Privacy Policy

Last updated: April 14, 2026

iDoctor by Medivis (“iDoctor,” “we,” “us”) is a personal health knowledge graph and AI assistant. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services through messaging and the web portal at idoctor.com.

01

Information We Collect

Information You Provide

  • Account information — phone number, name, date of birth, sex, email address.
  • Health records — medications, lab results, conditions, observations, appointments, providers, vaccinations, and other health data you enter or upload.
  • Documents — PDFs, images, and other files you upload for processing.
  • Messages — conversations with iDoctor via messaging and the web chat.
  • Preferences — notification settings, timezone, check-in style, morning brief timing.
  • Emergency contact — name, phone, and relationship of your designated emergency contact.

Information We Collect Automatically

  • Session data — IP address, user agent, session timestamps for security and fraud prevention.
  • Usage data — feature usage patterns and interaction metrics. No health data in analytics.
  • Audit logs — records of data access and modifications for compliance and security review.

Connected Services (Optional)

  • Email integration — if you connect your email account, we search for health-related emails from lab portals, pharmacies, and providers. We only access emails matching specific health-related filters. Email content is processed and discarded; only extracted health data is retained.
02

How We Use Your Information

  • Provide personalized health assistance through AI-powered conversation.
  • Extract, organize, and display your health records in the portal.
  • Generate proactive health reminders and morning briefs.
  • Detect medical emergencies and direct you to appropriate resources.
  • Process and bill your subscription.
  • Improve service quality and reliability.
  • Comply with legal obligations.

We never sell your personal or health information. We never use your health data for advertising.

03

AI Processing

iDoctor uses artificial intelligence to understand your messages, interpret health records, and generate personalized responses. Your messages and health context are sent to our AI processing provider for analysis.

We do not train AI models on your conversations, health data, or any personal information. Our AI provider does not retain your data for model training under our agreement.

Image Analysis

When you send a photo via iMessage, the image is analyzed by our AI provider's vision capabilities alongside your text message. Images may be used to provide contextual health information (e.g., identifying a medication from a label, estimating nutritional content of food, or describing a skin concern for you to discuss with your doctor). Image URLs are stored in your conversation history.

Image analysis is not a diagnostic tool. iDoctor does not diagnose conditions from images. Any observations are educational only. Always consult a qualified healthcare provider.

iDoctor is not a medical device and does not provide diagnoses, treatment recommendations, or emergency medical care. AI responses are educational and informational. Always consult your healthcare provider for medical decisions.

04

Messaging Communication

iDoctor can communicate with you via text messaging through third-party messaging infrastructure. Messages containing health information are transmitted over encrypted messaging networks that Medivis does not operate or control.

By using iDoctor via messaging, you acknowledge that health information may be transmitted through third-party networks, and that anyone with access to your device may be able to read these messages. You may choose to receive health information only through the secure web portal at idoctor.com at any time by updating your preferences in Settings.

05

Data Storage and Security

Encryption at rest
All data stored in encrypted cloud-hosted databases.
Encryption in transit
All connections use TLS 1.2 or higher.
Document storage
Documents stored in encrypted cloud object storage.
Authentication
Phone-based one-time passwords with cryptographic hashing.
Session security
Tokens cryptographically hashed before storage.
Integration tokens
Third-party tokens AES-256-GCM encrypted at rest.
Audit trail
Immutable logs maintained for compliance and security review.
Log hygiene
No protected health information (PHI) in application logs.
06

Data Sharing

We share data only with the following categories of service providers, under appropriate contractual protections including Business Associate Agreements where required by HIPAA:

AI processing provider
Your messages and health context are sent for generating responses. Our provider does not use your data for model training.
Messaging infrastructure
Message content transmitted through our delivery provider for sending and receiving messages.
Cloud infrastructure
Data stored and processed on encrypted cloud infrastructure hosted in the United States.
Payment processor
Billing and subscription management. No health data shared.
Email integration (optional)
If connected, health-related emails accessed through the provider API. Only extracted data retained.

We do not share your data with any other third parties except as required by law. A detailed list of our service providers is available upon request for enterprise customers and compliance auditors.

07

iDoctor Family

iDoctor Family allows you to share health information with other iDoctor users you designate as family members (spouse, parent, child, sibling, caregiver, etc.).

Explicit consent
Both sides must explicitly consent before any data is shared.
Bidirectional
When linked, both parties can view each other's data.
Granular permissions
Control which categories are shared: medications, conditions, labs, appointments, goals, observations.
Revocable anytime
Either party can remove the link at any time, immediately revoking all access.
Audit trail
Every cross-patient data view is logged and auditable.
Read-only
Family members can view but never modify your health records.

Your conversation history, messages with iDoctor, and private notes are never shared with family members. Family members see a summary view of your health data only.

08

Proactive Messaging and Reminders

iDoctor may send you proactive messages via iMessage, including:

  • Medication reminders — daily reminders at times you choose. You are always asked before any reminder is set.
  • Morning health briefs — daily summaries of relevant health information.
  • Refill alerts — notifications when medication refills are approaching.
  • Appointment follow-ups — check-ins after scheduled appointments.

Medication reminders are never enabled without your explicit confirmation. You can opt out of any proactive messaging at any time by telling iDoctor to stop, or by adjusting your preferences in the portal.

09

Your Rights and Controls

Access
View all your health data in the portal at any time.
Export
Download a complete copy of your data as JSON from Settings.
Correction
Edit any health record in the portal.
Deletion
Delete your account from Settings. Soft deletion immediately; permanent after 30 days.
Email disconnect
Revoke email access at any time. Tokens immediately deleted and revoked.
Session management
View and revoke active sessions from Settings.
Family access
Add or remove family members and adjust per-category sharing permissions at any time.
Reminders
Enable, disable, or change medication reminder times via iMessage or the portal.
10

Data Retention

  • Active accounts — data retained for the life of the account.
  • Deleted accounts — soft-deleted immediately, permanently purged after 30 days.
  • Dormant accounts — accounts inactive for 24 months may be deactivated with 30 days advance notice via email or messaging.
  • Audit logs — info-level retained 90 days; warning/critical retained for compliance (up to 7 years).
  • Sessions and OTP codes — expired entries automatically purged daily.
11

Children

iDoctor is not intended for use by individuals under 18. We do not knowingly collect information from minors.

12

Breach Notification

In the event of a breach of unsecured protected health information, we will notify affected individuals without unreasonable delay and no later than 60 days after discovery. Notification will include:

  • A description of the breach and the date(s) it occurred.
  • The types of information involved.
  • Steps you should take to protect yourself.
  • What we are doing to investigate, mitigate, and prevent future occurrences.
13

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via messaging or the portal. Continued use after changes constitutes acceptance.

12

Your Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us at privacy@medivis.com or with the U.S. Department of Health and Human Services Office for Civil Rights at 1-877-696-6775 or hhs.gov/hipaa/filing-a-complaint. We will not retaliate against you for filing a complaint.

14

Contact

For privacy questions or data requests, contact us at privacy@medivis.com.