MedTrace is not a medical device and is not a substitute for professional medical advice. Health data you log is stored securely and shared only with people you explicitly choose. We will never sell your data.
1. What we collect
We collect the minimum information needed to make MedTrace work.
| Category | Examples | Why |
|---|---|---|
| Account | Email address, hashed password, first name | Authentication and personalisation |
| Health logs | Medications, symptoms, vitals (BP/HR), appointments, notes | Core app functionality |
| Profile | Date of birth, height, weight, biological sex | Context for health insights |
| Usage | App features used, error reports | Improving the app |
We do not collect location data, contacts, camera or microphone access, or any data beyond what you explicitly enter.
2. How we use your data
- Provide the service. Store and display your health logs, generate your timeline and reports.
- AI insights. Your health logs are sent to our AI provider (Anthropic) to generate trend summaries. No personally identifying information (name, email) is included in these requests. See section 5 for details.
- Doctor sharing. If you create a share code, your linked doctor can view your logs. See section 4.
- Transactional emails. Account verification and password reset only. We will not send marketing emails without your explicit consent.
- Security and fraud prevention. Detecting and blocking unauthorised access.
Your data is never sold, used for advertising, or shared with insurers, employers, or pharmaceutical companies.
3. Health data
Health information you log (medications, symptoms, vitals) is sensitive. We treat it accordingly:
- Stored encrypted at rest in Supabase (hosted on AWS in the EU/US, ISO 27001 certified).
- Transmitted over TLS 1.2+ at all times.
- Accessible only to you and people you explicitly share with via a share code.
- Never used for advertising or sold to third parties.
- When used for AI insights, sent without your name or email address attached.
4. Sharing with your doctor
MedTrace uses a 6-character share code system. Here is exactly how it works:
- You generate a code in Settings. The code is random and unique to your account.
- You choose to share that code with a doctor. We never send it on your behalf.
- When a doctor enters your code in their MedTrace app, they gain read-only access to your health logs.
- You can revoke access at any time by generating a new code in Settings. The old code immediately stops working.
- Doctors cannot edit, delete, or export your data. They can leave annotations visible only to you.
5. Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All app data. Stored encrypted, EU/US regions. |
| Anthropic | AI-generated health insights | Your health log entries (no name or email). Anthropic does not train on API data. |
| Expo / EAS | App distribution and updates | App binary only. No health data. |
The app contains no third-party analytics SDKs such as Google Analytics or Facebook Pixel.
6. Data retention and deletion
Your data is kept for as long as your account is active. You can delete your account and all associated data at any time from Settings inside the app. Deletion is permanent and irreversible within 30 days, after which backups are also purged.
If you would like to request an export of your data before deleting, email us at support@med-trace.app and we will send it within 7 days.
7. Security
- Passwords are hashed with bcrypt and never stored in plain text.
- All API communication uses HTTPS (TLS 1.2+).
- Auth tokens expire and are invalidated on logout.
- Database access is restricted to authenticated app services only.
- We conduct periodic security reviews.
No system is perfectly secure. If you discover a vulnerability, please report it to support@med-trace.app and we will respond within 48 hours.
8. Children's privacy
MedTrace is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, please contact us and we will delete it promptly.
9. Changes to this policy
We will notify you of material changes by email and by a notice in the app before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of MedTrace after changes constitutes acceptance of the updated policy.
10. Contact us
Questions, data requests, or concerns about this policy:
We aim to respond within 2 business days.