Privacy Policy for MediSummary

Last Updated: May 21, 2026

This Privacy Policy is incorporated by reference into the MediSummary Terms of Service. It explains how MediSummary ("Company," "we," "us," "our") — a product of ODAKCO, LLC — collects, uses, discloses, and processes your personal information when you:

Use the MediSummary mobile application (iOS and Android).
Visit our website at medisummary.com, or any other website of ours that links to this Privacy Policy (collectively the "Website" or "Services").
Interact with us in other related ways, including through marketing communications, product sales, or events.

By accessing or using our Services, you agree that you have read, understood, and accept our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree, you must not use our Services.

If you have any questions or concerns about this policy or our practices, please contact us at:

Email: [email protected] Address: MediSummary (ODAKCO, LLC) 1111B S Governors Ave, STE 7896 Dover, DE 19904

1. Who We Are

MediSummary is a U.S.-based organization under ODAKCO, LLC, focused on helping physicians and healthcare professionals work more efficiently. Our AI-powered platform includes tools for paper summarization, audio recaps, AI-powered clinical note-taking, presentation generation, literature review, study mode, quick research discovery, an English coaching feature, and a 16-week specialty learning accelerator, among others.

For users located in the European Economic Area ("EEA"), the legal entity responsible for processing your personal data (i.e., the "data controller" under the General Data Protection Regulation or "GDPR") is ODAKCO, LLC.

2. Information We Collect

We collect both personal information (information that identifies you or makes you identifiable) and non-personal information (information that does not identify you directly).

2.1. Personal Information You Provide

You may provide personal information in various ways:

Account Registration: Name, email address, phone number, username, and password (on the website). On the mobile app, sign-in uses your email address and a one-time passcode (OTP) — we do not use passwords in the mobile app.
Professional Information: Medical specialty, professional role, country of practice, and other information you provide during onboarding or profile setup.
Purchases (website only): Payment details (e.g., credit card information, billing address) are processed by our third-party payment processor (Stripe) when you subscribe on our website. We do not store your complete credit card details. The mobile app does not offer in-app purchases and does not collect payment card data.
Communications: When you contact us (via email or contact form), we may store the content of your message, your contact details, and any other information you choose to provide.
User-Submitted Content: PDFs, documents, or other files you upload to the Service for processing.

2.2. Voice and Audio Data (AI Note Taker)

The AI Note Taker is designed to assist healthcare professionals with clinical documentation, including SOAP notes and patient encounter summaries. When you use this feature, we collect:

Voice recordings made through your device microphone during or after clinical interactions.
Transcriptions of those recordings, generated by third-party speech-to-text providers.
Structured notes derived from those transcriptions by our AI systems (e.g., SOAP format, encounter summaries).

Your responsibilities as the clinician: As the healthcare professional using this tool, you are the legally responsible party in your patient relationship. You are responsible for obtaining any patient consent required by applicable law before recording any clinical interaction. MediSummary does not manage or obtain patient consent on your behalf.

HIPAA and equivalent regulations: If you are a covered entity or business associate under HIPAA (or subject to equivalent regulations in your jurisdiction) and wish to use the AI Note Taker in contexts involving Protected Health Information (PHI), please contact us at [email protected] to discuss a Business Associate Agreement (BAA). Using the feature without a BAA where one is legally required is your responsibility.

Audio retention: Voice recordings are transmitted to third-party AI transcription providers (such as Deepgram) for processing. Raw audio recordings are not permanently stored on MediSummary servers after transcription is complete. Transcribed text and structured notes are retained in your account until you delete them or close your account.

2.3. Mobile Application (iOS and Android)

When you use the MediSummary mobile app, we collect and process the following:

Sign-in: Your email address and one-time passcode (OTP) to authenticate your account.
Local storage: Access and refresh tokens are stored in your device's secure storage (e.g., iOS Keychain / Android Keystore via secure storage APIs) to keep you signed in between sessions.
Microphone: Used only when you choose to record voice notes. Background audio mode may keep recording active when the app is backgrounded.
File uploads: PDFs you select from your device are uploaded to our servers for summarization.
Chat queries: Text you send in the in-app research chat is processed by our AI providers.
No in-app purchases: Subscriptions are managed outside the mobile app (on our website). The mobile app does not sell subscriptions and does not collect payment information.
Account deletion: You may delete your account from Settings → Delete Account in the app. This permanently removes your papers, notes, chat history, and other personal content from our servers (your account record may be anonymized for billing audit purposes).
No website tracking in the app: The mobile app does not use browser cookies, PostHog, Microsoft Clarity, Google Analytics, or Facebook Pixel.

