Privacy Policy

Introduction

MedExplore Health Technologies ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health tourism platform (MedExplore) and mobile application (MediMe).

What Data We Collect and Why

We collect the following types of personal and sensitive data:

• •Personal Information: Full name, phone number, email address, gender, date of birth, country of residence
• •Health Profile Data: Medical conditions, symptoms, medications, lab results, family medical history, allergies, treatment preferences
• •Treatment Information: Treatment requests, medical tourism preferences, hospital/doctor selections
• •Travel & Accommodation: Hotel reservations, travel dates, accommodation preferences
• •Payment Information: Credit card details, billing address, transaction history (processed securely through PCI-DSS compliant payment gateways)
• •Usage Data: Login times, features accessed, interactions with hospitals and agencies

Data Collection Purpose: We collect this data to:

• • Providing and improving our health tourism services
• • Matching patients with appropriate hospitals and treatments
• • Processing payments and managing transactions
• • Communicating with you about your treatment
• • Complying with legal and regulatory requirements
• • Detecting and preventing fraud

How We Store and Protect Your Data

Your privacy and security are our highest priorities.

Encryption & Security:

• •All personally identifiable information (PII) and protected health information (PHI) are encrypted using AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode)
• •Encryption occurs at rest and in transit
• •Encryption keys are managed separately from encrypted data
• •Only authorized personnel with proper access controls can decrypt data

Infrastructure & Hosting:

• •Data is stored on secure PostgreSQL servers hosted on Render.com
• •Render.com infrastructure includes automatic backups, redundancy, and DDoS protection
• •All servers are located in secure, certified data centers
• •We implement regular security audits and vulnerability assessments

Authentication & Access:

• •API authentication uses JSON Web Tokens (JWT) with secure cryptographic signatures
• •All API communications are encrypted over HTTPS (TLS 1.3)
• •Access to patient data is restricted based on user role and explicit permissions
• •We maintain detailed access logs for audit purposes

Third-Party Data Sharing

We only share your health information with:

• •Partner Hospitals: Your medical data is shared with hospitals you have selected for treatment evaluation, diagnosis, and treatment planning. This sharing is conditional on your explicit consent.
• •Partner Agencies: Travel agencies you work with receive relevant information for travel and accommodation coordination.
• •Service Providers: Our payment processors, hosting providers, and analytics services receive only the minimum data required for their functions.
• •Legal Compliance: We may disclose data if required by law, court order, or government request.

Data Retention Periods

We retain your data based on the following schedule:

• •Active Patient Data: Retained throughout your treatment journey and 3 years after final treatment completion for medical and legal purposes
• •Inactive Accounts: Data for accounts inactive for 24 months may be anonymized or deleted upon request
• •Payment Records: Retained for 7 years for tax and financial compliance
• •Access Logs: Retained for 1 year for security and audit purposes
• •Backup Data: Deleted automatically after 30 days following permanent deletion request

Your Privacy Rights

Under GDPR and international privacy laws, you have the following rights:

• •Right to Access: Request a copy of all personal data we hold about you
• •Right to Correction: Request correction of inaccurate or incomplete data
• •Right to Deletion: Request deletion of your data ("right to be forgotten")
• •Right to Data Portability: Request your data in a portable, machine-readable format
• •Right to Withdraw Consent: Withdraw consent for data processing at any time
• •Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at privacy@medexplore.health

GDPR Article 13/14 – Information to be Provided

As required by GDPR Articles 13 and 14:

• •Controller: MedExplore Health Technologies
• •Purpose: Provision of health tourism services, medical data analysis, treatment planning, and customer support
• •Legal Basis: Explicit consent for health data processing, contractual necessity for service delivery
• •Recipients: Partner hospitals, agencies, payment processors (as disclosed above)
• •Retention: As stated in Data Retention section
• •Rights: Your rights are listed in the "Your Privacy Rights" section above

Data Protection & Privacy Inquiries

For questions about your privacy, data protection concerns, or to exercise your rights: