Medical history, allergies, medications, diagnoses, prescriptions, vital signs, symptoms, conditions, lab results, DICOM imaging studies, radiologist reports, insurance details (provider, policy number, expiry), emergency contact. | Entered or uploaded by clinicians and patients in the Platform. |
| Audio & Voice Recordings | Live microphone audio; active browser-tab audio (only if you explicitly enable tab capture for a consultation). | Captured only when you grant permission and press record. Never captured in the background. |
| Transcripts & Clinical Content | Speech-to-text transcripts, AI-generated summaries, clinical notes, suggestions, "thinking board" content, generated reports. | Generated from your audio, video consultations and text you enter in the Platform or Extension. |
| Consultation & Appointment Records | Appointment metadata, video session details, recording status, reason for visit, duration, patient–provider pairing, service type, payment status. | Created when appointments are booked and consultations conducted. |
| Medical Documents & Images | Uploaded documents, lab results, DICOM studies, prescriptions, referral letters, e-signed documents. | Uploaded or generated in the Platform. |
| Snippets, Macros & Templates (Extension) | Text snippets, abbreviations, macros and templates for text expansion in EHR web pages. | Created by you; a default library is bundled with the Extension and stored locally in your browser. |
| Communications Content | Messages, attachments and notes via Platform chat, WhatsApp Business and email; AI chat history. | Created when you use messaging or chat features. |
| Location (IP-based) | IP address and derived country/region. | Your device IP; used to localise content and select the appropriate payment gateway. No GPS or precise location unless you explicitly provide an address. |
| Provider Location & Practice | Clinic address, geographic coordinates, availability schedule, service pricing, languages, insurance partnerships. | Entered by clinicians in their profile/settings. |
| Technical & Usage | Browser type, OS, device identifiers, extension version, feature usage, pages visited, session data, error reports, diagnostic logs, timestamps. | Collected automatically to operate, secure and improve the Services. |
| Authentication & Device | Session and API tokens, 2FA codes, device tokens for push notifications; (Extension) locally cached snippet library and selected country. | Created during sign-in and use; stored on your device and/or our servers. |
| Payment & Financial | Subscription plan, billing status, transaction metadata, insurance claim details, provider payout records. Full card details are entered directly with our payment processors — not stored by us. | Collected when you subscribe or transact, via our payment processors. |
| Calendar & Social Integrations | Google Calendar events linked to appointments; Instagram Business account details if you connect social media. | Only with your explicit authorisation when you enable these integrations. |
Anonymous use. When you use the Services without an account, we collect only non-identifiable technical data; anonymous sessions are not linked to your identity.
We use the data described in Section 2 only for the following purposes:
| Store | What lives there | Technology |
|---|---|---|
| Your device (Extension only) | Session token, country setting, local snippet/macro library. | chrome.storage.local — cleared when you sign out or remove the Extension. |
| Our servers | Account data, patient and health records, transcripts, clinical notes, consultation records, messages, metadata. | Managed databases on reputable cloud infrastructure; sessions stored in Redis (expire on inactivity). |
| Object storage | Uploaded files, documents, signatures, clinic logos, lab results, attachments. | S3-compatible cloud object storage (Backblaze B2 by default; AWS S3 as an alternative). Files submitted for AI tasks are also transmitted to Google's Files API (see Section 5). |
| PACS / imaging server | DICOM imaging studies, radiologist reports. | Orthanc PACS server accessed via the OHIF Viewer. |
| Audio (transient) | Microphone/tab audio streamed for transcription. | Streamed directly from your browser to Deepgram (api.deepgram.com) over an encrypted connection using a short-lived token — it does not transit Medroid's own servers. We retain only the resulting transcript, not the raw audio recording. |
We retain personal, health and clinical data for as long as your account is active and as needed to provide the Services, and thereafter only as required by law, regulation or clinical record-keeping obligations, or to resolve disputes. When data is no longer required, we delete or de-identify it — typically within 90 days of account closure, unless a longer period is required by applicable law.
You may request deletion of your data in-app, or by emailing [email protected]. We will acknowledge and action verified requests within 30 days (see Section 8 for your full rights).
