Privacy policy

Total commitment to the confidentiality of your medical data
At MediConsult, your data belongs only to you. This policy details how we collect, use, and protect your medical and personal information with the highest security standards.

1. Information we collect

To provide accurate and secure AI‑assisted medical consultations, we need certain data. Everything is handled with strict confidentiality:

Identification dataName, date of birth, sex (optional, for clinical context).
Contact detailsEmail and/or phone (only for appointments or results).
Medical historySymptoms, allergies, medications, previous diagnoses you share during the consultation.
Usage dataAnonymous interactions to improve our AI models (strictly aggregated).

We never ask for unnecessary information; only what is essential for quality of care.

2. Legal basis and consent

We process your data only with your explicit consent (Art. 6.1(a) GDPR) and, when necessary for the provision of healthcare services, under Art. 9.2(h) (medical purposes).

You may withdraw your consent at any time from your account settings, without affecting the lawfulness of processing before withdrawal.

3. Security measures and confidentiality

We have implemented state‑of‑the‑art technical and organisational safeguards:

  • End‑to‑end encryption (AES‑256) for all data in transit and at rest.
  • Multi‑factor authentication (MFA) mandatory for healthcare professionals.
  • Access audits – every consultation is logged and any improper access is detectable.
  • Anonymisation of datasets used to train the AI.
  • Infrastructure in data centers with ISO 27001 and HITRUST certifications.
Clinical and technical staff are bound by strict confidentiality agreements (NDA) and privacy training.

4. Data sharing

We only share information in these limited cases and always under strict conditions:

  • With the physician handling your consultation (within the same secure platform).
  • Technology providers (hosting, analytics) who act as data processors and comply with applicable law.
  • Legal obligation (court order – whenever possible we will notify you).

We never sell your data to third parties or use it for advertising.

5. Your rights

You may exercise at any time the rights of access, rectification, erasure, restriction, portability and objection. To do so, write to privacy@mediconsult.ai or use the settings panel.

You also have the right to lodge a complaint with a supervisory authority (e.g., the ICO in the UK, or equivalent).

6. Data retention

We keep your consultation history for as long as necessary for medical purposes (typically 5 years due to healthcare legal requirements). Anonymised data may be retained indefinitely for AI improvement, but without any possibility of identification.

7. Minors

MediConsult is not directed at individuals under 14. If you are a minor, you need parental or guardian consent. If we become aware of unauthorised registrations, we will delete the information immediately.

8. Changes to this policy

We will update this policy when necessary to reflect security improvements or legal changes. We will notify you in advance if changes are significant (via in‑app notice or email).

Last revised: 15 February 2026.

Data Protection Officer

If you have specific privacy questions, contact our DPO directly: dpo@mediconsult.ai