Privacy Policy

Last updated: January 2026

Privacy-first by design

MediReco is designed so your records stay under your control. The app stores data locally on your device and can back up data to your Google Drive account when enabled. This policy explains what information is processed to operate MediReco and how storage and sync features work.

1. Scope of this policy

This policy applies to the MediReco website, PWA, and related services used for sign-in, sync, product operations, and support of app features. It does not limit rights that may apply under local law.

2. Medical records and health information

Your reports, summaries, medication entries, and profile health details are intended to remain under your control. When Google Drive backup is enabled, files are stored in your Google account. MediReco does not sell or use your health data for advertising.

  • We do not sell personal or health-related data.
  • We do not use your records to train public AI models.
  • We do not share your records for third-party marketing.

3. Information we may process to operate MediReco

To run the product, we may process limited non-record operational data and account information, including:

  • Account details: Google account identifier, display name, email, avatar (for sign-in and profile UI)
  • App metadata: Report title, category, date, sync status, file checksum/hash, and storage references
  • Device/session metadata: Device registration identifiers, session timestamps, and plan usage counters
  • Operational telemetry: Error diagnostics and performance data to maintain reliability and security

4. Google Drive integration

If you enable Google Drive backup or sync features, MediReco uses Google OAuth and Google Drive APIs to create and manage app backup files in your Google account.

  • MediReco never sees your Google password.
  • You can revoke MediReco access from your Google account settings at any time.
  • Backup files may use app-specific formats to support compression, encryption, and restore flows.

5. Local storage and offline data

MediReco uses local browser/device storage (including IndexedDB and related browser storage) for offline access, caching, settings, and app state. Clearing browser/app data may remove local copies and require re-sync or restore steps.

6. AI-assisted features

MediReco may offer OCR, extraction, classification, summarization, translation, or assistant features to help organize records. These features can be inaccurate and must be reviewed before use in medical, legal, insurance, or billing decisions.

7. Security practices

We use reasonable safeguards to protect account and operational data, such as encrypted transport, access controls, and integrity checks. Some sync or backup modes may additionally use feature-level encryption. No method of storage or transmission is guaranteed to be completely secure.

8. Sharing and disclosures

We may share limited information with service providers that help operate MediReco (for example, hosting, authentication, logging, and storage providers) or when required by law. We do not share your data for marketing by third parties.

9. Retention and deletion

  • Local app data: Stays on your device until you delete it or clear browser/app storage.
  • Google Drive backups: Stay in your Google Drive until removed by you or via MediReco actions you initiate.
  • Operational logs/metadata: Retained only as long as reasonably needed for reliability, security, and legal obligations.

10. Your choices and controls

  • You choose whether to enable backup/sync features.
  • You can export or delete data from MediReco, subject to feature availability.
  • You can revoke Google access from your Google account settings.
  • You can stop using MediReco at any time.

11. Changes to this policy

We may update this Privacy Policy to reflect product, legal, or operational changes. Continued use of MediReco after updates means you accept the revised policy.