We will not sell your personal, health or clinical information. We share it only with the recipients below, for the stated purposes. All sub-processors are bound by data-processing agreements and are not permitted to use your data for their own independent purposes.
| Provider | Data shared | Purpose |
|---|---|---|
| Groq, Inc. (USA) | Consultation transcripts and clinical text/prompts. | Primary AI model inference for clinical documentation and chat. BAA in place. |
| NScale | Consultation transcripts and clinical text/prompts. | AI model inference — Llama 4 Scout (secondary provider). |
| Google LLC – Gemini / Google AI (USA) | Transcripts, clinical text/prompts, and file attachments you provide for an AI task (via Google Files API). | AI model inference and image AI tasks (fallback provider). |
| Anthropic, PBC (USA) | Consultation transcripts and clinical text/prompts. | AI model inference — Claude (optional provider). |
| OpenAI, LLC (USA) | Consultation transcripts and clinical text/prompts. | AI model inference — GPT (optional provider). |
| Mistral AI (France) | Consultation transcripts and clinical text/prompts. | AI model inference (optional provider). |
| Brave Software, Inc. – Brave Search (USA) | AI-generated search queries derived from clinical context (e.g. condition names, medication terms, guideline lookups). Not your full transcript. | Retrieving up-to-date medical references for AI thinking-board and web-search insights. |
| Provider | Data shared | Purpose |
|---|---|---|
| Deepgram, Inc. (USA) | Live microphone audio and (if enabled) browser-tab audio; short audio clips for dictation. | Real-time medical speech-to-text transcription (nova-3-medical model). Audio streams directly from your browser to Deepgram. |
| Cartesia AI (USA) | Text for synthesis into speech; voice audio input. | Text-to-speech output and voice chat features. |
| Google LLC – Google Meet | Video/audio streams for clinician–patient consultations. | Real-time video telehealth consultations. |
| Provider | Data shared | Purpose |
|---|---|---|
| Backblaze, Inc. – B2 (USA) | Encrypted files and attachments. | Default cloud object storage. |
| Amazon Web Services – S3 (USA) | Encrypted files and attachments. | Alternative cloud object storage backend. |
| Microsoft Azure Blob Storage | Files and data for TDL Labs integration. | Lab results integration storage. |
| Google LLC – Google Cloud Storage | Documents and files submitted for AI processing. | Storage for Google AI processing tasks. |
| Provider | Data shared | Purpose |
|---|---|---|
| Brevo / Sendinblue (Sendinblue SAS) | Your name, email address and transactional email content. | Sending account and service emails (welcome, verification, password reset, billing, appointment reminders). |
| MAX Gateway | Your WhatsApp phone number and message content. | WhatsApp Business messages for appointment and service notifications (where you opt in). |
| Telnyx, LLC (USA) | Fax recipient/sender details and document content. | HIPAA-compliant eFax for clinical document transmission. |
| Google LLC – Firebase (USA) | Device token and push notification content. | Mobile and web push notifications. |
| Provider | Data shared | Purpose |
|---|---|---|
| Stripe, Inc. (USA) | Billing information entered at checkout; subscription metadata. | Subscription and payment processing (UK, EU, USA). |
| Razorpay (India) | Billing information entered at checkout. | Payment processing for Indian-region users. |
| Provider | Data shared | Purpose |
|---|---|---|
| Google LLC – Google Sign-In | Email address and basic Google profile. | Authentication when you use "Sign in with Google". |
| Google LLC – Google Calendar API | Calendar events and appointment details. | Syncing appointments to Google Calendar (only if you connect this integration). |
| freeipapi.com / ipapi.co | Your IP address. | Approximate country detection to localise content and select the appropriate payment gateway. |
| Google LLC – Google Maps API | Clinic address or coordinates. | Distance calculation and geocoding for clinic/provider location features. |
| Provider | Data shared | Purpose |
|---|---|---|
| Google LLC – Cloud Vision API | Medical images you upload for AI analysis. | AI-assisted medical image analysis. |
| Firma.dev | Document content and signatory details. | Digital e-signature for clinical documents. |
| SignatureRX | Prescription content and clinician details. | Prescription e-signature. |
| NIH – RxNorm, FDA Drug API, UMLS (USA) | Medication/drug search terms only — no patient-identifiable data. | Standardised medication reference data (public APIs). |
| Reporting LIMS | Lab order and result data. | Laboratory test ordering and results integration. |
| Provider | Data shared | Purpose |
|---|---|---|
