Privacy Policy

Last updated: March 31, 2026

Medcorder, Inc. ("Medcorder," "we," "us," or "our") operates the Medcorder mobile application and related services. Medcorder is a consumer health app designed for patients, their family members, and caregivers in the United States. The Service is not intended for use by healthcare providers acting in their professional capacity.

This Privacy Policy describes how we collect, use, and share information when you use our services.

Information We Collect

Information you provide

• Account information: When you create an account, we collect your phone number for authentication purposes.
• Profile information: You may optionally provide your name and profile photo.
• Recordings and transcripts: When you record a medical appointment, the audio recording and its automatic transcript are stored in our cloud infrastructure.
• Messages and notes: Text messages and notes you create within appointment chat rooms.
• Doctor information: When you search for or add a doctor to an appointment, we store the doctor's name and practice information.

Information collected automatically

• Device information: Device type, operating system version, and unique device identifiers for crash reporting and analytics.
• Usage information: How you interact with the app, including feature usage and session duration.
• Location: With your permission, approximate location for the nearby doctor search feature. Location data is not stored on our servers.

How We Use Your Information

• To provide and maintain the Medcorder service, including recording, transcription, and sharing features
• To authenticate your identity and secure your account
• To enable you to share recordings and notes with family members and caregivers you invite
• To create de-identified datasets for healthcare research, analytics, and commercial licensing (see De-Identified Data below)
• To improve the app through aggregated, anonymized usage analytics
• To provide customer support
• To send service-related notifications (e.g., when someone shares a recording with you)

How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

• With people you choose: When you invite family members or caregivers to an appointment room, they can access the recordings, transcripts, and notes in that room.
• Service providers: We use Google Cloud Platform for infrastructure, Firebase for authentication and data storage, and automatic speech recognition providers for transcription. These providers process data on our behalf under contractual obligations.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• De-identified data: We may create and share de-identified versions of recordings and transcripts for healthcare research, analytics, artificial intelligence development, and other commercial purposes. De-identified data has all personally identifiable information removed from both audio and text and cannot reasonably be used to identify individual users. See De-Identified Data below for details.

De-identified data that cannot be linked back to you is not personal information. When we say "we do not sell your personal information," we mean we never sell data that identifies you or could reasonably be used to identify you.

De-Identified Data

Medcorder creates de-identified versions of recordings and transcripts to support healthcare research and related commercial activities. This section explains what that means and how it works.

What we remove

We remove all personally identifiable information from both the audio recording and the written transcript, including names, phone numbers, dates of birth, addresses, specific dates, and other identifying details.

What remains

The clinical conversation content — discussion of medical topics, treatments, and medications — with no reasonable way to identify who is speaking.

How it is used

De-identified data may be licensed to research institutions, healthcare analytics firms, pharmaceutical companies, and technology companies for purposes including medical research, drug safety analysis, healthcare AI development, and market analytics.

Safeguards

We protect de-identified data through the following commitments:

1. Medcorder takes reasonable measures to ensure that de-identified data cannot be associated with any individual user.
2. Medcorder commits to processing de-identified data only in de-identified form and does not attempt to re-identify it.
3. All recipients of de-identified data are contractually required to maintain its de-identified status and are prohibited from attempting to re-identify the data or contact any individuals.

Your choice

You may opt out of having your recordings included in future de-identified datasets by contacting us at [email protected]. Opting out does not affect your use of the Medcorder app.

Data Security

We protect your information through the following measures:

• All data is encrypted in transit (TLS) and at rest.
• Access to identified (raw) data is restricted to a very small number of Medcorder personnel, accessible only from secured endpoints using passkey biometric authentication.
• De-identified data is maintained separately from identified data.
• No identified data is shared with third parties, except as described in the Service Providers and Legal Requirements sections above.
• Phone-number-based authentication with verification for user accounts.

Data Retention

Your recordings, transcripts, and account data are retained as long as you maintain your Medcorder account. You can delete individual recordings at any time. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

Deletion of your personal data does not affect de-identified data that has already been created, as it can no longer be associated with you.

Children's Privacy

Medcorder is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can delete it.

Your Privacy Rights

Regardless of where you live, you may contact us at [email protected] to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Opt out of de-identified data use

California residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to know what personal information we collect, to request its deletion, and to opt out of the sale of personal information. We do not sell personal information. De-identified data that cannot reasonably be linked to you is not personal information under the CCPA.

Washington residents

We comply with Washington's My Health My Data Act (RCW 19.373). De-identified data that cannot reasonably be used to identify an individual consumer is not consumer health data under the Act. Medcorder meets the Act's de-identification requirements: we take reasonable measures to prevent re-identification, we publicly commit to processing such data only in de-identified form, and we contractually require all recipients to do the same.

Other states

We comply with applicable state privacy laws. If your state provides additional privacy rights, please contact us and we will work with you to honor them.

Breach Notification

In the event of a breach affecting your identifiable health information, we will notify affected users promptly in accordance with applicable federal and state law.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by other means. Your continued use of Medcorder after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, contact us at:

Medcorder, Inc.
Redwood City, CA
[email protected]