Privacy Policy

Last updated: May 25, 2026

This Privacy Policy explains how MyMedica processes personal data when you visit our website, create an account, upload medical documents, or use any feature of our Service. It applies from May 25, 2026 and is written to comply with Regulation (EU) 2016/679 (“GDPR”), Ukraine’s Law on the Protection of Personal Data, the UK GDPR where applicable, and other data protection laws relevant to our users.

We process special category data concerning health, and we recognize the elevated responsibility that comes with it. This policy is meant to be readable. Where we use a defined legal term, we explain it.

1. Introduction and Scope

This Policy covers personal data we collect through:

The MyMedica website and application at mymedica.me.
Our account, document upload, AI extraction, and visit one-pager features.
Our customer support channels at support@mymedica.me.
Cookies and similar technologies on our pages, subject to the Cookie Policy.

It does not cover websites or services operated by third parties that we link to. It also does not directly cover Freemius’s processing of your payment data; Freemius acts as an independent controller for payment processing as the Merchant of Record, and you should consult the Freemius Privacy Policy for details.

2. Data Controller

The data controller for the processing described in this Policy is MyMedica, operated by a sole proprietor (ФОП) registered in Ukraine.

Contact for privacy matters: support@mymedica.me
Verified legal entity details, including the operator’s full identification, registration number, and registered address, are made available upon authenticated request through support@mymedica.me, after we verify your identity.

We do not have a mandatory Data Protection Officer under Article 37 of the GDPR at this stage. The contact point above is the primary route for all privacy enquiries.

3. Definitions

For clarity, the following terms have the meanings given to them by the GDPR.

Personal Data means any information relating to an identified or identifiable natural person.
Processing means any operation performed on Personal Data, including collection, storage, use, structuring, retrieval, transmission, restriction, and erasure.
Special Category Data means data revealing health, racial or ethnic origin, religion, sexual orientation, and other categories listed in Article 9(1) of the GDPR. Health data is the most sensitive category we routinely process.
Controller means the entity that determines the purposes and means of Processing.
Processor means an entity that processes Personal Data on behalf of a controller.
Subprocessor means a Processor engaged by another Processor.

4. Categories of Data Collected

We collect and process the following categories of Personal Data.

Account data. Email address, password hash (we never store passwords in plain text), display name, optional date of birth, language preference, and any optional profile data you choose to provide. We collect this directly from you at signup and as you update your profile.

Health and medical data (Special Category, Article 9). Documents and files you upload (PDFs, images, scans, lab reports, doctor notes, prescriptions, imaging reports), AI-extracted facts derived from those documents (lab values, conditions, medications, recommendations, dates), the one-pagers and summaries you generate, and any clinical notes you add manually. We treat this entire category as Special Category Data under Article 9 of the GDPR.

Usage data. Service logs, error logs, feature usage events, and AI usage records stored in our ai_usage table. The ai_usage table records token counts, request timing, model identifiers, and feature names; it does not store the content of your documents or your prompts.

Payment metadata. When you purchase a Subscription, Freemius Inc. (Merchant of Record) returns to us a minimal set of metadata, including the transaction identifier, the license identifier, country of billing, currency, amount, tax line, the last four digits of the card or wallet identifier where provided by Freemius, the card brand, the expiry month and year, and the subscription status. Freemius also passes us the email address associated with the purchase so we can deliver support and license management. We do not receive and do not store full primary account numbers (“PAN”), CVV codes, or full bank account numbers. Detailed payment data is processed by Freemius under the Freemius Privacy Policy.

Technical data. IP address, browser user agent, device type, operating system, referring page, page-view timing, language headers, and security events such as failed logins. We collect this for security, fraud prevention, and audit purposes.

Communications. The content of messages you send to support@mymedica.me, any attachments, and our replies.

5. Legal Basis

We process Personal Data on one or more of the following legal bases.

Performance of a contract (Article 6(1)(b)). Creating and operating your Account, providing the Service features you use, processing payments through Freemius, and providing customer support.
Explicit consent to process health data (Article 9(2)(a)). We rely on your explicit consent to process Special Category Data concerning health. Consent is collected at signup, before you upload your first medical document, and where appropriate at the point of specific high-impact actions (such as sharing a one-pager). You can withdraw consent at any time; see Section 11.
Legitimate interest (Article 6(1)(f)). Security monitoring, fraud prevention, abuse detection, rate limiting, aggregated and de-identified product analytics for service improvement, and the defense of legal claims. We balance our interest against your rights and freedoms and limit Processing to what is necessary.
Legal obligation (Article 6(1)(c)). Keeping tax, accounting, and invoicing records, responding to lawful requests from public authorities, and complying with data protection law.
Vital interests (Article 6(1)(d) and 9(2)(c)). In rare circumstances, processing necessary to protect the vital interests of you or another person where you are physically or legally incapable of giving consent.