| Sentry (Functional Software, Inc.) (USA) | Error events and performance traces — PII/PHI suppressed by default. | Application error monitoring and performance tracking. |
| Bugsnag (SmartBear) | Error and session data — PHI filters applied (email, phone, medical data suppressed). | Error and session tracking for reliability. |
| Pusher / Laravel Reverb | Real-time event payloads (e.g. consultation status, notifications). | Real-time in-app events and notifications. |
| Recipient | Data shared | Purpose |
|---|---|---|
| Your chosen healthcare professionals / clinic | Clinical content you generate or direct to them. | Delivering care, documentation and consultations at your direction. |
| Contracted medical experts | Encrypted, de-identified data wherever possible. | AI training and auditing, under strict confidentiality agreements. |
| Legal & regulatory authorities | Only the data legally required. | Compliance with applicable law, regulation, legal process or governmental request. |
| Public health & research bodies | Aggregated, fully de-identified data only. | Population-health monitoring or approved research, subject to governance processes. |
| Acquirers (business transfers) | Data relevant to the transaction. | Merger, acquisition or asset sale — subject to this Policy and applicable law. |
| Affiliates & subsidiaries | As necessary to provide the Services. | Group operations; their use remains subject to this Policy. |
Chrome Web Store Limited Use Disclosure
Our collection, use and transfer of information received through the Medroid Max – AI Clinician Copilot Extension comply with the Chrome Web Store Developer Program Policies, including the Limited Use requirements:
Google API data: Medroid's use and transfer to any other app of information received from Google APIs (Google Sign-In, Google Calendar, Google Meet, Google Maps, Google Cloud Vision, Google Cloud Storage, Google Files API) adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We use cookies, web beacons and similar technologies on the Website and Platform to:
The Extension uses chrome.storage.local — not advertising cookies — to hold your session token and local snippet library on your device.
You may disable cookies in your browser settings, but some features may not function correctly. For more detail on our cookie use, please see our Cookie Policy.
Depending on your location, you may have the following rights regarding your personal data. To exercise any of them, contact us at [email protected]. We will respond within the timeframe required by applicable law (typically one month).
| Right | What it means |
|---|---|
| Access | Request a copy of your personal and health data we hold. |
| Portability | Receive your data in a structured, machine-readable format. |
| Rectification | Correct inaccurate or incomplete data. |
| Erasure ("Right to be Forgotten") | Request deletion of your data, to the extent permitted by law and applicable clinical record-keeping obligations. |
| Restriction | Ask us to limit how we process your data. |
| Objection | Object to our processing on grounds relating to your situation. |
| Consent Withdrawal | Where processing is based on consent (including microphone/tab-audio access), withdraw at any time without affecting prior processing. |
To revoke microphone or tab-audio access for the Extension, adjust the permission in your browser settings or remove the Extension.
Our Services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 13. If you believe your child has provided us with personal data, please contact us at [email protected] and we will delete it promptly.
We send transactional communications (welcome, email verification, password reset, billing, appointment reminders, service alerts) via:
All messaging providers act as our sub-processors and are bound by confidentiality. Your contact details are used solely to deliver messages on our behalf and are not shared for unrelated purposes.
SMS opt-in data: We will not share your opt-in to any messaging channel with third parties for purposes unrelated to that channel. All opt-in data and consent — including any future SMS channel — are excluded from any third-party sharing for marketing or unrelated purposes.
Affiliates: We may disclose Personal Data to our affiliates or subsidiaries; however, their use of your Personal Data will be subject to this Policy.
Medroid AI operates globally. Several of our sub-processors are based in the United States. When we transfer personal data across borders (e.g. from the UK or EU to the US), we rely on lawful transfer mechanisms such as the UK International Data Transfer Agreement (IDTA), EU Standard Contractual Clauses (SCCs), adequacy decisions, or other safeguards required by applicable law, to ensure your data receives an adequate level of protection.
