Privacy Policy
Effective Date: February 26, 2026
Last Updated: February 26, 2026
Introduction
MedKitt ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use the MedKitt Clinical Decision Support Progressive Web Application ("MedKitt," "the App," or "our Service").
MedKitt is a client-side only Progressive Web Application designed for licensed healthcare professionals. We have architected our application with privacy by design principles, minimizing data collection and ensuring that sensitive information remains under your control.
🔒 Privacy-First Architecture
MedKitt operates entirely client-side. We do not operate servers that store your data, and no patient information or Protected Health Information (PHI) is collected, transmitted, or stored by our systems.
Information We Collect
We collect only the minimum information necessary to provide and improve our Service. The types of information we collect are:
1. Information Stored Locally (LocalStorage)
MedKitt uses your browser's LocalStorage to store the following data locally on your device only:
- Session State: Your acknowledgment of legal disclaimers and terms of service
- UI Preferences: Display settings, theme preferences, and interface customizations
- Application State: Recently viewed consults, favorites, and navigation history within the App
- Offline Caching: Clinical content cached for offline access (no PHI included)
Important: This data never leaves your device. We do not have access to your LocalStorage data, and it cannot be accessed by our servers or third parties.
2. Email Communications (Idea Board Submissions)
When you voluntarily submit feedback, feature requests, or ideas through our Idea Board submission form, we collect:
- Email Address: To respond to your submission if necessary
- Message Content: Your feedback, suggestions, or reported issues
- Submission Timestamp: Date and time of your submission
- Device Information: Browser type and operating system (for technical support purposes only)
3. Technical Information (Anonymous)
We may collect limited, anonymized technical information to improve App performance:
- Error logs and crash reports (no personally identifiable information)
- Anonymous usage patterns (e.g., most-accessed consults, feature usage)
- Performance metrics (page load times, responsiveness)
What We Do NOT Collect
🚫 Prohibited Data Collection
MedKitt explicitly does NOT collect, store, or process:
- Patient identifiers (names, medical record numbers, dates of birth)
- Patient identifiers or health records of any kind
- Clinical data entered by users
- Geolocation data
- Contacts or personal directories
- Biometric data
- Payment or financial information
How We Use Your Information
| Information Type | Purpose of Use | Legal Basis |
|---|---|---|
| LocalStorage Data | App functionality, session persistence, UI preferences | Legitimate interest (user experience) |
| Email Address | Responding to feedback, sending updates (with consent) | Consent |
| Idea Board Content | Product improvement and feature development | Legitimate interest |
| Anonymous Analytics | Performance optimization and error correction | Legitimate interest |
Data Retention
LocalStorage Data
Data stored in your browser's LocalStorage persists until you:
- Clear your browser cache and site data
- Uninstall the Progressive Web App
- Explicitly delete data through your browser settings
Email Submissions
Idea Board submissions and associated email addresses are retained for:
- Active Period: 24 months from submission date
- After 24 months: Anonymized for statistical analysis or deleted upon request
Anonymous Technical Data
Anonymized analytics and error logs are retained for up to 36 months to support long-term performance analysis and improvement.
Data Sharing and Third Parties
🛡️ No Third-Party Data Sharing
We do not sell, rent, trade, or otherwise transfer your personal information to third parties. We do not share your data with:
- Advertising networks or data brokers
- Social media platforms
- Analytics providers that track individual users
- Healthcare institutions or employers
- Government agencies (except as required by law)
Limited Service Providers
We may use the following categories of service providers, who are bound by contractual obligations to protect your data:
- Email Service Providers: For processing Idea Board submissions and responses (e.g., secure email gateways)
- Hosting Providers: For serving the static PWA files (no access to LocalStorage data)
- Error Tracking Services: For anonymous error reporting (no personally identifiable information)
Legal Requirements
We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas). However, given our minimal data collection practices, such disclosures would be limited to:
- Idea Board submission records (email address and message content only)
- No patient data or PHI exists to disclose
Data Security
We implement appropriate technical and organizational measures to protect your information:
Security Measures
- Content Security Policy (CSP): Strict CSP headers prevent unauthorized script execution and data exfiltration
- HTTPS Encryption: All communications between your device and our servers are encrypted using TLS 1.3
- No Server-Side Storage: LocalStorage data never transits to our servers, eliminating server-side breach risks
- Subresource Integrity: External resources are validated to prevent tampering
- Regular Security Audits: Periodic review of application security posture
Your Responsibilities
As MedKitt operates on your device, you are responsible for:
- Securing your device with appropriate authentication (PIN, password, biometrics)
- Keeping your operating system and browser updated
- Not using MedKitt on shared or public devices for accessing sensitive consults
- Clearing browser data if you sell or transfer your device
⚠️ Security Limitations
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. However, our client-side only architecture significantly reduces attack vectors compared to traditional web applications.
Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Access and Portability
You can access your LocalStorage data at any time through your browser's developer tools. Since LocalStorage data is stored locally, you have complete control and visibility.
Deletion Rights
You may request deletion of your personal information:
- LocalStorage Data: Clear your browser cache or site data for MedKitt
- Idea Board Submissions: Email us at privacy@medkitt.example.com to request deletion of specific submissions
Correction Rights
If you believe any information we hold about you is inaccurate, you may request correction by contacting us.
Consent Withdrawal
You may withdraw consent for email communications at any time by:
- Clicking the "unsubscribe" link in any email
- Contacting us directly at privacy@medkitt.example.com
How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@medkitt.example.com. We will respond to your request within 30 days.
Children's Privacy
MedKitt is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.
International Data Transfers
MedKitt is developed and operated in the United States. If you access MedKitt from outside the United States:
- Your LocalStorage data remains on your device and is not transferred internationally
- Idea Board submissions may be processed and stored in the United States
- By submitting information through the Idea Board, you consent to transfer of that information to the United States
We do not currently transfer personal data to countries outside the United States other than as described above.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting the updated policy in the App. We will notify users of material changes through:
- A notice banner in the App
- Email notification (for users who have submitted Idea Board feedback)
- Updated effective date at the top of this policy
Your continued use of MedKitt after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@medkitt.example.com
Address:
MedKitt Privacy Office
123 Healthcare Plaza, Suite 500
Medical City, Texas 12345
United States
We aim to respond to all privacy-related inquiries within 5 business days.