Where Processing is based on consent, withdrawing consent does not affect the lawfulness of Processing carried out before the withdrawal.

6. Purposes of Processing

We process Personal Data for the following purposes:

Operating the Service: storing documents, running AI extraction, generating one-pagers, providing the user interface.
Authenticating you and securing your Account.
Communicating with you about your Account, security alerts, service updates, and material changes to these policies.
Processing Subscriptions, sending invoices via Freemius, and handling refund requests.
Detecting, investigating, and preventing fraud, abuse, security incidents, and policy violations.
Improving the Service through aggregated and de-identified analytics, bug investigation, and performance monitoring. We do not run third-party analytics on pages that show medical content.
Complying with legal obligations, including tax retention, responding to lawful authority requests, and exercising or defending legal claims.

We do not use your medical or document content for advertising, profiling, or any automated decision-making that produces legal or similarly significant effects on you. We do not sell your Personal Data.

7. AI Processing

The Service uses the Anthropic Claude API to extract structured facts from your documents and to generate summaries. Specifically:

When you upload a document, the file is processed in our infrastructure to extract text. The extracted text and, where required, the source file is then sent to Anthropic’s API for AI analysis.
We have configured the Anthropic integration with training opt-out. Anthropic does not use your inputs or AI outputs to train its general-purpose foundation models, subject to Anthropic’s published policies.
Anthropic processes your data as a Subprocessor on our behalf, under contractual safeguards including the EU Standard Contractual Clauses.
Prompts and outputs are scoped per user. We do not allow data from one user to leak into another user’s session or context.

AI is not infallible. We strongly recommend you verify AI-derived facts against your original documents and discuss material findings with a qualified healthcare professional.

You may turn off AI extraction in your Account settings; in that case the Service still stores your documents but does not generate extracted facts or AI summaries.

8. Recipients and Subprocessors

We share Personal Data only with the following categories of recipients:

Anthropic, PBC (United States) — provides the Claude AI API. Anthropic acts as a Subprocessor. International transfer is governed by the EU Standard Contractual Clauses and supplementary measures, including encryption in transit and limited retention. See Anthropic’s privacy notice for additional information.
EU infrastructure provider — provides hosting, compute, and storage for our database, authentication, and user files. The infrastructure is deployed within the European Union under the operator’s operational control. The provider may have technical access strictly for hosting purposes.
Freemius Inc. (United States, Delaware; 4023 Kennett Pike, Wilmington, DE 19807) — acts as Merchant of Record for paid Subscriptions. Freemius is an independent controller for payment processing and a processor for the limited metadata (including the buyer email address for support purposes) it returns to us. Transfers between Freemius (US) and our processing in Ukraine rely on the EU Standard Contractual Clauses (SCCs) approved by the European Commission and on our data processing agreement with Freemius. See the Freemius Privacy Policy and Data Practices for additional information.
Email and customer support providers — we may use a transactional email service to deliver account notifications and a support inbox provider; these process only the email content you exchange with us.
Professional advisors and authorities — we may share data with our legal, accounting, or tax advisors, and with public authorities, where lawfully required.

We maintain a list of current Subprocessors and update it as our stack evolves. The current named subprocessor list is provided on request via support@mymedica.me. We will provide reasonable notice of material changes to Subprocessors where required by applicable law and our customer agreements.

We do not share your medical content with any third party other than the Subprocessors strictly necessary to deliver the Service, except where you explicitly direct us to (for example, when you share a one-pager link with your doctor) or where required by law.

9. International Transfers

Some of our recipients are located outside the European Economic Area or the United Kingdom.

Anthropic (United States). We rely on the EU Standard Contractual Clauses (SCCs) approved by the European Commission, combined with technical safeguards such as TLS encryption in transit and contractual limits on retention and use of your data.
Freemius (United States). Transfers to and from Freemius as Merchant of Record rely on the EU Standard Contractual Clauses (SCCs) approved by the European Commission, combined with technical safeguards (TLS encryption in transit, contractual limits on retention and use) and the data processing agreement we have with Freemius. There is currently no EU adequacy decision covering general US personal data flows, so we rely specifically on SCCs and supplementary measures.
Data storage infrastructure. Our database and file storage are hosted on EU-based infrastructure; no transfer outside the EEA is required for primary storage.

You may request a copy of the safeguards in place by writing to support@mymedica.me.

10. Retention

We retain Personal Data only as long as necessary for the purposes set out in this Policy.

Active Account data and medical content. Retained for the duration of your Account.
Account deletion via /account/delete-everything. Triggers irreversible erasure of your documents, extracted facts, one-pagers, AI usage logs, and profile data from our primary systems. Residual copies in encrypted backups are purged on a rolling basis no later than 30 days after deletion.
ai_usage and security logs. Retained for up to 12 months for security, fraud prevention, and capacity planning, then deleted or aggregated.
Payment and invoice records (Freemius metadata and our accounting records). Retained for 7 years from the end of the tax year, as required by Ukrainian tax and accounting law. After this period, records are deleted or fully anonymized.
Support correspondence. Retained for up to 24 months to enable continuity of support, then deleted or anonymized.

