Privacy Policy – Medikard

Last updated: 05.11.2025

This Privacy Policy explains how Medikard ("the App") handles your personal data when you use it on your mobile device.

Your privacy is very important to us. This document outlines what information we collect, how we use it, and your rights regarding your data.

By using Medikard, you agree to the terms of this Privacy Policy.

If you have any questions about this Privacy Policy, you can contact us at: medikard.team@gmail.com.

1. Data We Collect

The Medikard app is designed to help you store and analyze your personal medical documents. To provide these features, we may collect and process the following types of data:

Health-related documents: including lab test results, prescriptions, vaccination records, medical history, clinical notes, and other health-related files uploaded by you.
Image files: such as photos or scans of medical documents that you choose to import or capture using the app.
Automatically extracted data: including text extracted from documents via OCR (Optical Character Recognition), file names, metadata, and health-related insights generated from document content.
Device data: such as operating system version, app version, device type, and crash reports.
Usage analytics: anonymized or pseudonymized data about how you interact with the app, collected through services like Amplitude Analytics and Firebase Remote Config.

We do not collect any identifying personal information (such as name or email address), and you are not required to create an account to use the app.

2. How We Use the Data

We use the data you provide and the data generated by the app solely for the purpose of delivering the core functionality of Medikard. Specifically, we use the data to:

Store and organize your medical documents locally on your device and in secure cloud storage.
Extract text from documents using Google Cloud Vision to make content searchable and readable.
Analyze and interpret lab results or other document content using the OpenAI API, providing additional explanations and health-related context.
Generate structured summaries or visualizations from health data using external APIs such as Azure Document Intelligence.
Adapt the app’s behavior and feature availability via Firebase Remote Config, based on region or usage patterns.
Collect anonymous usage metrics and crash logs via Amplitude Analytics and Firebase to improve performance, usability, and reliability.

We do not use your data for advertising, and we do not share your personal health information with third parties for marketing or commercial purposes.

3. Legal Basis for Processing (for Users in the EU)

In accordance with the General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:

Your Consent: By using Medikard and uploading medical documents, you consent to the processing of health-related data for the purpose of organizing, analyzing, and interpreting that information within the app.
Performance of a Contract: The processing is necessary to provide the app’s core functionality, such as storing your documents, extracting content, and displaying results.
Legitimate Interests: We use limited technical and usage data (such as crash reports and feature usage) to improve app performance and ensure the proper operation of the app. This processing does not override your fundamental rights and freedoms.

For sensitive personal data (such as health information), we rely explicitly on your informed consent, which is implied through your active use of the app’s core features.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. However, to provide core functionality, Medikard makes use of third-party service providers that process data on our behalf. These services are used solely for the purposes of enabling features, extracting content from documents, and improving the app.

Specifically, we may share limited data with the following categories of third-party processors:

Google Cloud Vision API – used to extract text content from scanned or uploaded documents via Optical Character Recognition (OCR).
OpenAI API – used to analyze medical content and provide explanations or summaries based on extracted document data.
Azure Document Intelligence – used to structure certain types of medical content such as lab test results into table format for easier understanding.
Firebase Remote Config – used to adapt features based on app version, region, or internal testing flags (no personal data is stored).
Amplitude Analytics – used to track app usage and errors in an anonymous or pseudonymized form to improve performance and user experience.

All third-party services are bound by their own privacy and security terms. Data is shared with them only to the extent necessary to provide Medikard's features, and never for marketing or profiling purposes.

Your medical documents and their content are not shared with any third party beyond the listed processors above.

5. Data Storage and Retention

Your medical documents and related data are stored securely on your device.

We retain your data only for as long as necessary to provide the app’s functionality. Since Medikard does not use accounts or cloud backups linked to personal identifiers, all user data is isolated per device installation.

You are in full control of your data:

You may delete individual documents or all documents at any time from within the app.
A dedicated “Delete all data” option is available in the Settings screen, which removes all user-provided content from the device and cloud storage.

We do not retain any personal or health-related data on external servers after it has been deleted by the user.

