1. Information We Collect

We collect the following types of information:

• Registration data: name, specialty, email, professional credentials.
• Patient data: clinical information entered as part of professional practice.
• Usage data: feature interactions, session length, frequency.
• Device data: device type, OS, language, app version.

2. Use of Information

We use collected data to:

• Provide and improve services.
• Personalize the user experience.
• Develop new features.
• Ensure platform security.
• Comply with regulations.
• Communicate updates and support.

3. Protection of Patient Data

Patient data is protected by:

• AES-256 encryption (at rest and in transit).
• Biometric and multi-factor authentication.
• Restricted access for authorized staff only.
• Secure backups on HIPAA/GDPR-compliant servers.

4. Use of Anonymized Data

Patient data may be irreversibly anonymized (removal of identifiers, grouping, masking of dates/locations).

• Train AI models.
• Produce statistics and epidemiological studies.
• Improve platform functionality.
• Be licensed to third parties for scientific, academic, or commercial purposes under ethical controls.

Note: Identifiable data will never be shared.

5. Regulatory Compliance

We comply with:

• GDPR (EU)
• HIPAA (USA)
• Law 25.326 (Argentina)
• ISO 27001 (Information Security)

6. Information Sharing

We do not share identifiable data except:

• With technical providers under confidentiality agreements.
• With explicit authorization from the professional user.
• When legally required.

Anonymized datasets may be shared under strict contractual and ethical safeguards.

7. Data Retention

We retain data according to:

• Professional user data: while the account is active or as required by law.
• Clinical data: according to medical record laws in each country.
• Anonymized data: may be retained indefinitely.

8. User Rights

You have the right to:

• Access, rectify, or delete your personal data.
• Request portability of your data.
• Restrict or object to certain processing.
• Delete your account (subject to local record-keeping laws).

To exercise rights: privacy@medtech.com

9. Security Measures

We implement security measures including:

• End-to-end encryption.
• Continuous monitoring and audits.
• Incident response protocols.
• Ongoing staff training in data protection.

10. Changes to This Policy

We may update this Privacy Policy. Changes will be notified via:

• In-app messages.
• Email.
• Website notices.