Privacy Policy

Last Updated: October 28, 2025

1. Introduction

This Privacy Policy explains how Cenovis LLC ("we", "us", "our") collects, uses, stores, and protects your personal and health information when you use the MediScan mobile application ("App").

By using MediScan, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

• Account Information: Email address, full name, password (encrypted)
• Profile Details: Age, date of birth, gender, blood type, weight, height
• Contact Information: Emergency contact name and phone number, doctor's name and phone

2.2 Health Information

• Medical History: Allergies, chronic diseases, current medical conditions
• Medication Data: Scanned medication images (via camera), OCR-extracted text from medication packages
• Scan Results: AI analysis results, detected substances, safety scores, potential interactions
• Treatment Records: Current medications, dosage, frequency, prescription history
• Reminders: Medication reminder preferences and history

2.3 Technical Information

• Device Information: Device model, operating system version, unique device identifiers
• Usage Data: App interactions, features used, scan frequency, session duration
• Camera Data: Photos of medication packages (stored temporarily for OCR processing)

3. How We Use Your Information

3.1 Primary Uses

• Core Functionality: Process medication scans, perform AI analysis, detect drug interactions, provide safety alerts
• Personalization: Match medications against your allergies and medical conditions, customize alerts based on your health profile
• History & Tracking: Maintain your scan history, track medication adherence, generate reports
• Reminders: Send medication reminder notifications

3.2 Secondary Uses

• App Improvement: Analyze usage patterns to improve features, optimize performance
• Support: Respond to your questions and support requests
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. Data Storage & Security

4.1 Where We Store Your Data

• Database: PostgreSQL database hosted on secure European servers (Supabase infrastructure)
• Location: Frankfurt, Germany (EU jurisdiction - GDPR compliant)
• Backup: Automated daily backups on encrypted storage

4.2 Security Measures

• Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption (HTTPS)
• Encryption at Rest: Database encrypted using industry-standard AES-256 encryption
• Password Security: Passwords are hashed using bcrypt with salt
• Access Control: Strict access controls limit who can access your data
• Infrastructure Security: Firewalls, DDoS protection, regular security audits

4.3 Data Retention

• Active Account: Data retained as long as your account is active
• Deleted Account: Data permanently deleted within 30 days of account deletion request
• Legal Holds: Data may be retained longer if required by law or for legitimate business purposes (e.g., fraud prevention)

5. Data Sharing & Disclosure

5.1 We DO NOT Share Your Data With:

• ❌ Pharmaceutical companies
• ❌ Insurance companies
• ❌ Marketing agencies
• ❌ Data brokers
• ❌ Social media platforms

5.2 Limited Sharing Scenarios

We may share your data ONLY in these specific circumstances:

• Service Providers: Trusted third-party services that help us operate the app (e.g., cloud hosting, email service). These providers are contractually bound to protect your data.
• Legal Requirements: If required by law, court order, or government request
• Safety: To protect the rights, property, or safety of Cenovis LLC, our users, or the public
• Business Transfer: In the event of a merger, acquisition, or sale of assets (you will be notified)

5.3 Anonymous Data

We may aggregate and anonymize data (removing all personal identifiers) for research, statistics, or improving AI models. This anonymized data cannot be linked back to you.

6. Your Rights (GDPR & Privacy Rights)

Under GDPR and other privacy laws, you have the following rights:

6.1 Right to Access

• Request a copy of all personal data we hold about you
• Available via in-app "Export Data" feature (PDF or JSON format)

6.2 Right to Rectification

• Correct inaccurate or incomplete data
• Update your profile anytime in the app

6.3 Right to Erasure ("Right to be Forgotten")

• Request deletion of all your data
• Process: Settings → Account → Delete Account
• Data permanently deleted within 30 days

6.4 Right to Data Portability

• Export your data in a machine-readable format (JSON)
• Transfer your data to another service

6.5 Right to Object

• Object to certain data processing activities
• Contact us at: privacy@cenovisllc.com

6.6 Right to Withdraw Consent

• Withdraw consent for data processing at any time
• Note: Some features may no longer be available

7. Children's Privacy

MediScan is designed for use by adults (18+) managing medications for themselves or their families.

• The app is NOT directed at children under 13
• We do not knowingly collect data from children under 13
• If you are a parent using MediScan to manage your child's medications, YOU are the data controller for your child's health information
• If we discover we have collected data from a child under 13, we will delete it immediately

8. International Data Transfers

Your data is primarily stored in the European Union (Frankfurt, Germany). If you access MediScan from outside the EU:

• Data transfers comply with GDPR requirements
• We use Standard Contractual Clauses (SCCs) approved by the European Commission
• Your data receives the same level of protection as in the EU

9. Cookies & Tracking Technologies

MediScan is a native mobile app and does NOT use cookies. However, we may use:

• Analytics: Usage analytics to improve the app (aggregated, non-personal data)
• Crash Reporting: Anonymous crash logs to fix bugs
• Local Storage: Data stored locally on your device for offline functionality

You can opt out of analytics in Settings → Privacy → Analytics.

10. Third-Party Services

MediScan integrates with the following third-party services:

10.1 Supabase (Database & Authentication)

• Purpose: User authentication, data storage
• Location: EU servers (Frankfurt)
• Privacy Policy: https://supabase.com/privacy

10.2 Google ML Kit (OCR)

• Purpose: Extract text from medication photos
• Processing: On-device (photos never sent to Google)
• Privacy Policy: https://policies.google.com/privacy

10.3 OpenMed API (Medication Analysis)

• Purpose: AI-powered medication interaction detection
• Location: Our own servers (155.133.26.6 - EU)
• Data Sent: OCR-extracted text ONLY (no personal data)

10.4 Stripe (Payment Processing)

• Purpose: Process subscription payments (Premium/Professional plans)
• Data Shared: Email, payment card details (tokenized)
• Privacy Policy: https://stripe.com/privacy
• Note: We never store your full credit card number

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be communicated via:

• In-app notification
• Email to registered users
• Updated "Last Updated" date at the top of this policy

Continued use of MediScan after changes constitutes acceptance of the updated policy.

12. Contact Us

13. Supervisory Authority

If you are located in the EU/EEA and believe we have not addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

Swiss Federal Data Protection and Information Commissioner (FDPIC):
Website: https://www.edoeb.admin.ch

European Data Protection Board (GDPR):
Website: https://edpb.europa.eu

MediScan by Cenovis LLC
Helping families manage medications safely with AI-powered technology
© 2025 Cenovis LLC. All rights reserved.