Privacy Policy

Last updated: 1 May 2026

This Privacy Policy describes how Supecoder (“we”, “us”) collects, uses, and shares information when you use the MedAI mobile application and the website at medaibd.health (collectively, the “Service”).

1. Who we are

MedAI is operated by Supecoder, a Bangladesh-based software company. For privacy-related questions, contact privacy@medaibd.health.

2. Information we collect

2.1 Account information

• When you sign in with Google, we receive your name, email address, and profile picture.
• We do not receive your Google password.

2.2 Health-related information you provide

• Prescription images you capture or upload for analysis.
• Test report images you upload for extraction.
• Medication schedules and reminders you create.
• Notes and chat queries you type into the AI assistant.

2.3 Technical information

• Device model, operating system version, and app version (used to diagnose crashes and select the right on-device AI model).
• IP address and approximate region (logged transiently by the API for security and rate limiting).
• Crash reports and non-identifying performance metrics, if you have those enabled in your device settings.

2.4 What we do NOT collect

• We do not collect your precise location.
• We do not collect your contacts, SMS, call logs, or microphone audio.
• We do not sell your personal data to advertisers. Ever.

3. How your data is processed

3.1 On-device processing

Prescription analysis runs entirely on your device using on-device AI. Your prescription image, the analysis, and the extracted text never leave your device. We do not upload prescription images to any server for analysis.

3.2 Interaction checking

Drug interaction checks are performed against a static, on-device database. No personal information leaves your device for this feature.

4. Service providers

We share account data only with the following processors, only as required to operate the Service:

• Google — authentication (Sign-In with Google).
• MongoDB Atlas — database hosting for your account and reminders metadata.
• Cloud hosting provider — runs our API server (api.medaibd.health).

We do not send your prescription images, analysis results, or any health-related content to third-party AI providers.

5. How long we keep your data

• Account data is kept while your account exists.
• Prescription analysis results live on your device and are kept until you delete them or uninstall the app.
• API access logs are retained for up to 30 days for security purposes.

6. Your rights

You can, at any time:

• View and delete any prescription analysis or reminder from within the app.
• Delete your entire account and all associated data by sending a deletion request to privacy@medaibd.health from your registered email address, or by submitting a request at medaibd.health/delete-account. We will permanently delete your account and all associated data within 30 days of verification.
• Export your data by emailing privacy@medaibd.health with your registered email address.
• Withdraw consent by signing out and uninstalling the app.

7. Security

• All traffic between the app and our API uses HTTPS (TLS 1.2+).
• Authentication tokens on your device are stored in Android EncryptedSharedPreferences / iOS Keychain.
• Prescription images stay on your device — they are never transmitted to our servers.
• Backend access is restricted and logged.

No system is perfectly secure. We do not guarantee the absolute security of your data, but we work continuously to reduce risk.

8. Children

MedAI is intended for users 18 years of age or older. We do not knowingly collect data from children. If you believe a minor has used the Service, contact us and we will delete the data.

9. Medical disclaimer

MedAI is an informational tool. It is not a substitute for professional medical advice, diagnosis, or treatment. Always consult a licensed pharmacist or doctor before acting on information shown by the app. Do not delay seeking medical advice because of something you read in the Service.

10. International transfers

Some of our service providers (MongoDB Atlas, our cloud hosting provider) operate servers outside Bangladesh. By using the Service you consent to your account information being transferred and processed in those countries under contracts that require equivalent privacy protections.

11. Changes to this policy

If we make material changes, we will update the "Last updated" date and, for significant changes, notify you in the app. Continued use of the Service after changes take effect means you accept the revised policy.

12. Contact

Questions, requests, or complaints:
Supecoder · privacy@medaibd.health