MedPassBack home

Privacy Policy

Last updated: May 18, 2026

MedPass is built to protect patient health information. This policy explains what we collect, why we collect it, and the controls patients and clinics have over their data.

Information we collect

We collect only what's needed to power MedPass:

  • Account data: name, email, and role (patient, clinic staff, or admin).
  • Patient profile: demographics, allergies, medications, medical history, insurance, and emergency contacts that the patient chooses to add.
  • Clinic data: clinic name, specialty, staff list, and check-in activity.
  • Usage data: minimal logs needed to operate the service, detect abuse, and improve reliability.

How we use it

  • Show patients their profile and let them share it with a clinic at check-in.
  • Let authorized clinic staff view patients who have explicitly shared their profile.
  • Operate, secure, and improve the MedPass service.
  • Comply with legal obligations.

We do not sell patient data and we do not use it for advertising.

Sharing and access

A patient's profile is private by default. It is only visible to a clinic after the patient shares a one-time handoff code, and only the staff at that clinic can view it. Patients can revoke access at any time from their account.

Security

  • Data is encrypted in transit (TLS) and at rest.
  • Access is enforced at the database level via row-level security.
  • Clinic staff can only access patients linked to their clinic.
  • Administrative actions are recorded in an audit log.

MedPass is designed HIPAA-conscious, and we are happy to sign a Business Associate Agreement with eligible clinics on paid plans.

Your rights

Patients can, at any time:

  • View, edit, or export their profile.
  • Revoke a clinic's access.
  • Delete their account and associated personal data.

To exercise these rights, email info@medpass.app.

Data retention

We keep patient profile data for as long as the account is active. When an account is deleted, profile data is removed within 30 days, except where retention is required by law (for example, billing records).

Children's privacy

MedPass is intended for adults and for minors managed by a parent or legal guardian. We do not knowingly collect data from children without guardian consent.

Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app and reflected in the "Last updated" date above.

Contact

Questions about this policy or your data? Reach us at info@medpass.app or visit our contact page.