6. Your Rights

If you are located in the European Union or other jurisdictions with data protection laws, you have the following rights regarding your personal data:

Right of access: You may request a summary of the personal data stored or processed by the app.
Right to rectification: You may correct or update any inaccurate or incomplete information you have provided.
Right to erasure: You may delete your data at any time using the in-app “Delete all data” option.
Right to object: You may object to certain types of data processing, such as analytics, by contacting us.
Right to data portability: You may request an export of your medical data in a readable format (coming soon in future versions of the app).
Right to withdraw consent: You may withdraw your consent to data processing at any time by ceasing use of the app and deleting your data.

To exercise any of these rights or to make a privacy-related request, please contact us at medikard.team@gmail.com.

7. Security Measures

We take data security seriously and implement appropriate technical and organizational measures to protect your medical information from unauthorized access, loss, or misuse.

All personal and medical data is stored locally on your device. Medikard does not upload your documents, extracted text, or health content to any external cloud storage or servers.

Specifically:

Document content and analysis results are saved only on your device and are never transmitted or stored remotely.
Any communication with third-party services (e.g., for text extraction or analysis) is encrypted via HTTPS (TLS) and limited to the purpose of processing the file content in real time.
No personal identifiers (such as name, email, or account ID) are associated with your documents or usage data.
Access to processing APIs is secured using restricted API keys and service accounts with minimum required privileges.
Users can permanently delete all stored data directly from the app.

Although we do not store any of your health data remotely, we still follow best practices in minimizing data exposure during processing. However, please note that no method of transmission or storage is entirely immune to risk.

8. International Data Transfers

Although Medikard does not store any personal or medical data in the cloud, certain features of the app require temporarily transmitting document content to third-party processing services. These services may be located outside the European Economic Area (EEA), including in the United States.

When such transfers occur, we take steps to ensure that your data is handled securely and in compliance with applicable data protection laws. Specifically:

All data transmissions are encrypted using secure HTTPS connections (TLS).
We only use third-party service providers that commit to high levels of security and data protection compliance, such as Google Cloud (Vision API), OpenAI, and Microsoft Azure.
Where applicable, data transfers are subject to Standard Contractual Clauses (SCCs) or similar legal mechanisms approved under GDPR.
No identifying information (such as name or contact details) is ever included in the data sent for processing.

These transfers are limited to real-time processing and do not result in long-term storage or profiling of users by these third-party services.

9. Children’s Privacy

Medikard is not intended for use by children under the age of 16. We do not knowingly collect, store, or process personal data from anyone under this age without verified parental consent, as required by applicable law.

If you are a parent or legal guardian and you believe that your child has provided personal or medical information through the app, please contact us immediately at medikard.team@gmail.com. We will take steps to investigate and, if necessary, delete the information.

We encourage parents and guardians to supervise their children's use of mobile applications that may involve sensitive data such as health records.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the app’s functionality, legal requirements, or improvements to our data protection practices.

When changes are made, we will update the “Last updated” date at the top of this page. In case of significant changes, we may notify users through the app interface or through other reasonable means.

We encourage you to review this Privacy Policy periodically to stay informed about how your data is handled.

11. Account & Authentication (Sign in with Apple)

Medikard uses Sign in with Apple for authentication. When you sign in, Apple may share a stable identifier and, if permitted, your name and email address (which may use Apple's private relay). We store your Apple user identifier to recognise your account and provide the Service. You can revoke access at any time in iOS Settings » Apple ID » Password & Security » Apps Using Your Apple ID. Revoking access may disable your account.

12. AI-Generated Content — Important Disclaimer

Medikard may provide AI-generated explanations or summaries. Such output can be inaccurate, incomplete, or misleading and is provided for informational purposes only. It is not professional advice.

No Medical Advice

Medikard does not provide medical advice, diagnosis, or treatment. Always seek the advice of a qualified health professional with any questions you may have. Never disregard professional advice or delay seeking it because of anything presented in the app.

User Responsibility & Limitation of Liability

You are solely responsible for how you interpret or act upon AI output. To the maximum extent permitted by law, the Developer assumes no liability for decisions, actions, omissions, damages, or losses arising from reliance on AI-generated content or from the use of the Service.

13. Contact & Legal Entity

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at:

Email: medikard.team@gmail.com

We will respond to your request as soon as reasonably possible and always within the time limits required by applicable data protection laws.

Medikard is developed by Anton Sidarau, a legal entity based in Poland.
NIP: 5213987286
Address: ul. Juliana Tuwima 48/11, 90-021 Łódź, Poland
Email: info@asidarau.eu
All rights reserved.