MedKeep
Contact
Home/Privacy Policy

Privacy Policy

MedKeep is built on a single principle: your health data belongs to you alone. This policy explains exactly what we collect, what we don't, and how your information is protected.

Effective date: January 1, 2026 Last updated: June 1, 2026 Version 1.0

The short version: Your health records are encrypted on your device with AES-256 before anything is stored or synced. We cannot read your documents. We do not sell your data. Ever.

1. Overview

MedKeep ("we," "our," or "us") operates the MedKeep mobile application for iOS and Android (the "App"). We provide a private, encrypted space for individuals and families to organize personal health records, including medications, vitals, doctor visits, lab results, and documents.

This Privacy Policy describes how we handle information when you use MedKeep. By using the App, you agree to the practices described in this Policy. If you do not agree, please stop using the App and delete it from your device.

MedKeep is a personal organization tool. It is not a medical device, does not provide medical advice, and is not intended for clinical use. Always consult a qualified healthcare professional about medical decisions.

2. Information We Collect

Information you store in the App

All health data you enter, including family member profiles, medications, vitals readings, doctor visit notes, lab results, and uploaded documents, is stored locally on your device and encrypted with AES-256 before it is ever written to storage or transmitted anywhere.

This includes: names, dates of birth, blood types, allergy information, medication names and dosages, vital sign readings, physician names, diagnoses, treatment notes, and any photos or PDF documents you upload.

Automatically collected technical information

We collect minimal technical data to operate and improve the App:

  • App version number and crash reports (anonymised, no health data included)
  • Device type and operating system version (e.g., iPhone, iOS 18)
  • General usage analytics such as feature interaction counts (no health data, no personal identifiers)
  • In-app purchase receipts (processed by Apple App Store or Google Play)

What we do NOT collect

  • The content of your health records, documents, or notes
  • Your name, email address, or contact information (unless you contact us for support)
  • Precise location data
  • Information from your contacts, microphone, or camera beyond what you explicitly upload
  • Any data shared with third parties for advertising purposes

3. How We Use Information

We use the limited information we collect only to:

  • Provide, maintain, and improve the App
  • Diagnose crashes and technical errors to improve stability
  • Understand which features are used most so we can prioritise improvements
  • Process subscription payments through the App Store or Google Play
  • Respond to support requests you send us directly

We do not use your data for advertising, profiling, or any commercial purpose beyond operating the App.

4. Encryption and Security

MedKeep uses a zero-knowledge architecture. Your encryption key is generated on your device and never leaves it. We literally cannot read your health records.

On-device encryption

All health data is encrypted using AES-256(Advanced Encryption Standard with a 256-bit key) before being written to your device's local storage. The encryption key is derived from your device passcode or biometric lock using a secure key derivation function (PBKDF2 with a random salt). The key is never stored in plain text and never transmitted off your device.

Secure transmission

Any data transmitted between the App and our servers (such as anonymised crash reports) is protected using TLS 1.2 or higher. We enforce certificate pinning in the App to prevent interception.

Device security

The security of your vault also depends on the security of your device. We recommend using a strong device passcode or biometric lock, keeping your operating system up to date, and not sharing your device passcode with others.

5. Sharing and Disclosure

We do not sell, rent, trade, or share your personal data with third parties for commercial purposes. Period.

We may share limited information only in these circumstances:

  • Service providers: We use a small number of trusted third-party services to operate the App (such as crash reporting). These providers receive only anonymised, non-health technical data and are contractually prohibited from using it for any other purpose.
  • Legal requirements: We may disclose information if required by law, court order, or governmental authority. Given our zero-knowledge architecture, we can only provide the encrypted ciphertext, which is unreadable without your key.
  • Business transfers: In the event of a merger, acquisition, or sale of all or part of our assets, your data would remain subject to the protections described in this Policy and you would be notified.
  • With your explicit consent: For any other sharing, we will ask for your permission first.

6. Data Retention

Your health data lives on your device. You are in full control of it. When you delete a record, member, or document within the App, it is permanently deleted from your device. When you delete the App, all locally stored data is removed.

If you use optional encrypted backup or sync features, you can delete your cloud backup at any time from the App settings. Upon account deletion, all server-side encrypted data is purged within 30 days.

Anonymised crash reports and analytics data are retained for up to 12 months, after which they are automatically deleted.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal data. Because MedKeep is built with a zero-knowledge architecture and stores health data only on your device, you already exercise most of these rights directly through the App:

  • Access: Your data is always accessible to you in the App.
  • Export: You can export a PDF summary of any family member's records at any time, offline, directly from the App.
  • Correction: You can edit or update any record at any time.
  • Deletion: You can delete any record, member, or your entire vault at any time.
  • Portability: Your data is yours. Export it whenever you like.
  • Opt-out of analytics: You can disable anonymous analytics in App Settings.

For any rights requests related to data we hold (such as crash reports), contact us at privacy@medkeep.app.

8. Children's Privacy

MedKeep allows users to create health profiles for children as part of a family vault managed by a parent or guardian. The App is intended for use by adults (18+) on behalf of family members, including minors.

We do not knowingly collect personal information directly from children under 13. The health data of family members is stored locally and encrypted on the primary user's device. If you believe we have inadvertently collected information from a child without parental consent, please contact us at privacy@medkeep.app and we will take immediate steps to address it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through a prominent in-app notice before the change takes effect and, where required by law, seek your consent.

The date at the top of this Policy indicates when it was last revised. Your continued use of the App after changes are posted constitutes your acceptance of the updated Policy.

10. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or how we handle your data, please reach out:

We aim to respond to all privacy-related enquiries within 5 business days.

Not for clinical use. MedKeep is a personal health records organizer, not a medical device. It does not provide medical advice, diagnosis, or treatment recommendations. Always consult a qualified healthcare professional about your health.