Privacy Policy | Mediphant

Introduction: Your Privacy, Our Promise

At Mediphant, we exist to help you take control of your health—and that starts with respecting your data. This Privacy Policy explains what we collect, how we use it, what we never do with it, and the rights you have. It's written in plain English to make things clear.

We follow HIPAA, state, and federal privacy laws to the highest standards. Your data belongs to you. Always.

Who We Are & What This Covers

This policy applies to all Mediphant services, including:

• Mediphant.com (the website)
• The Mediphant web and mobile apps
• Elly (your AI healthcare companion)

If you do not agree with this policy, please refrain from using our services.

Our Privacy Commitments (Quick Summary)

• We do not sell your PII (personally identifiable information)
• We do not share it without your permission
• We do not use your data to train AI
• You can delete your account and data anytime
• All data is encrypted at rest and in transit

What Data We Collect (and Why)

We only collect what we need to deliver our services to you:

1. Account Information

• Email address, Name, and password (if applicable)

Used to authenticate you and communicate service-related updates

2. Health Information You Provide

• Files you upload to your Vault or during conversations
• Voice recordings you share with Elly
• Medical records, documents, and notes you provide
• Symptoms, medications, and conditions you discuss or log

Used to build your health timeline, provide personalized responses from Elly, and generate meaningful insights about your health

3. Interaction Data

• Questions and chat messages sent to Elly
• Clickstream or navigation actions within the app (anonymous)

Used to personalize your experience and improve app functionality

4. Device & Technical Info

• Browser type, OS, IP address (anonymized)
• Crash logs and error diagnostics

Used for security, debugging, and performance improvements

How We Use Your Data

We use your data only to:

• Deliver Mediphant's core services
• Provide customer support
• Improve Mediphant's user experience
• Comply with legal and safety obligations

How We Store & Secure Your Data

Mediphant uses industry-standard technical, physical, and administrative safeguards to protect your data against loss, misuse, and unauthorized access.

• Data is encrypted in transit and at rest using AES-256 and TLS 1.2+
• All systems are hosted on HIPAA-compliant cloud infrastructure provided by Amazon Web Services (AWS), with automated geographic redundancy
• Our breach protocol includes immediate mitigation, user notification, and regulator engagement in compliance with HIPAA and applicable state laws

When We Share Your Data

We never share your PII (personally identifiable information) unless one of the following applies:

• You give explicit consent (e.g. you choose to export or share your data)
• We need to comply with legal obligations (e.g. court order or subpoena)
• We use essential service providers under strict contractual obligations

Your Rights & Controls

You have full control over your data and may exercise the following rights at any time:

Right	Description
Access	You can log in to your Mediphant account at any time to view the information you have submitted.
Correction	You may update or correct any information you have entered directly into Mediphant.
Deletion	You may delete your account and all associated data at any time directly from your Profile Settings page.

Cookies & Analytics

Mediphant uses only essential cookies required for platform functionality, such as maintaining session state and securing logins. We do not use third-party ad tracking cookies. However, we do use internal tools to help us understand site performance and improve the product.

Users can control cookie settings through their browser preferences. For example, you may:

• Block or delete cookies using your browser settings
• Use browser extensions to disable analytics scripts

For more information on managing cookies, consult your browser's help section.

Data Retention

• We keep your data as long as your account is active
• Once deleted, your account and data are permanently and immediately removed. This action is irreversible and cannot be undone.
• Metadata used for security/debugging is anonymized post-deletion

Compliance & Regulatory Alignment

Mediphant's privacy practices are designed to comply with:

• The Health Insurance Portability and Accountability Act (HIPAA)
• Applicable state-level privacy laws in the United States (e.g. CCPA)
• Our internal access policies are reviewed quarterly and align with the principles of data minimization, auditability, and least-privilege access

In the event of any security incident, Mediphant follows a structured incident response protocol that includes:

• Immediate containment and impact analysis
• User notification, if applicable
• Notification to federal/state authorities when required
• A full postmortem and system-level remediation plan

Third-Party Service Providers

We use a limited set of third-party vendors to help us deliver and improve Mediphant. Each vendor is vetted for compliance with data protection standards and only has access to data strictly necessary for their services.

These subprocessors are contractually required to implement adequate security and privacy protections and are prohibited from using Mediphant user data for any unrelated purpose.

Policy Versioning and Change History

We maintain a changelog of material updates to this Privacy Policy.

• Version 1.0 – Aug 01, 2025: Initial launch of Mediphant Privacy Policy.
• Future updates will be tracked and summarized here for transparency.

Updates to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify you via email or app notification.

Effective date is always posted at the top.

Contact Us

Have questions or want to exercise your rights?

Email: hello@mediphant.ai

Mailing address: 539 W Commerce St 7718, Dallas TX 75208

Mediphant Privacy Policy