2.4. Information Automatically Collected

When you use or access our Services, we automatically collect certain information about your device and usage:

Device & Log Information: IP address, browser type, operating system, device type, device settings, and time zone. When you use the mobile app, our servers may log standard request metadata (such as IP address and mobile OS version) for security, authentication, and troubleshooting.
Usage Data: Dates and times you access our Services, pages visited, features used, links clicked, and other actions taken in connection with our Services.

2.5. Cookies and Tracking Technologies (Website Only)

The following applies to our website only, not the MediSummary mobile application.

We use cookies, web beacons, and similar technologies on our website to provide, customize, and improve our Services. Cookies are small text files stored on your device to help websites remember information about you.

You can control the use of cookies at the browser or device level. If you choose to disable cookies, it may affect certain features or services of our site.

Analytics and Session Recording: We use the following third-party analytics and product improvement tools, which may collect behavioral data about how you interact with our site:

PostHog — product analytics, feature flags, and A/B testing. PostHog may record which features you interact with and how. See PostHog's Privacy Policy.
Microsoft Clarity — session recording and heatmap analysis. Clarity records mouse movements, clicks, and scrolling behavior to help us understand how users use the site. See Microsoft's Privacy Statement.
Google Analytics — aggregate traffic and engagement measurement. See Google's Privacy Policy.
Facebook Pixel — advertising measurement and retargeting (on production environment only). See Meta's Privacy Policy.

These tools operate under their own privacy policies. By using our website, you consent to data collection by these tools in accordance with their respective policies. These tools are not used in the mobile app.

3. How We Use Your Information

We process your personal information for the following purposes:

Service Provision and Account Management
- To create, maintain, and secure your account (including mobile sign-in via OTP).
- To process transactions (payments, subscriptions, refunds) via our payment partners on the website. Subscription status is checked when you sign in to the mobile app; billing is not handled in the app.
AI Feature Processing
- To transmit your uploaded documents, voice recordings, and queries to third-party AI infrastructure providers (such as OpenAI, Anthropic, or Google) to generate summaries, transcriptions, notes, presentations, and other outputs.
- See Section 5 for more details on third-party AI providers.
Customer Support and Communication
- To respond to inquiries, troubleshoot, and address technical issues.
- To send you important updates or administrative messages (e.g., changes to policies, service-related notices).
Service Improvement and Analytics
- To analyze usage trends and measure how users interact with our Services.
- To optimize performance, develop new features, and refine existing functionalities.
- We may use anonymized or aggregated data from user uploads and interactions to improve our AI models. We do not use personally identifiable patient data for training.
Marketing and Promotional Activities
- To send you promotional information and marketing communications (when permitted by law or based on your consent).
- You can unsubscribe from these communications by following the "unsubscribe" link in the email or by contacting us directly.
Legal Compliance and Protection
- To comply with applicable laws, regulations, or legal processes.
- To protect our rights, investigate fraud, and enforce our Terms of Service or other legal agreements.

4. Legal Bases for Processing (EEA Visitors)

If you are in the EEA, we rely on the following legal grounds for the processing of your personal information:

Consent: Where you have given consent (e.g., to receive marketing communications, or to use voice recording features).
Contractual Necessity: Where processing is necessary to perform our contract with you (e.g., to provide Services you request).
Legitimate Interests: For our legitimate interests (e.g., to improve our products, prevent fraud), except where overridden by your interests or fundamental rights.
Legal Obligations: Where processing is required to comply with our legal obligations.

