Privacy Policy

Effective date: April 8, 2026. This policy explains what information MedReq processes, why it is processed, and how users can control that data.

1. Information We Process

Account data: email address, authentication identifiers, and session metadata.
Clinical input: symptoms, vitals, demographic context, and submitted assessment details.
System telemetry: request identifiers, rate-limit events, and operational metrics required for reliability and abuse prevention.

2. How Data Is Used

To provide health assessment workflows and structured recommendation outputs.
To secure the platform, including session verification, anomaly monitoring, and abuse controls.
To improve reliability through diagnostics and service-level quality monitoring.

3. Data Protection Controls

Access Security

Server-verified sessions, secure cookie controls, and route-level authorization checks protect account access.

Data Handling

Clinical records are stored with strict ownership checks and controlled read/write security rules.

4. Retention, Rights, And Contact

Data is retained only as needed for service operation, legal obligations, and user-requested continuity. Users may request account and data review or deletion in accordance with applicable law.

For privacy requests or concerns, contact the project owner through the repository security reporting channel documented in SECURITY.md.