MEDICEVER PRIVACY POLICY

Last update: May 15, 2025

1. PLATFORM NATURE AND PURPOSE

Medicever (medicever.com) is an educational and informational health platform. The Platform:

  • Does not conduct medical diagnosis nor replace professional medical consultations

  • Operates exclusively within web browsers without requiring application installation

  • Has been designed with user anonymity as a foundational principle

Critical Disclaimer: All content is strictly educational and does not constitute medical advice. Users should always consult qualified healthcare professionals for medical decisions.

2. PRIVACY PRINCIPLES

2.1 Data Minimization

  • Registration without Personal Data: Users may provide any information (including fictitious data) and use pseudonyms

  • Voluntary Data Sharing: Medical data transmitted (e.g., test results) is limited exclusively to information selected by the user

  • No Tracking Technology: We do not employ tracking technologies (Google Analytics, Facebook Pixel), advertising cookies, or profiling mechanisms

2.2 Technical Security

  • Installation-Free Architecture: Browser-based operation eliminates malware infection risks and banking data theft

  • Encryption: All connections protected by SSL/TLS protocols

  • Limited Storage: Medical data is processed solely during sessions and is not permanently stored

3. DATA COLLECTION CATEGORIES

3.1 User-Provided Data

  • Voluntary: Pseudonyms, temporary email addresses, medical information consciously shared by users

  • Technical: IP addresses (for security purposes), browser type, session time (maximum 90 days retention)

3.2 Excluded Data

We do NOT collect:

  • Location data

  • Financial information

  • Biometric data

  • Activity history outside our platform

  • Any personal data without explicit informed consent

4. LEGAL BASES FOR PROCESSING

4.1 General Processing (Article 6 GDPR)

  • Voluntary user consent (Article 6(1)(a))

  • Legitimate interests of the Data Controller (platform security, Article 6(1)(f))

4.2 Medical Data (Article 9 GDPR)

  • Processing exclusively based on explicit consent

  • Default anonymization: Medical data is not linked to identifiers

  • Scope limited to information explicitly shared by users

5. DATA TRANSFER AND RETENTION

5.1 Data Sharing Principles

  • No sale, sharing, or commercialization of data

  • Exceptions: Legal requirements (court orders), hosting with Squarespace under appropriate safeguards

5.2 Retention Periods

  • Account Data: Until deletion by user

  • Medical Data: Session duration only

  • Technical Logs: Maximum 90 days

  • Account Deletion: Complete data erasure within 30 days

6. USER RIGHTS

Users have the right to:

  • Access their data

  • Rectification or erasure of data

  • Data portability

  • Object to processing

  • Withdraw consent at any time

  • Lodge complaints with supervisory authorities

EU Users: European Data Protection Board (EDPB) and national authorities US Users: State privacy authorities as applicable

7. SECURITY MEASURES

7.1 Technical Safeguards

  • Hosting in Tier III data centers (USA) with full redundancy

  • Global CDN network

  • Regular security audits

  • 24/7 infrastructure monitoring

7.2 Organizational Measures

  • Restricted personnel access to data

  • Data protection training programs

  • Incident response procedures within 72 hours

  • Regular compliance assessments

8. REGULATORY COMPLIANCE

This Policy complies with:

  • General Data Protection Regulation (EU) 2016/679

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

  • California Online Privacy Protection Act (CalOPPA)

  • Poland's Personal Data Protection Act

Important Note: The Platform is not subject to HIPAA regulations as it functions as an educational tool only.

9. INTERNATIONAL DATA TRANSFERS

Data may be transferred outside the European Economic Area (EEA) to the United States where our hosting infrastructure is located. Such transfers are protected by:

  • Standard Contractual Clauses approved by the European Commission

  • Appropriate technical and organizational measures

  • Ongoing adequacy assessments

10. CONTACT AND POLICY UPDATES

  • Data Controller: MEDICEVER LLC, 131 Continental Drive, Suite 305, Newark, DE 19713, USA

  • Privacy Contact: support@medicever.com

  • Response Time: Within 30 days maximum

  • Policy Updates: Communicated through the platform. Current version available at: medicever.com/privacy

11. DATA PROTECTION BY DESIGN COMMITMENT

Medicever implements "Privacy by Design" principles, minimizing data collection while maximizing user control. Medical data is never linked to identifiers, and the platform architecture prevents unauthorized access. All new features undergo Data Protection Impact Assessment (DPIA) before implementation.

We conduct regular privacy reviews and maintain documentation demonstrating compliance with applicable data protection laws. Our commitment extends beyond legal requirements to ethical data stewardship.

12. BREACH NOTIFICATION

In the event of a personal data breach likely to result in high risk to user rights and freedoms:

  • EU Users: Notification within 72 hours to relevant supervisory authorities

  • Affected Users: Direct notification without undue delay when feasible

  • US Users: Notification according to applicable state breach notification laws

13. CHILDREN'S PRIVACY

The Platform is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the information immediately and implement additional safeguards.

14. AUTOMATED DECISION-MAKING

The Platform does not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects users. Any algorithmic processing is limited to basic functionality and user experience optimization.

EXECUTIVE SUMMARY

"Your data security stems from the fact that we don't possess it. We do not collect, process, or share information beyond the absolute minimum necessary to provide educational services. Your health, your data, your control."

This Privacy Policy reflects our fundamental commitment to user privacy through technological design rather than mere policy statements. We believe privacy is a right, not a privilege, and our platform architecture embodies this principle.

Last Updated: May 15, 2025