Privacy Policy
Effective June 11, 2026
Plain-language summary
We collect health-related information you choose to share so we can prepare your appointment materials, plus your email and purchase status. We encrypt saved letters, do not sell your data, and do not use your information to train public AI models. You can export or permanently delete your account at any time. Medvo is not a HIPAA-covered healthcare provider, but we treat health information with heightened care.
1. Who we are
Medvo operates a patient advocacy communication service. For privacy inquiries: hello@medvo.io.
2. Information we collect
- Intake conversation: During your browser session, your free intake is held locally and sent to our servers only when you generate a letter. If you sign in and choose to save, we store conversation summaries (title, story text, and review notes) for a limited period — see your account page for retention.
- Generated materials (stored): Advocacy letters, checklists, and follow-up outputs you pay to generate are saved to your account, encrypted at the application layer. For advocacy letters we also store an encrypted copy of the intake used to create them so you can regenerate on yearly plans.
- Account identifiers: Email address (from checkout or sign-in), internal user ID, session tokens, and audit metadata (actions, timestamps, IP — not letter body text in audit logs).
- Payment data: Purchase status, plan type, and Stripe identifiers. Card numbers are processed by Stripe and not stored by us.
- Technical data: Standard server logs, security signals, and error reports (configured not to include letter content).
3. How we use information
- Generate and store your appointment materials;
- Authenticate you and maintain your account;
- Process payments and prevent abuse;
- Run safety screening on inputs and outputs;
- Send transactional email (sign-in links, letter-ready notices);
- Maintain security, reliability, and legal compliance.
We do not sell personal information. We do not use your health information to train foundation models.
4. AI processing and subprocessors
Letter generation uses third-party AI and infrastructure providers acting on our instructions, including Anthropic (generation), Stripe (payments), email delivery (Resend or your configured SMTP), hosting/database (e.g. Railway), and optional safety/observability vendors (e.g. Lakera Guard, LangFuse). We configure tracing so symptom content is not sent to analytics where possible. A current subprocessor list is available on request.
5. Legal bases (EEA/UK)
Where GDPR/UK GDPR applies, we rely on: (a) contract — to provide the Service you request; (b) legitimate interests — security, fraud prevention, and service improvement balanced against your rights; (c) consent — where required for optional communications; and (d) legal obligation — where applicable.
6. Retention
Generated letters and account data are kept until you delete them or your account. Magic-link tokens expire in 15 minutes. Server logs rotate per hosting provider defaults. You control deletion — see below.
7. Your rights and choices
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing, and to lodge a complaint with a supervisory authority.
- Self-serve: Export JSON or delete your account on the account page.
- Email us: hello@medvo.io for other requests. We may verify your identity.
California (CCPA/CPRA): We do not sell or share personal information for cross-context behavioral advertising. You may request access, deletion, and correction as described above.
8. Security
We use encryption in transit (TLS), application-layer encryption for stored letter content, access controls, rate limits, and advocacy-lane output screening. No method is 100% secure; report concerns to hello@medvo.io.
9. Children and household profiles
You must be at least 18 to create a Medvo account. Family yearly plans let account holders prepare materials on behalf of family members they care for (including minors) using separate household profiles. We do not knowingly collect information directly from children who use the Service on their own without a parent or guardian account holder.
10. International transfers
If you access the Service from outside the United States, your information may be processed in the US and other countries where our providers operate. We use appropriate safeguards where required by law.
11. Changes
We will post updates here with a new effective date. Material changes to how we handle health information will be communicated clearly.
12. Contact
See also our Terms of Service.