Privacy
Privacy Policy
This page describes the production v1 posture for MedAfter clinic accounts, patient photos, and saved consult records.
What MedAfter handles
MedAfter handles clinic account information, uploaded patient photos, generated simulation results, optional patient contact details entered after consent, usage records, and billing-related metadata.
Where patient data lives
Patient photos, generated results, and consented patient contact sidecars are stored on Google Cloud infrastructure configured for the MedAfter PHI path. Supabase is used for clinic accounts, auth, credits, billing state, and non-PHI routing metadata.
MedAfter's patient email posture is link-only: no patient photos, treatment details, or health details belong in email bodies. Clinic auth emails are sent through the verified MedAfter domain.
Retention
Unsaved consults hard-delete after the temporary consult window. Consented saved consults remain in the clinic record until the clinic deletes them or directs MedAfter to delete them.
Clinic responsibility
Clinics are responsible for obtaining patient consent, using MedAfter only for appropriate patients and jurisdictions, and responding to patient requests as the Covered Entity or care provider.
Patient requests
Patients should contact their clinic for access, amendment, deletion, or other record requests. MedAfter assists the clinic when MedAfter maintains the relevant record.
Security
MedAfter uses access controls, signed URLs, audit logging, private object storage, server-side AI calls, and least-privilege cloud access for the PHI path.