We may update this Policy from time to time to reflect changes in our Services, technology or legal obligations. Any material changes will be communicated by posting the revised Policy at this URL with a new effective date, and (where appropriate) by email notification. Your continued use of the Services after the updated Policy takes effect constitutes your acceptance of the changes.
For full transparency, the Medroid Max – AI Clinician Copilot Extension declares the following permissions and host access:
| Permission | Why it is needed |
|---|---|
| Microphone & tab-audio (runtime prompt) | To record audio when you start the scribe or dictation feature. Your browser prompts for permission at the moment you use the feature — it is not a background or persistent permission. |
storage |
To keep you signed in and store your local snippet/macro library and country setting on your device between sessions. |
identity |
To support "Sign in with Google" authentication. |
sidePanel |
To display the Medroid copilot interface in the browser side panel, so clinicians can use it alongside any web-based EHR without leaving their workflow. |
declarativeNetRequest |
To inject the Deepgram bearer token (via a temporary dynamic rule) on the REST dictation request to api.deepgram.com, enabling secure audio upload; and to evict a legacy rule left by earlier extension versions. |
Host access / content scripts (<all_urls>) |
To insert text snippets and macros into whichever EHR system you are working in (EMIS, SystmOne, Heydoc, and any other web-based EHR — each uses a different domain). We do not read, collect or transmit page content for any other purpose, and we do not track your browsing. Connections to transcription and geolocation services use their own named host permissions (api.deepgram.com, ipapi.co, freeipapi.com). |
| Named host permissions | api.deepgram.com, wss://api.deepgram.com — live transcription; ipapi.co, freeipapi.com — country detection; max-copilot.medroid.ai — Medroid backend API and WebSocket. |
If you have questions about this Policy, wish to exercise your rights, or have a complaint, please contact:
Email: [email protected]
Post: Medroid AI, Inc, 131 Continental Dr, Suite 305, Newark, DE 19713, USA
If you are not satisfied with our response, and you are based in the UK or EU, you have the right to lodge a complaint with your local supervisory authority — for example, the Information Commissioner's Office (ICO) in the UK (ico.org.uk).
Thank you for entrusting Medroid AI with your data.
For reference, the following table lists every third-party service that may process your data as part of our Services.
| Service | Category | Country |
|---|---|---|
| Groq, Inc. | AI / LLM inference | USA |
| NScale | AI / LLM inference | USA |
| Google Gemini / Google AI | AI / LLM inference & image | USA |
| Anthropic (Claude) | AI / LLM inference | USA |
| OpenAI (GPT) | AI / LLM inference | USA |
| Mistral AI | AI / LLM inference | France |
| Brave Search | Medical reference search | USA |
| Deepgram | Speech-to-text transcription | USA |
| Cartesia AI | Text-to-speech / voice chat | USA |
| Google Meet | Video consultations | USA |
| Google Cloud Storage | File storage | USA |
| Google Cloud Vision API | Medical image analysis | USA |
| Google Files API | File processing for AI tasks | USA |
| Google Sign-In (OAuth) | Authentication | USA |
| Google Calendar API | Scheduling integration | USA |
| Google Maps API | Geocoding / distance | USA |
| Google Firebase | Push notifications | USA |
| Backblaze B2 | Object storage | USA |
| Amazon Web Services S3 | Object storage (alt.) | USA |
| Microsoft Azure Blob Storage | Lab integration storage | EU / USA |
| Brevo / Sendinblue | Transactional email | France |
| MAX Gateway | WhatsApp Business messaging | Varies |
| Telnyx | HIPAA eFax | USA |
| Stripe | Payment processing | USA |
| Razorpay | Payment processing (India) | India |
| freeipapi.com / ipapi.co | IP geolocation | USA |
| Firma.dev | E-signature | Varies |
| SignatureRX | Prescription e-signature | USA |
| NIH (RxNorm / FDA / UMLS) | Medication reference (public API) | USA |
| Reporting LIMS | Lab integration | Varies |
| Sentry | Error monitoring | USA |
| Bugsnag | Error monitoring | USA |
| Pusher / Laravel Reverb | Real-time events | USA / self-hosted |
| Orthanc / OHIF Viewer | DICOM / PACS imaging | Self-hosted |
This list is updated with each material Policy revision. The "Country" column reflects the primary data-processing location; some providers operate globally.