Last updated: August 6, 2025

This Privacy Policy outlines how mdcopilot.online ("we", "us", or "our") collects,

uses, stores, and safeguards personal data when you access or use our services. The

service is operated by an individual entrepreneur (a self-employed developer) and is

intended exclusively for licensed medical professionals.

We are committed to protecting your privacy and complying with all applicable data

protection regulations, including the General Data Protection Regulation (GDPR)

and the California Consumer Privacy Act (CCPA).

By accessing or using our services, you confirm that you are a licensed healthcare

professional and that you consent to the terms of this Privacy Policy. If you do not

agree with the policy, please refrain from using the services.

If you have any questions or concerns regarding this policy, you may contact us at:

info@mdcopilot.online

1. Scope of Services

mdcopilot.online offers AI-powered tools designed to assist licensed medical

professionals with the following functions:

 Searching scientific literature and clinical guidelines;

 Clinical decision support;

 Speech-to-text transcription.

These services are strictly limited to qualified medical professionals. The platform

is not intended for public use for individuals lacking verified medical credentials.

Use by individuals under the age of 18 is strictly prohibited.

2. Data We Collect

We collect only the minimal data necessary to provide and operate our services,

including:

 Email address submitted during registration;

 User-submitted content, such as uploaded documents (e.g., PDFs), voice

messages, and chat-based queries – which may include medical information

but not personally identifiable patient data.

We do not collect:

 Cookies or tracking identifiers;

 Device or browser metadata;

 Personally identifiable patient data (e.g., names, addresses, ID numbers).

3. Legal Basis for Processing

We rely on the following legal grounds for processing personal data:

 Consent – Users provide explicit consent by accepting this Privacy Policy

during registration.

 Legitimate interest – We process user queries to fulfill service functionality

and enhance quality.

 Contractual necessity – Email processing is essential for account

authentication and service access.

4. How We Use Your Data

Collected data is used solely for:

 Delivering core service functionality;

 Authenticating users and managing user accounts;

 Processing user inputs and generating AI responses;

 Analyzing anonymized usage statistics (e.g., user count, session data).

We do not use your data for:

 Advertising or marketing purposes;

 Profiling, targeting, or automated decision-making with legal or personal

consequences.

5. Data Processing by External AI Models

Your queries – including text, uploaded documents, and voice transcriptions – may

be processed by third-party AI APIs (such as OpenAI or Mistral) solely to generate

relevant responses. Third-party AI providers act solely as data processors on our

behalf and do not act as joint controllers. Such processing is based on your explicit

consent provided at the time of registration and the submission of each query. We do

not transmit:

 Patient-identifiable data;

 Your email address;

 Any content not explicitly submitted as part of your query.

While we cannot control how external AI providers handle data internally, we take

measures to avoid transmitting any sensitive personal data knowingly.

6. Data Storage and Security

 All data is stored on a secure, privately managed VPS server under our direct

administrative control.

 We implement appropriate technical and organizational safeguards to prevent

unauthorized access, loss, or disclosure.

 Access to user data is restricted to authorized personnel only.

While we cannot control how external AI providers handle data internally, we take

measures to avoid knowingly transmitting any sensitive personal data.

7. Data Retention

 Email addresses are retained until the user deletes their account or submits a

formal deletion request.

 Submitted content (documents, voice inputs, chat history) is temporarily

stored during active sessions and may be deleted automatically thereafter.

 Aggregated, anonymized usage statistics (e.g., visitor counts) may be retained

for internal analytics.

To request account or data deletion, please contact: info@mdcopilot.online

8. User Rights (GDPR / CCPA)

You have the following rights regarding your personal data:

 To access your personal data;

 To request correction or deletion of your data;

 To withdraw consent at any time;

 To object to processing activities;

 To file a complaint with your local data protection authority.

To exercise any of these rights, contact us at info@mdcopilot.online

Please note: Withdrawing consent or requesting data deletion may result in the

termination of your access to the service.

9. No Data Sharing with Third Parties

We do not sell or share your personal data with third parties, including advertisers

or marketing partners.

We do not use third-party analytics or cookies.

The only exception is the technical processing of your queries via external AI APIs,

as detailed above.

10. International Data Transfers

Our servers are hosted in the United States. Please be aware that the United States

does not currently offer an adequate level of data protection as recognized by the

European Commission.

By registering and using our services, you explicitly consent to the international

transfer and processing of your personal data – including to and within the United

States – as necessary to operate and provide the services.

You acknowledge and accept the potential risks associated with such transfers,

including the possibility that your data may not be subject to the same legal

protections as in your home jurisdiction.

11. Children’s Privacy

This service is not intended for individuals under the age of 18. We do not knowingly

collect or process data from minors. If you believe we have inadvertently collected

such data, please contact us immediately.

12. Changes to This Policy

We may periodically update this Privacy Policy.

All changes will be published on this page, with the date of the latest revision

indicated at the top. In the case of significant updates, we may notify users via

email.

Continued use of the service after such changes constitutes your acceptance of the

revised policy.

13. Contact Information

For any inquiries, requests, or concerns regarding this Privacy Policy, please contact

us at:

Email: info@mdcopilot.online

Data Controller: Individual entrepreneur operating the service mdcopilot.online