Privacy Policy — Medtsy (Medignify LIMITED)

1. Introduction

Medignify LIMITED ("we", "us", or "our") operates the mobile application "Medtsy" and related websites at https://medignify.com, https://medtsy.app (together, the "Services"). The purpose of our Privacy Policy is to explain what data we process, how it is used and shared, and how you can control it. We never share health related personal data with third parties without your consent. Please read it carefully; by using our Services you agree to the terms described here.

2. Controller and contact

Data Controller: Medignify LIMITED

Registered address: Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy, Central, Hong Kong S.A.R

General contact email: info@medignify.com

Data Protection Officer (DPO): Contact us at the address above for privacy inquiries.

3. Scope and acceptance

By using the Services you accept the terms of this Privacy Policy. If you do not agree, do not use the Services. This Policy covers personal data collected via our mobile app, website, APIs and customer support channels.

4. Key definitions

• Personal data / personal information: any information relating to an identified or identifiable natural person.
• Health data / special category data: information about an individual's physical or mental health, medications, treatment plans, symptoms, biometric measurements, and related information.
• Services: means our mobile application(s), websites, and related features including any connected smart products or devices.
• PHI: protected health information as defined under U.S. HIPAA (where applicable).

5. Information we collect

We collect information you provide directly and information collected automatically. Categories include:

• Account and identity data: name, email address, username, password.
• Health and treatment data: medication names, medications photos, dosages, schedules, symptom logs, measurements, treatment plans, scanned medication plans, adherence logs.
• Device and technical data: device identifiers, operating system, app version, crash logs, IP address, mobile advertising ID, browser type.
• Usage data: features used, timestamps, analytics events.
• Communication data: customer support messages, chat logs (including AI-assistant interactions).
• Location data: approximate location (IP-based) and precise device GPS data only where you grant permission.
• Other: survey responses, feedback, optional profile fields.

6. Health data and special category data

Because our Services support health and medication management, we will process health-related personal data when you use the health features. Processing of health data requires explicit consent where applicable. You must not provide another person's health data without their consent. We will use health data only to provide the Services you request (e.g., reminders,

medication tracking, AI-search), to improve the Services as permitted by law, or as otherwise described in this Policy.

7. Legal bases for processing (EU/UK users)

Where GDPR/UK GDPR applies, we rely on the following legal bases:

• Consent: for core health functionality where explicit consent is required, for AI-assisted features, and for marketing where applicable.
• Performance of a contract: to provide Services you have requested (e.g., account creation, medication reminders).
• Legitimate interests: for operations, product improvement, fraud prevention, security, and aggregated analytics, provided your rights are not overridden.
• Legal obligations: to comply with applicable laws, safety reporting, or law enforcement requests.

8. How we use your information

We use personal data for the following purposes:

• To provide, operate, and maintain the Services (including synchronisation across devices and backup restoration).
• To enable health and medication management features (reminders, adherence logging, treatment scheduling, medications logging).
• To power search-related AI features and a general AI assistant. We use third-party AI providers (OpenAI, Groq, Meta) for these features. We will obtain your explicit consent before transmitting any content you provide to an AI provider. Do not include sensitive health details in free-text AI queries unless you consent to that transmission. AI outputs are for informational purposes only and are not a substitute for professional medical advice.
• We do not sell AI inputs or outputs. AI responses are generated by third parties and may be retained by those providers under their terms; you should review the privacy policies of the applicable AI provider(s).
• To send service messages and notifications (e.g., reminders, system messages).
• To analyse and improve our Services, including using analytics providers and crash-reporting tools.
• To detect, investigate, and prevent fraudulent or illegal activity, security incidents, or abuse.
• To comply with legal obligations and protect vital interests as required.

9. Sharing and recipients

We may disclose personal data to the following categories of recipients:

• Service providers and sub-processors (hosting, analytics, crash reporting, messaging, email delivery). Current vendors include: Hosting: elest.io (EU); Analytics/Crash: Crashlytics, PostHog.
• Professional advisors, auditors, and legal counsel.
• Law enforcement, courts, or regulators where required by law or to protect rights and safety.
• Successors in connection with business transfers such as mergers, sales or reorganisations.

We do not sell personal information for advertising or profit.

10. Data retention

We retain personal data only as long as necessary for the purposes described or as required by law. Current retention scheme:

• Account data: retained while account is active and up to 12 months after account deletion or prolonged inactivity.
• Health records and treatment history: retained as necessary to provide the Service while the account exists; specific data may be deleted on request subject to safety constraints.
• Logs and analytics: retained between 6 and 36 months depending on log type.

If you request deletion, we will delete or anonymise your personal data except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

11. Data subject rights

Subject to verification and applicable law, you may have rights to:

• Access and obtain a copy of your personal data;
• Correct inaccurate or incomplete data;
• Request deletion;
• Restrict or object to processing;
• Withdraw consent where processing is based on consent.

To exercise these rights contact us at info@medignify.com. We will verify requests before acting to prevent abuse.

12. Security

We implement reasonable technical and organisational measures to protect personal data, including encryption, access controls, logging and vulnerability management. Our hosting partner is elest.io (EU region). No system is completely secure; if we become aware of a security incident affecting your data we will notify you and regulators as required by law.

13. Minors and age restrictions

The Services are intended for users aged 18 or older. We do not knowingly collect personal data from individuals under the minimum age. If we learn that we have collected data from someone under 18 without valid consent, we will take steps to delete it.

14. Changes to this Policy

We may update this Privacy Policy. Material changes will be communicated via the app or email where required. The "Last updated" date at the top reflects the most recent version.

15. Additional legal notes

• Marketing and advertising: we do not sell personal information. For marketing communications we rely on consent and provide opt-out methods.
• Third-party links and services: the app may contain links to third-party services with separate privacy policies; we are not responsible for their practices.
• Liability and disclaimers: AI outputs are informational only and do not constitute medical advice. Always consult a qualified medical professional for medical decisions.

16. Contact and notice

If you have questions, want to exercise rights contact:

Medignify LIMITED

Address: Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy, Central, Hong Kong S.A.R

Email: info@medignify.com

ACKNOWLEDGMENTS

By using our Services, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, use and disclosure of your personal information as described herein, subject to your rights to withdraw consent where applicable.