5. Third-Party AI Providers

To deliver AI-powered features, MediSummary sends certain user-submitted content to third-party AI providers. This may include:

Uploaded PDF documents (for summarization and chat features)
Voice recordings and transcriptions (for the AI Note Taker)
Text queries (for AI Chat and other AI features)

These providers — which may include companies such as OpenAI, Anthropic, Google, and Deepgram (for speech-to-text transcription of voice notes) — process your data under their own terms of service and privacy policies. MediSummary configures these integrations to minimize data retention by these providers where possible, but we cannot guarantee their data handling practices. By using AI-powered features, you consent to your content being processed by these providers.

We recommend you do not submit content containing personally identifiable patient information to any AI feature.

We may share your personal data with:

Service Providers — Third parties that help us operate our business and Services (e.g., Stripe for website payments, cloud hosting providers, website analytics providers, speech-to-text providers such as Deepgram, and AI processing providers). These providers process data only as instructed and on our behalf.
Third-Party AI Providers — As described in Section 5 above.
Business Transfers — In connection with any merger, sale of assets, financing, or acquisition of all or a portion of our business by another company.
Legal Requirements — If required by law or to protect our rights, property, or safety (e.g., responding to court orders or law enforcement requests).
Affiliates — We may share information with our corporate affiliates, but only if necessary and consistent with this Privacy Policy.

We do not sell or rent your personal information to third parties for their own marketing purposes.

7. Data Retention

We retain your personal information for as long as needed to:

Provide our Services to you;
Fulfill the purposes outlined in this Privacy Policy;
Comply with legal obligations;
Resolve disputes;
Enforce our agreements.

Voice recordings from the AI Note Taker are not permanently retained on our servers after transcription processing is complete. Transcribed text and structured notes are retained as part of your account until you delete them or close your account.

When we no longer require your personal data for these purposes, we will securely delete or anonymize it.

8. Data Security

We have implemented commercially reasonable technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Payment data is processed exclusively through Stripe on our website and is not stored on MediSummary servers. Authentication tokens in the mobile app are stored using your device's secure storage APIs. However, no internet-based service can be completely secure. Therefore, we cannot guarantee absolute security of your information.

9. International Data Transfers

If you use our Services from outside the United States, be aware that your information may be transferred, stored, or processed in the United States or other jurisdictions where our service providers are based. These countries may not have the same data protection laws as your home country. If required by applicable law, we implement appropriate safeguards (such as Standard Contractual Clauses) to ensure your personal information remains protected.

10. Children's Privacy

Our Services are not directed to, nor do we knowingly collect information from, children under 18. If we discover that we have inadvertently collected personal information from a child under 18, we will take appropriate measures to promptly delete such information.

11. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information, including the right to:

Access the personal information we hold about you;
Request Correction of your personal data if it is inaccurate or incomplete;
Request Deletion of your personal data;
Withdraw Consent where our processing is based on your consent;
Object to Processing or request we limit the processing of your personal data;
Data Portability: Under certain circumstances, you may request a copy of your personal data in a structured, commonly used, and machine-readable format.

To exercise any of these rights, please email [email protected]. Mobile app users may also delete their account directly from Settings → Delete Account in the app. We will respond to your request in accordance with applicable data protection laws.

12. California Privacy Rights

If you are a California resident, you are granted certain rights regarding access to your personal information under the California Consumer Privacy Act ("CCPA") and California's "Shine the Light" law. These may include:

Right to Know the categories and specific pieces of personal information we have collected about you, and the categories of sources from which the personal information is collected;
Right to Delete personal information we have collected from you;
Right to Opt-Out of certain sales or disclosures of personal information (if applicable);
Right to Non-Discrimination for exercising your privacy rights.

For any such requests, please contact [email protected]. Note that some information may be exempt from these requests under state law.

13. Do Not Track Signals

Most browsers and some mobile operating systems include a "Do Not Track" (DNT) feature. We do not currently respond to DNT signals. You can use your browser settings to block cookies or control some online tracking.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we do, we will notify you (e.g., by posting a notice on our site or sending you an email). Your continued use of our Services after those changes become effective indicates that you have read, understood, and agreed to the current version of this Privacy Policy.

15. Contact Us

If you have questions, concerns, or comments about this Privacy Policy or our data practices, please contact us:

Email: [email protected] Mailing Address: MediSummary (ODAKCO, LLC) 1111B S Governors Ave, STE 7896 Dover, DE 19904