Privacy Policy

1. Introduction

MedFlow ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered clinical documentation platform.

As a healthcare technology platform designed for Saudi physicians, we comply with Saudi Arabia's Personal Data Protection Law (PDPL) and international healthcare privacy standards.

2. Information We Collect

2.1 Personal Information

• Name, email address, and professional credentials
• Medical license information and institution affiliation
• Device information and IP address
• Usage data and preferences

2.2 Clinical Data

• Audio recordings of patient consultations (with patient consent)
• Generated clinical notes and transcriptions
• Session metadata (date, duration, status)

3. How We Use Your Information

• Provide AI-powered transcription and clinical note generation services
• Maintain and improve our platform's functionality
• Ensure platform security and prevent unauthorized access
• Communicate with you about service updates and support
• Comply with legal and regulatory requirements

4. Data Security and Protection

We implement industry-standard security measures to protect your data:

• End-to-end encryption for all data transmission
• Secure cloud storage with access controls
• Regular security audits and vulnerability assessments
• Multi-factor authentication for account access
• Compliance with healthcare data protection standards

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in these limited circumstances:

• With your explicit consent
• To comply with legal obligations or court orders
• To protect the rights and safety of our users
• With trusted service providers under strict confidentiality agreements

6. Data Retention

We retain your data only as long as necessary to provide our services and comply with legal requirements:

• Clinical data: As per Saudi medical record retention requirements
• Account information: Until account deletion or 7 years of inactivity
• Usage data: Up to 2 years for service improvement

7. Your Rights

Under Saudi Arabia's PDPL, you have the right to:

• Access your personal data
• Correct inaccurate information
• Request deletion of your data
• Object to processing in certain circumstances
• Data portability

8. International Data Transfers

Your data may be processed in countries outside Saudi Arabia. We ensure appropriate safeguards are in place to protect your data according to Saudi data protection laws and international standards.

9. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by email or through our platform. Your continued use of our services constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: