Sign Up
Legal

Privacy Policy

Last updated: February 2, 2026

Introduction

MyMedicalCabinet ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services.

By using MyMedicalCabinet, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use our services.

Information We Collect

Information You Provide

When you use MyMedicalCabinet, you may voluntarily provide:

  • Account Information: Email address, name, password, phone number
  • Medical Information: Medications, medical conditions, allergies, surgeries, family health history
  • Healthcare Provider Information: Doctor names, contact information, appointment details
  • Insurance Information: Insurance provider, plan details, member ID, group number
  • Documents: Medical records, test results, or other documents you choose to upload

Information Collected Automatically

We may automatically collect certain information when you use our service:

  • Device type and browser information
  • IP address (for security and rate limiting purposes)
  • Usage data (pages visited, features used)

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Send you medication reminders and appointment notifications (when enabled)
  • Check for potential drug interactions
  • Enable you to share your information with healthcare providers
  • Respond to your requests and provide customer support
  • Protect against fraud and unauthorized access
  • Comply with legal obligations

How We Protect Your Information

We implement robust security measures to protect your personal information:

  • Encryption at Rest: All data stored in our database is encrypted using AES-256 encryption via MongoDB Atlas
  • Encryption in Transit: All data transmitted between your device and our servers uses HTTPS with TLS 1.3
  • Password Security: Passwords are hashed using bcrypt and are never stored in plain text
  • Access Control: Your data is accessible only to you unless you explicitly share it
  • Rate Limiting: We protect against brute-force attacks with API rate limiting
  • Client-Side Processing: Insurance card scanning uses on-device OCR—images never leave your device

Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With Your Consent: When you use our sharing features to grant access to healthcare providers or caregivers
  • Service Providers: With third-party services that help us operate (e.g., email delivery via SendGrid, file storage via AWS S3)
  • Legal Requirements: If required by law, court order, or government request
  • Safety: To protect the rights, property, or safety of our users or the public

Third-Party Services

We integrate with the following third-party services to provide our features:

  • MongoDB Atlas: Database hosting with encryption at rest
  • AWS S3: Secure document storage
  • SendGrid: Email delivery for reminders and notifications
  • Google Calendar API: Calendar integration (when you connect your calendar)
  • RxNav (NIH): Drug information and interaction checking
  • NPI Registry (CMS): Healthcare provider verification

Each of these services has their own privacy policies. We only share the minimum information necessary to provide the requested functionality.

Your Rights and Choices

You have the following rights regarding your data:

  • Access: You can view all your stored information through your account
  • Correction: You can update or correct your information at any time
  • Deletion: You can delete individual records or request complete account deletion
  • Export: You can request a copy of your data
  • Notifications: You can enable or disable email reminders in your settings

To exercise any of these rights, please contact us at privacy@mymedicalcabinet.com

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

  • Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out: You have the right to opt-out of the sale of your personal information. Note: We do not sell your personal information
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights

To exercise any of these rights, please contact us at privacy@mymedicalcabinet.com or use the account deletion feature in your Settings. We will respond to your request within 45 days as required by law.

Categories of Personal Information Collected: Identifiers (name, email), medical information, commercial information (insurance details), and internet activity (usage data).

Do Not Sell My Personal Information: MyMedicalCabinet does not sell your personal information to third parties.

HIPAA Notice

MyMedicalCabinet is a personal health record (PHR) tool where you voluntarily enter your own health information. As such, we are not a "covered entity" under the Health Insurance Portability and Accountability Act (HIPAA).

However, we are committed to protecting your health information with the same rigor expected of HIPAA-covered entities. We use industry-standard encryption, access controls, and security practices to keep your data safe.

Children's Privacy

MyMedicalCabinet is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@mymedicalcabinet.com

Website: Contact Form