Mediphant Logo

Mediphant Privacy Policy

Your Privacy, Our Promise. Your data belongs to you. Always.

Effective Date: October 28, 2025

Introduction: Your Privacy, Our Promise

At Mediphant, we exist to help you take control of your health—and that starts with respecting your data. This Privacy Policy explains what we collect, how we use it, what we never do with it, and the rights you have. It's written in plain English to make things clear.

We follow HIPAA, state, and federal privacy laws to the highest standards. Your data belongs to you. Always.

Who We Are & What This Covers

This policy applies to all Mediphant services, including:

  • • Mediphant.com (the website)
  • • The Mediphant web and mobile apps
  • • Elly (your AI healthcare companion)

If you do not agree with this policy, please refrain from using our services.

Our Privacy Commitments (Quick Summary)

  • • We do not sell your PII (personally identifiable information)
  • • We do not share it without your permission
  • • We do not use your data to train AI
  • • You can delete your account and data anytime
  • • All data is encrypted at rest and in transit

What Data We Collect (and Why)

We only collect what we need to deliver our services to you:

1. Account Information

  • • Email address, Name, and password (if applicable)

Used to authenticate you and communicate service-related updates

2. Health Information You Provide

  • • Files you upload to your Vault or during conversations
  • • Voice recordings you share with Elly
  • • Medical records, documents, and notes you provide
  • • Symptoms, medications, and conditions you discuss or log

Used to build your health timeline, provide personalized responses from Elly, and generate meaningful insights about your health

3. Interaction Data

  • • Questions and chat messages sent to Elly
  • • Clickstream or navigation actions within the app (anonymous)

Used to personalize your experience and improve app functionality

4. Device & Technical Info

  • • Browser type, OS, IP address (anonymized)
  • • Crash logs and error diagnostics

Used for security, debugging, and performance improvements

Consent & Data Usage

We collect, use, and disclose personal data only after obtaining explicit consent from you, the data subject. Your consent is obtained when you:

  • • Register for a Mediphant account
  • • Upload documents to your Vault
  • • Engage with Elly (your AI companion)
  • • Accept this Privacy Policy

If we need to use previously collected data for a different purpose than originally disclosed, we will obtain fresh consent from you before such use.

You have the right to withdraw your consent at any time. If you withdraw consent, you may no longer be entitled to receive certain services, promotional messages, or personalized features of Mediphant. We will clearly communicate any such limitations when you withdraw consent.

How We Use Your Data

We use your data only to:

  • • Deliver Mediphant's core services
  • • Provide customer support
  • • Improve Mediphant's user experience
  • • Comply with legal and safety obligations

How We Store & Secure Your Data

Mediphant uses industry-standard technical, physical, and administrative safeguards to protect your data against loss, misuse, and unauthorized access.

  • • Data is encrypted in transit and at rest using AES-256 and TLS 1.2+
  • • All systems are hosted on HIPAA-compliant cloud infrastructure provided by Amazon Web Services (AWS), with automated geographic redundancy
  • • Our breach protocol includes immediate mitigation, user notification, and regulator engagement in compliance with HIPAA and applicable state laws

When We Share Your Data

We never share your PII (personally identifiable information) unless one of the following applies:

  • • You give explicit consent (e.g. you choose to export or share your data)
  • • We need to comply with legal obligations (e.g. court order or subpoena)
  • • We use essential service providers under strict contractual obligations

When user data is obtained from a third party, we verify the identity and validity of that third party before accepting and processing such data.

We will communicate any changes in user data to relevant vendors and service providers who have access to such data, to ensure data consistency and compliance across our platforms.

Your Rights & Controls

You have full control over your data and may exercise the following rights at any time:

RightDescription
AccessYou can log in to your Mediphant account at any time to view the information you have submitted.
CorrectionYou may update or correct any information you have entered directly into Mediphant.
DeletionYou may delete your account and all associated data at any time directly from your Profile Settings page.
Service Level Agreement (SLA): We respond to all customer requests for accessing, modifying, or deleting their personal data within 30 business days. Urgent requests (e.g., related to imminent harm or legal compliance) will be processed within 5 business days.
Authorized Representatives: If an authorized representative or agent requests access to your personal information on your behalf, we will verify their identity and authorization (including through appropriate documentation such as power of attorney or guardianship papers) before granting access to any personal data.

Cookies & Analytics

Mediphant uses only essential cookies required for platform functionality, such as maintaining session state and securing logins. We do not use third-party ad tracking cookies. However, we do use internal tools to help us understand site performance and improve the product.

Users can control cookie settings through their browser preferences. For example, you may:

  • • Block or delete cookies using your browser settings
  • • Use browser extensions to disable analytics scripts

For more information on managing cookies, consult your browser's help section.

Data Retention

  • • We keep your data as long as your account is active
  • • Once deleted, your account and data are permanently and immediately removed. This action is irreversible and cannot be undone.
  • • Metadata used for security/debugging is anonymized post-deletion

Compliance & Regulatory Alignment

Mediphant's privacy practices are designed to comply with:

  • • The Health Insurance Portability and Accountability Act (HIPAA)
  • • Applicable state-level privacy laws in the United States (e.g. CCPA)
  • • Our internal access policies are reviewed quarterly and align with the principles of data minimization, auditability, and least-privilege access

In the event of any security incident, Mediphant follows a structured incident response protocol that includes:

  • • Immediate containment and impact analysis
  • • User notification, if applicable
  • • Notification to federal/state authorities when required
  • • A full postmortem and system-level remediation plan

Third-Party Service Providers

We use a limited set of third-party vendors to help us deliver and improve Mediphant. Each vendor is vetted for compliance with data protection standards and only has access to data strictly necessary for their services.

These subprocessors are contractually required to implement adequate security and privacy protections and are prohibited from using Mediphant user data for any unrelated purpose.

Third Parties from Whom Data May Be Collected: Mediphant may receive personal data about users from trusted third-party sources, including but not limited to healthcare providers, medical data networks, and authorized data intermediaries (with proper HIPAA-compliant Business Associate Agreements in place).

Conditions for Disclosure to Third Parties: Personal data may be disclosed to third parties only under the following conditions: (1) with your explicit written consent, (2) when required by law or valid court order, (3) to authorized healthcare providers with your consent for treatment purposes, (4) to service providers under strict contractual obligations and HIPAA-compliant agreements, or (5) in cases of imminent harm to health or safety when disclosure is necessary to prevent serious harm.

Policy Versioning and Change History

We maintain a changelog of material updates to this Privacy Policy. This Privacy Policy is reviewed annually and updated as necessary to reflect changes in legal, regulatory, or business requirements.

  • • Version 1.0 – Aug 01, 2025: Initial launch of Mediphant Privacy Policy.
  • • Version 1.1 – Oct 28, 2025: Clarified consent & data usage.
  • • Future updates will be tracked and summarized here for transparency.

Updates to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify you via email or app notification.

Effective date is always posted at the top.

Contact Us

Have questions or want to exercise your rights?

Email: compliance@mediphant.ai

Mailing address: 539 W Commerce St 7718, Dallas TX 75208