1. Introduction
Medico ("we," "us," or "our") operates the Medico mobile application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
Medico is designed to help individuals manage their medications, health records, and care plans. We understand the sensitivity of health-related data and are committed to protecting your privacy in accordance with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA) where applicable.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, phone number, and date of birth when you create an account.
- Health Information: Medications, dosages, schedules, health conditions, lab reports, care plans, symptom logs, and provider information that you enter into the app.
- Provider Recordings: Audio recordings of healthcare provider conversations that you choose to record and transcribe through the app.
- Caregiver Information: If you designate a caregiver, we collect information necessary to enable caregiver access and permissions.
- Emergency Profile: Emergency contacts, allergies, and critical health information you provide for your emergency profile.
2.2 Information Collected Automatically
- Device Information: Device type, operating system, unique device identifiers, and mobile network information.
- Usage Data: App interaction data, feature usage patterns, and error logs to improve our Service.
- Push Notification Tokens: Device tokens used to deliver medication reminders and health notifications.
2.3 Information from Third-Party Services
- Authentication: We use AWS Cognito for secure authentication. We receive your verified identity information from this service.
- Drug Information: We access publicly available drug databases (RxNorm, FDA) to provide medication information, interaction alerts, and side effect data. No personal data is shared with these services.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service, including medication tracking, reminders, and health insights.
- Generate personalized health insights and care plan recommendations using artificial intelligence (see Section 5).
- Send medication reminders, appointment notifications, and health alerts.
- Detect drug interactions and provide safety alerts based on your medication profile.
- Transcribe provider recordings to help you maintain records of healthcare conversations.
- Provide caregiver access to designated individuals with permissions you control.
- Deliver personalized health news based on your health conditions.
- Respond to your requests, comments, and questions.
- Monitor and analyze usage trends to improve the Service.
4. Data Storage and Security
4.1 Where We Store Your Data
- On Your Device: Medico stores health data locally on your device using encrypted SQLite databases. This enables offline access and reduces reliance on network connectivity.
- Cloud Infrastructure: Account data and synchronized health records are stored on secure servers hosted by Amazon Web Services (AWS) in the United States.
- Recordings: Provider recording audio files are stored in encrypted Amazon S3 buckets with server-side encryption.
4.2 Security Measures
- Data in transit is encrypted using TLS/SSL.
- Data at rest is encrypted using industry-standard encryption (AES-256).
- Authentication is handled through AWS Cognito with secure token management.
- Per-user database isolation ensures that each user's health data is stored separately.
- Access controls and audit logging are in place for backend systems.
- We conduct regular security reviews of our application and infrastructure.
5. Artificial Intelligence and Health Insights
Medico uses AI services (including Google Gemini and other large language models) to:
- Generate health insights based on your medications, lab results, and health conditions.
- Suggest questions to discuss with your healthcare provider.
- Transcribe audio recordings of provider conversations.
- Summarize and curate health news articles relevant to your conditions.
- Answer health-related questions based on your Medico records.
Important: When your health data is sent to AI services for processing, it is transmitted securely and used solely to generate your personalized results. We do not permit AI service providers to use your health data to train their models. AI-generated content is informational only and does not constitute medical advice.
6. HIPAA Compliance
Medico takes the following measures in alignment with HIPAA requirements:
- Protected Health Information (PHI): We treat all health information you provide as protected and apply administrative, technical, and physical safeguards.
- Minimum Necessary Standard: We limit access to your health information to the minimum necessary for each function of the Service.
- Business Associate Agreements: We maintain Business Associate Agreements (BAAs) with third-party service providers who may access PHI on our behalf.
- Breach Notification: In the event of a data breach involving your PHI, we will notify you and applicable regulatory authorities as required by HIPAA.
- Patient Rights: You have the right to access, amend, and request an accounting of disclosures of your PHI. Contact us to exercise these rights.
Note: Medico is a personal health management tool. If you are a healthcare provider or covered entity, please contact us regarding specific HIPAA compliance requirements for your use case.
7. Information Sharing and Disclosure
We do not sell your personal information or health data. We may share information in the following limited circumstances:
- With Your Consent: When you designate a caregiver, you control what information they can access through granular permissions.
- Service Providers: With trusted third-party vendors who assist in operating our Service (cloud hosting, AI processing, push notifications), subject to confidentiality obligations and, where applicable, Business Associate Agreements.
- Legal Requirements: When required by law, subpoena, court order, or governmental regulation.
- Safety: When we believe disclosure is necessary to protect the rights, safety, or property of our users or the public, including in emergency situations (e.g., SOS alerts you initiate).
8. Your Rights and Choices
- Access and Export: You can view all health data stored in Medico at any time through the app.
- Correction: You can update or correct your health information directly in the app.
- Deletion: You can request deletion of your account and associated data by contacting us at the address below.
- Notification Preferences: You can customize which notifications you receive through the app's Settings.
- Caregiver Access: You can add, modify, or revoke caregiver permissions at any time.
- Device Permissions: You can control app permissions (camera, microphone, calendar, notifications) through your device settings.
9. Data Retention
We retain your health data for as long as your account is active. If you delete your account, we will delete or de-identify your personal information within 30 days, except where retention is required by law or necessary to resolve disputes.
Local data stored on your device is managed by you and can be cleared by uninstalling the app or clearing app data.
10. Children's Privacy
Medico is not intended for use by individuals under the age of 18 without the involvement of a parent, guardian, or caregiver. Caregiver accounts may be used to manage health information for dependents of any age. We do not knowingly collect personal information from children under 13 without parental consent.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by email. Your continued use of the Service after such changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy, your health data, or wish to exercise your rights, please contact us:
Last Updated: April 8, 2026