M
MDAid
ProductPricingReferrals
Sign inStart free trial
Legal

Privacy Policy

Last updated: June 10, 2026

1. Information We Collect

We collect the following types of information when you use MD Aid, Inc. Practice Assistant ("the Service"):

  • Account information — Name, email address, and authentication data managed by our own authentication system (not shared with a third-party identity provider, except Google if you choose to sign in with Google)
  • Chat messages — Text conversations between you and the AI assistant
  • Voice recordings — Audio submitted through voice mode for transcription
  • Usage data — How you interact with the Service, including pages visited and features used
  • Device and browser information — Browser type, operating system, and device identifiers

2. How We Use Your Information

We use the information we collect to:

  • Provide AI-powered responses to your questions using your clinic's knowledge materials
  • Maintain conversation history so the assistant can provide contextual responses
  • Improve the quality and accuracy of the Service
  • Analyze usage patterns to enhance the user experience
  • Ensure the security and integrity of the Service

3. Aggregated & De-Identified Data

We may create aggregated or de-identified data from information collected through the Service. Any de-identification of protected health information is performed to recognized standards (HIPAA Safe Harbor or Expert Determination), so the result cannot reasonably be used to identify you. We do not sell your data, and we do not use clinic or patient data to train machine learning models. For clinical use under a Business Associate Agreement, we do not use de-identified data for any secondary purpose beyond operating and improving the Service for that clinic, except as that agreement permits.

4. Third-Party Services & Data Sharing

The Service uses third-party providers (sub-processors) to deliver its functionality, including:

  • AWS Bedrock — AI response generation (Anthropic Claude) and text embeddings/reranking (Cohere)
  • Amazon Web Services (AWS) — application hosting, database, file storage, encryption (KMS), and email delivery (SES)
  • Deepgram — voice transcription
  • Sentry — error monitoring (request bodies, cookies, and authentication headers are scrubbed before transmission, and session replays are fully masked)
  • PostHog — product analytics on clinician and marketing surfaces only (autocapture is disabled, and analytics is not used at all on patient-facing chat or symptom-search surfaces)
  • Stripe — billing and payments for clinics (clinic billing details only; no patient information)
  • Google — used only if you choose to sign in with Google (authentication), and for clinic-profile location features used by clinicians

We share data with these sub-processors only as needed to provide the Service, under contractual data-protection terms, including Business Associate Agreements where protected health information is involved. Protected health information is processed only within US-region AWS and AWS Bedrock. We do not sell your data.

5. Business Transfers

If MD Aid, Inc. is involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy, and any successor will be bound by commitments at least as protective as this policy, including the no-sale and no-AI-training commitments above.

6. Data Storage, Security, and International Transfers

Your data is encrypted in transit using TLS and stored on cloud infrastructure hosted in the United States. By using the Service, you consent to the transfer, processing, and storage of your information in the United States.

We implement reasonable technical and organizational measures to protect your information against unauthorized access, alteration, or destruction.

7. Data Retention

Chat history is retained for the purpose of providing contextual responses within your conversations and allowing you to review past sessions, and is automatically deleted on a rolling retention schedule (currently two years). Voice recordings are retained for transcription processing and service-quality monitoring — never for AI model training. You may request deletion of your data at any time by contacting us.

8. HIPAA Notice

MD Aid is built for HIPAA-regulated use. For clinical use involving protected health information (PHI), MD Aid acts as a HIPAA Business Associate, and a Business Associate Agreement (BAA) is available and required. PHI is encrypted with AWS KMS envelope encryption, processed only within US-region AWS and AWS Bedrock, and is never used to train AI models or sold.

9. Your Rights

You have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate personal data
  • Deletion — Request deletion of your personal data
  • Data portability — Request your data in a structured, machine-readable format

To exercise any of these rights, please contact us at privacy@md-aid.com.

Where MD Aid holds your information as a HIPAA Business Associate of your clinic (Standard mode), your clinic controls that record. Please direct access, correction, and deletion requests to your clinic, and we will support its response as required by our Business Associate Agreement. For information collected when the assistant operates in Privacy-First mode, our Consumer Health Data Privacy Policy describes additional rights that apply to consumer health data.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

11. Cookies and Tracking

The Service uses session cookies for authentication and maintaining your signed-in state. We do not use third-party advertising trackers. We use PostHog for product analytics on clinician and marketing surfaces only, with autocapture disabled; on patient-facing chat and symptom-search surfaces, analytics is not used at all.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date, and we will provide reasonable advance notice of material changes (in the Service or by email, where feasible) before they take effect. Where required by law — including for material changes to how we handle consumer health data — we will obtain fresh consent before applying the change to previously collected information.

13. Contact Information

If you have questions about this Privacy Policy or how we handle your data, please contact us at privacy@md-aid.com.

M
MDAid
PricingReferralsSign inTerms of ServicePrivacy PolicyConsumer Health Data Privacy
© 2026 MDAid · For informational purposes only.