Privacy Policy

Last updated: 1 May 2026

This Privacy Policy describes how Supecoder (“we”, “us”) collects, uses, and shares information when you use the MedAI mobile application and the website at medaibd.health (collectively, the “Service”).

1. Who we are

MedAI is operated by Supecoder, a Bangladesh-based software company. For privacy-related questions, contact privacy@medaibd.health.

2. Information we collect

2.1 Account information

• When you sign in with Google, we receive your name, email address, and profile picture.
• We do not receive your Google password.

2.2 Health-related information you provide

• Prescription images you capture or upload for analysis.
• Test report images you upload for extraction.
• Medication schedules and reminders you create.
• Notes and chat queries you type into the AI assistant.

2.3 Technical information

• Device model, operating system version, and app version (used to diagnose crashes and select the right on-device AI model).
• IP address and approximate region (logged transiently by the API for security and rate limiting).
• Crash reports and non-identifying performance metrics, if you have those enabled in your device settings.

2.4 What we do NOT collect

• We do not collect your precise location.
• We do not collect your contacts, SMS, call logs, or microphone audio.
• We do not sell your personal data to advertisers. Ever.

3. How your data is processed

3.1 On-device processing (preferred)

On capable phones, prescription analysis runs entirely on your device using a local Gemma model. Your prescription image, the model's reasoning, and the extracted text never leave the device.

3.2 Cloud fallback

On older phones, or if you choose cloud mode in settings, your prescription image is sent to our backend server, then forwarded to OpenAI for analysis. The image is stored transiently in our object storage (UploadThing) and is deleted after analysis completes. The structured analysis result (medicine names, dosages, instructions) is stored in your account so you can revisit it.

3.3 Interaction checking

Drug interaction checks are performed against a static, on-device database. No personal information leaves your device for this feature.

4. Service providers

We share data only with the following processors, only as required to operate the Service:

• Google — authentication (Sign-In with Google).
• OpenAI — prescription image analysis when cloud mode is used. OpenAI does not use your data to train its models when accessed via the API.
• UploadThing — short-lived storage of prescription images for cloud analysis.
• MongoDB Atlas — database hosting for your account, prescription history, and reminders.
• Cloud hosting provider — runs our API server (api.medaibd.health).

5. How long we keep your data

• Account data is kept while your account exists.
• Prescription analysis results are kept until you delete them or your account.
• Raw prescription images uploaded for cloud analysis are deleted within 24 hours of analysis.
• API access logs are retained for up to 30 days for security purposes.

6. Your rights

You can, at any time:

• View and delete any prescription analysis or reminder from within the app.
• Delete your entire account and all associated data by sending a deletion request to privacy@medaibd.health from your registered email address, or by submitting a request at medaibd.health/delete-account. We will permanently delete your account and all associated data within 30 days of verification.
• Export your data by emailing privacy@medaibd.health with your registered email address.
• Withdraw consent by signing out and uninstalling the app.

7. Security

• All traffic between the app and our API uses HTTPS (TLS 1.2+).
• Authentication tokens on your device are stored in Android EncryptedSharedPreferences / iOS Keychain.
• Prescription images sent to the cloud use signed, expiring upload URLs.
• Backend access is restricted and logged.

No system is perfectly secure. We do not guarantee the absolute security of your data, but we work continuously to reduce risk.

8. Children

MedAI is intended for users 18 years of age or older. We do not knowingly collect data from children. If you believe a minor has used the Service, contact us and we will delete the data.

9. Medical disclaimer

MedAI is an informational tool. It is not a substitute for professional medical advice, diagnosis, or treatment. Always consult a licensed pharmacist or doctor before acting on information shown by the app. Do not delay seeking medical advice because of something you read in the Service.

10. International transfers

Some of our service providers (OpenAI, MongoDB Atlas, UploadThing) operate servers outside Bangladesh. By using the Service you consent to your information being transferred and processed in those countries under contracts that require equivalent privacy protections.

11. Changes to this policy

If we make material changes, we will update the "Last updated" date and, for significant changes, notify you in the app. Continued use of the Service after changes take effect means you accept the revised policy.

12. Contact

Questions, requests, or complaints:
Supecoder · privacy@medaibd.health