Where Processing is based on consent, we erase or anonymize the underlying Personal Data when consent is withdrawn, unless we have an independent legal basis (such as a legal retention obligation) to keep it.

11. Data Subject Rights (Articles 15–22)

Under the GDPR you have the following rights:

Right of access (Art. 15). Obtain confirmation of whether we process your data and a copy of that data.
Right to rectification (Art. 16). Correct inaccurate or incomplete data.
Right to erasure / “right to be forgotten” (Art. 17). Have your data deleted where one of the grounds in Article 17 applies. Most users can exercise this directly through /account/delete-everything.
Right to restriction (Art. 18). Limit how we process your data in defined circumstances.
Right to data portability (Art. 20). Receive your data in a structured, commonly used, machine-readable format (we provide JSON export) and transmit it to another controller.
Right to object (Art. 21). Object to Processing based on legitimate interest, including for direct marketing.
Right to withdraw consent (Art. 7(3)). Withdraw any consent at any time, including consent to process health data; we will then suspend the relevant Processing.
Rights related to automated decision-making (Art. 22). We do not subject you to solely automated decisions that produce legal or similarly significant effects.
Right to lodge a complaint with a supervisory authority, including:
- The Ukrainian Parliament Commissioner for Human Rights (the Ukrainian data protection supervisory authority) for users located in Ukraine.
- Your local Data Protection Authority in your country of habitual residence within the EEA. A list of EEA authorities is available on the European Data Protection Board website.

12. How to Exercise Your Rights

To exercise any right, write to support@mymedica.me from the email address associated with your Account or use a contact channel we publish in the Account interface.

We respond within 30 days of receiving a request. In complex cases we may extend this by up to two additional months and will inform you of the extension and the reasons.
We may need to verify your identity before acting on a request to protect your data. For most requests, sending the request from the email on file is sufficient. For high-impact requests (such as access or erasure of medical data) we may ask for additional verification.
Requests are free of charge. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act, in which case we will explain why.

For Account erasure, the fastest route is /account/delete-everything.

13. Cookies

We use a minimal set of strictly necessary cookies for authentication, session management, and CSRF protection. We may also set preference cookies for language and theme. We do not place advertising or cross-site tracking cookies, and we do not run third-party analytics on pages that show your medical data (paths starting with /account/, /share/, or other pages where Special Category Data is rendered). For details, see the Cookie Policy.

14. Children’s Data

The Service is not directed to children under 16. We use 16 as the threshold for digital consent in line with the GDPR baseline. We do not knowingly collect Personal Data from children under 16. EEA users aged 16 or 17 may use the Service only with verifiable parental consent. If we discover that we hold Personal Data of a child under 16 without lawful basis, we will delete it and close the associated Account. If you believe a child has provided us with Personal Data, contact support@mymedica.me.

15. Security Measures

We implement appropriate technical and organizational measures to protect your Personal Data.

Database isolation. Row Level Security (RLS) policies in our PostgreSQL database enforce per-user isolation, so one user’s queries cannot return another user’s rows.
Encryption. TLS encryption in transit for all client–server traffic. Encryption at rest for the storage and database disks.
Least privilege. Application keys and operator credentials are scoped to the minimum permissions required. Production access is limited and logged.
Access logs. Authentication events, sensitive actions, and access to operator tooling are logged for security and audit purposes.
No third-party analytics on medical pages. We do not run Google Analytics, advertising pixels, or similar trackers on /account/..., /share/..., or any page that renders Special Category Data.
Subprocessor due diligence. Subprocessors are bound by data processing agreements with appropriate confidentiality, security, and transfer terms.
Backups. Encrypted backups with controlled retention to support disaster recovery; deletion is propagated to backups within 30 days.

No system is perfectly secure. We cannot guarantee absolute security but we work to make a breach unlikely and to respond quickly if one occurs.

16. Data Breach Notification

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware, in accordance with Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34, explaining the nature of the breach, the likely consequences, and the steps we are taking to mitigate it.

17. Changes to This Policy

We may update this Policy from time to time. For material changes, we will provide at least 30 days’ prior notice by email to the address associated with your Account and by an in-Service announcement. The “Last updated” date at the top of the page reflects the most recent revision. We encourage you to review the Policy periodically.

If a change is required by law and immediate compliance is needed, we may apply it without the 30-day notice but will inform you of the change at the earliest opportunity.

18. Contact

For privacy questions, complaints, or to exercise any of the rights described above:

Email: support@mymedica.me

Related policies: Terms of Use, Cookie Policy, Imprint.