Legal
Privacy policy
Last updated July 5, 2026
This is a template pending review by legal counsel.
Medical & Data Disclaimer
MedFind AI is an informational tool for licensed clinicians that helps identify potential referral facilities. It is not a medical device, does not provide medical advice, and does not replace independent clinical judgment.
Do not enter patient-identifying information or Protected Health Information (PHI) into MedFind AI. The Service is not HIPAA compliant, and we do not offer a Business Associate Agreement (BAA). Facility, insurance, hours, and availability data is sourced from third parties and AI web search and may be inaccurate, incomplete, or outdated — always verify directly with the facility and payer before relying on it.
1.Scope of this policy
This Privacy Policy explains how MedFind AI ("MedFind AI," "we," "us," or "our") collects, uses, and shares information in connection with the MedFind AI marketing site at medfindai.com and the MedFind AI application at app.medfindai.com (together, the "Service"). MedFind AI is an AI-powered referral and facility-finder built for clinicians and is currently offered as a proof-of-concept / beta. By using the Service, you agree to the practices described in this policy and in our Terms of Service.
2.No patient information (PHI)
MedFind AI is not intended to receive, and we do not want or knowingly store, Protected Health Information (PHI) or any information that identifies a specific patient. You must not enter patient names, dates of birth, contact details, medical record numbers, insurance member IDs, or any other patient-identifying information into search queries or any other field.
The Service is designed to be used with de-identified, general referral criteria only (for example, a specialty, a general clinical need, an insurance plan type, and a geographic area). You are solely responsible for ensuring that the information you submit does not contain PHI. If you believe PHI has been submitted to the Service, contact us immediately at privacy@medfindai.com.
3.Information we collect
We collect the following categories of information:
- Account information. When you create an account, we collect your email address and a password. Passwords are stored only in hashed (one-way encrypted) form; we cannot read your password.
- Search inputs. The search queries you enter (specialty, referral criteria, insurance/plan type, etc.) and the location you provide or allow the Service to use to return nearby facilities.
- Usage & session data. Basic technical and usage information such as session identifiers, features used, approximate device/browser information, and timestamps — collected through cookies and standard server logs.
- Communications. If you email us or submit a request, we receive the information you choose to provide.
We do not ask for, and ask that you do not provide, PHI or sensitive personal information beyond what is described above.
4.How we use information
We use the information we collect to:
- Provide, operate, and maintain the Service, including authenticating your account and returning facility results for your searches;
- Process your search inputs through third-party services (see Section 5) to generate results;
- Maintain security, prevent fraud and abuse, and debug and improve the Service;
- Respond to your inquiries and provide support; and
- Comply with legal obligations and enforce our Terms of Service.
5.Third-party services & data flows
To generate results, the Service transmits your search inputs (including the referral criteria and location you provide) to third-party providers that process that data on their own infrastructure and under their own privacy policies. These currently include:
- Google Maps Platform — used to identify and map facilities, distances, hours, and related place information. Data may be processed by Google under the Google Privacy Policy and applicable Maps Platform terms.
- Google Gemini (AI, including AI-powered web search) — used to interpret your referral request and to retrieve and summarize facility information such as insurance accepted, hours, and availability. Your query content may be processed by Google's generative AI and web-search systems under Google's applicable terms and privacy policy.
Because your search content is sent to these providers, you must not include PHI or patient-identifying details in your inputs. We do not control, and are not responsible for, the independent data practices of these third parties, and we encourage you to review their policies.
We may also use standard infrastructure and hosting providers (for example, cloud hosting and content delivery) that process data on our behalf under contractual confidentiality and security obligations.
6.Disclosure & no sale of data
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We may disclose information: (a) to the service providers described above who process it to operate the Service; (b) to comply with applicable law, legal process, or lawful government requests; (c) to protect the rights, safety, and security of MedFind AI, our users, or the public; and (d) in connection with a merger, acquisition, financing, or sale of assets, in which case we will seek to ensure the recipient honors this policy.
7.Cookies
We use cookies and similar technologies primarily for authentication and session management — to keep you signed in and to operate core functionality. We may also use limited cookies for security and basic, aggregate usage measurement. We do not use third-party advertising cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent you from signing in or using the Service.
8.Data retention
We retain account information for as long as your account is active and as needed to provide the Service. We retain search inputs, usage, and log data for a limited period for security, debugging, and operational purposes, after which we delete or de-identify it in the ordinary course, unless a longer period is required to comply with legal obligations, resolve disputes, or enforce our agreements. Because MedFind AI is a proof-of-concept, our retention practices may change as the Service evolves.
9.Your rights & choices
Depending on your location, you may have rights to access, correct, delete, or obtain a copy of certain personal information we hold about you, and to object to or restrict certain processing. You can update your account email in the app, and you may request access to or deletion of your personal information by emailing privacy@medfindai.com. We will respond consistent with applicable law. We may need to verify your identity before acting on a request, and some information may be retained where permitted or required by law.
10.Security
We use commercially reasonable, best-effort technical and organizational measures to protect information, including hashing of passwords and encryption in transit. However, no method of transmission or storage is completely secure, and we cannot and do not guarantee the absolute security of any information. You use the Service at your own risk and are responsible for maintaining the confidentiality of your account credentials.
11.Children's privacy
The Service is a professional tool intended for use by licensed clinicians and other authorized adults. It is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
12.International users
We operate the Service in the United States, and information we process may be stored and processed in the United States or other countries where we or our service providers operate. By using the Service, you understand that your information may be transferred to and processed in jurisdictions that may have different data-protection laws than those of your country.
13.Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after an update constitutes acceptance of the revised policy.
14.Contact us
Questions or requests regarding this policy or your information can be sent to privacy@medfindai.com.
See also our Terms of Service. Nothing in this policy is intended to create obligations beyond those required by applicable law.