1. Information We Collect

We collect the following types of information when you use our services:

• Registration information: name, medical specialty, email, and professional credentials.
• Patient data: medical information entered as part of your professional practice (medical history, clinical evolution, etc.).
• Usage data: interaction with app features, usage time, frequency, etc.
• Device information: device type, operating system, language, app version.

2. Use of Information

We use the collected information to:

• Provide, maintain, and improve our applications and services.
• Personalize the user experience.
• Develop new features based on collective usage patterns.
• Protect the security and integrity of our platforms.
• Comply with legal and regulatory requirements.
• Communicate with you about support, updates, or changes.

3. Protection of Patient Data

Medical data entered is protected by:

• Data encryption at rest and in transit (AES-256).
• Biometric and multi-factor authentication.
• Restricted access for authorized personnel only.
• Anonymization for scientific and technical use.
• Encrypted backups and storage on HIPAA- and GDPR-compliant servers.

4. Use of Anonymized Data for Research, Development, and Artificial Intelligence

Medical information entered may be irreversibly anonymized using techniques that prevent any possibility of re-identification (removal of personal identifiers, grouping by ranges, masking of dates and locations).

• Develop and train artificial intelligence models.
• Generate statistics and epidemiological studies.
• Improve our platforms and clinical features.
• Be licensed to third parties under ethical and controlled agreements, for scientific, academic, technological, or commercial purposes.

Under no circumstances will identifiable patient information be shared, and all processing will be carried out under the highest ethical, technical, and legal standards.

5. Regulatory Compliance

Our practices are aligned with major data protection regulations:

• General Data Protection Regulation (GDPR – European Union)
• Health Insurance Portability and Accountability Act (HIPAA – USA)
• Law 25.326 (Argentina)
• ISO 27001 (Information Security)

We also comply with local laws in the countries where we operate.

6. Information Sharing

We do not share personal or identifiable information except in the following cases:

• With technical providers under confidentiality agreements (e.g., servers, backups, encryption).
• With the express authorization of the professional user.
• When required by law or duly substantiated legal proceedings.

Anonymized data may be shared with third parties, always under contractual, ethical, and legal control.

7. Data Retention

We retain information according to the following criteria:

• Professional user data: as long as the account is active or as required by law.
• Clinical data: according to local medical record retention laws.
• Anonymized data: indefinitely, for scientific and technological improvement purposes.

8. User Rights

You have the right to:

• Access your personal data.
• Rectify incorrect information.
• Delete your account (subject to medical record regulations).
• Port your data to another system or provider.
• Restrict or limit certain processing.
• Object to the use of your data for specific purposes.

You can exercise these rights by contacting our Data Protection Officer (see section 10).

9. Information Security

We implement technical and organizational measures to protect data, including:

• Biometric and multi-factor authentication.
• End-to-end encryption.
• Continuous monitoring of incidents and audits.
• Ongoing staff training.
• Protocols for responding to security breaches.

10. Contact

To exercise your rights, make claims, or inquire about privacy: Data Protection Officer

privacidad@medtech.com

11. Changes to This Policy

We reserve the right to update this policy. Any relevant changes will be notified through:

• In-app message.
• Registered email.
• Prominent posting on our official website.