Privacy Policy

1. Overview

MediBear Life ("we", "our", or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, process, and protect your information when you use the MediBear Life mobile app and related services (the "App").

By using MediBear Life, you agree to this Privacy Policy. If you do not agree, please discontinue use of the App.

2. Information We Process

We only process information that is necessary for the App to function and to help you manage your health and medications. Our philosophy is privacy-first and data minimization.

a. Information You Provide

• Images you upload — such as photos of prescriptions, doctor notes, or health monitor readings
• Manually entered data — such as medication names, schedules, dosages, and health metrics (blood pressure, glucose, weight, etc.)
• Health vitals and symptoms — tracked locally on your device for your personal records

b. Automatically Collected Data

We collect limited technical information necessary to operate the App, such as:

• Device type and operating system version
• App version and crash diagnostics
• Anonymous usage analytics (aggregated, non-identifiable)

Important: All health data, medication logs, and vitals tracking are stored locally on your device. We do not store this information on our servers.

3. How We Use Your Information

We process uploaded images only for the purpose of analyzing and converting medical information into structured data (for example, identifying medicines or extracting vital signs from health monitor readings).

Specifically:

• Uploaded images are sent securely and temporarily to our AI processing backend via encrypted connections
• Data is processed in memory only and never stored after generating results
• Results are returned to your device for display and saving locally within the app
• Processing typically completes within seconds, after which the image is immediately discarded

We do not:

• Store, retain, or log your uploaded images
• Use your images for AI model training
• Sell or share your data with third parties for marketing
• Track your location or personal identity
• Require account creation or login credentials

4. AI Processing and Third-Party Services

We use trusted service providers to power our AI and infrastructure:

• OpenAI (USA) — for AI processing of images into structured JSON outputs using vision models
• Railway (USA) — for secure API hosting and encrypted data transmission

Both services comply with GDPR and Australian Privacy Act requirements, use TLS 1.3 encryption, and do not use customer API data for model training.

Each image is processed only once, transiently, and is immediately discarded after completion. Our API does not log or retain any health information.

5. Legal Basis for Processing

We rely on your explicit consent to process health-related images and information, as required under:

• EU General Data Protection Regulation (GDPR)
• Australian Privacy Act and OAIC Guidelines
• US Health Insurance Portability and Accountability Act (HIPAA) principles where applicable

You provide this consent during the onboarding sequence in the App and may withdraw it at any time by discontinuing use of the image upload features or uninstalling the App.

6. Data Retention

We follow strict data minimization and non-retention principles:

• Uploaded images are not stored — processed transiently and immediately discarded
• Processed outputs are returned directly to your device and stored locally only
• Diagnostic logs contain no personal or health information
• Local device storage — all your health data, medications, and vitals remain on your device with full encryption

If you uninstall the App, all locally stored data is permanently deleted from your device. We have no copies or backups.

7. Your Rights

Depending on your location, you may have the following rights:

• Access — to see what limited data we process (transient image analysis only)
• Correction / Erasure — you may delete app data stored locally on your device at any time
• Withdrawal of Consent — you can stop using the app or disable image uploads in settings
• Data Portability — export your health records as PDF from the app
• Right to Object — you can object to any processing by discontinuing use

For EU/EEA residents: you can contact us to exercise GDPR rights at privacy@medibear.life.

8. Security Measures

We implement industry-standard security practices:

• TLS 1.3 encryption for all network communications
• End-to-end encryption for data in transit between your device and our API
• Local device encryption using iOS Keychain and Android Keystore for sensitive data
• Encryption keys and API secrets are securely stored in cloud secret vaults (Railway Secrets)
• Principle of least privilege — only necessary components can process your data
• No password storage — the app requires no login or authentication

9. Children's Privacy

MediBear Life is not intended for children under 16 years of age. We do not knowingly collect or process data from minors without verified parental consent.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@medibear.life.

10. International Data Transfers

Our infrastructure may process data in the United States or other countries that may not have identical privacy laws as your jurisdiction. We rely on Standard Contractual Clauses (SCCs) and adequate safeguards for such transfers.

All data transfers occur over encrypted channels, and no health data is stored on international servers — only processed transiently.

11. Analytics and Diagnostics

We collect anonymous, aggregated analytics to improve the App experience, such as:

• Feature usage statistics (e.g., how many users scan prescriptions)
• Crash reports and error diagnostics (containing no personal or health data)
• App performance metrics (load times, battery usage)

These analytics are collected via privacy-respecting tools and cannot be linked back to individual users.

12. Changes to Your Data

Since all your health data is stored locally on your device:

• You have full control to view, edit, or delete any information at any time
• You can export your data as PDF reports for medical appointments
• No cloud sync means you own your data completely
• Uninstalling the app permanently deletes all local data

13. Contact Us

If you have questions, concerns, or requests regarding privacy, contact us at:

Email: privacy@medibear.life
Support: support@medibear.life
Address: MediBear Life, Demo Labs Pty Ltd, Melbourne, Australia

14. Updates to This Policy

We may update this Privacy Policy periodically to reflect new features, regulations, or best practices. We will notify users in-app and on our website when significant changes occur.

The "Effective Date" at the top of this policy indicates when it was last updated. Continued use of the App after changes constitutes acceptance of the updated policy.

15. Regulatory Compliance

MediBear Life is designed to comply with:

• GDPR (EU General Data Protection Regulation)
• Australian Privacy Act and OAIC Guidelines
• CCPA (California Consumer Privacy Act)
• HIPAA principles (though we are not a HIPAA-covered entity)

Our privacy-first, offline-first architecture minimizes compliance risks by design — we simply don't store health data we don't need.