Privacy Policy

When you register, we collect the information necessary to create and manage your account:

• Full name and email address (required for account creation)
• Password (stored as a one-way cryptographic hash; we never store your plain-text password)
• Google OAuth profile data if you sign in via Google (name, email, profile picture URL, and Google account ID)
• Specialty, role, or profession you declare during onboarding (e.g. medical student, resident, attending physician)
• Account preferences and notification settings

As you interact with the Platform, we automatically record information about your activity:

• Pages visited, features used, and navigation paths through the Platform
• Timestamps of actions (session start/end, query submission, file upload)
• Subscription tier, plan changes, and billing events
• Feature flags and A/B test variants assigned to your account
• Error events and diagnostic data generated when the Platform encounters a fault

The core function of MediXGPT involves sending messages to AI language models. When you use the chat features, we store:

• The text content of messages you send (your queries and prompts)
• AI-generated responses returned to you
• The AI model selected for each session
• Response length preference settings
• Feedback you submit (helpful / not helpful ratings and optional comments)
• Session titles, tags, and any notes you attach to a conversation
• Follow-up question selections

If you use file upload features (DICOM images, lab report PDFs, reference documents), we store:

• The file itself, uploaded to Vercel Blob cloud storage
• File metadata: original filename, file size, MIME type, and upload timestamp
• A reference linking the file to the chat session in which it was used
• DICOM tag data extracted during automated anonymization processing

Payments are processed entirely by Razorpay, a PCI-DSS compliant payment gateway. We do not receive or store your full card number, CVV, or bank account credentials. We do retain:

• Razorpay subscription ID, order ID, and payment ID (for reconciliation and support)
• Payment status (success, failed, pending, refunded)
• Subscription plan purchased, amount, and currency
• Billing timestamps and renewal dates
• The last four digits of a card or UPI VPA, if provided by Razorpay in its webhook payload, for display in your billing history

When you access MediXGPT, your browser or device automatically transmits technical information:

• IP address (used for rate limiting, fraud detection, and approximate geolocation at the country/state level)
• Browser type, version, and rendering engine
• Operating system and device type (desktop, tablet, mobile)
• Screen resolution and viewport dimensions
• Preferred language settings
• Referring URL (the page you visited before arriving at MediXGPT)
• Time zone

• Authenticating your identity and maintaining your session
• Routing your queries to the appropriate AI model and returning responses
• Storing and displaying your chat history and uploaded files
• Enforcing your subscription's usage limits and feature access
• Processing payments and managing your subscription lifecycle

• Aggregating anonymized usage patterns to identify popular features and detect underperforming areas
• Analyzing error logs and performance metrics to improve reliability
• Evaluating AI model quality and response accuracy at an aggregate level
• Conducting internal research to develop new educational features

• Remembering your preferred AI model, response length, and UI settings
• Surfacing relevant follow-up suggestions based on the current conversation topic
• Organizing your chat sessions with automatically generated titles and tags

• Initiating and verifying Razorpay subscription payments
• Upgrading or downgrading your account role upon payment confirmation
• Generating billing records for your account history
• Handling refund requests and subscription cancellations

• Sending transactional emails (account creation, email verification, password reset)
• Notifying you of subscription renewals, failed payments, or plan changes
• Informing you of material changes to these policies
• Responding to support requests you initiate
• Sending product update announcements (you may opt out at any time)

• Detecting and preventing unauthorized access, abuse, and fraudulent activity
• Enforcing rate limits to protect platform availability for all users
• Logging safety classification events (queries flagged as potentially involving real patients) for audit purposes
• Complying with legal obligations, including responding to lawful government requests

MediXGPT does not operate its own large language models. When you submit a query, your message text (and any attached context such as a system prompt, conversation history, or uploaded file content) is transmitted over an encrypted connection to OpenRouter, an AI model routing service, which then forwards the request to one of the underlying model providers (such as OpenAI, Anthropic, Google DeepMind, Meta, Mistral AI, or others depending on the model you select).

• The text of your query and the conversation history included in the prompt context window
• Any file content (e.g. extracted DICOM metadata or document text) that is included in the prompt
• A system prompt describing the educational context of MediXGPT
• Technical parameters such as model name, temperature, and maximum token count

Third-party AI providers do not receive your name, email address, account ID, or payment information as part of the inference request. However, your IP address may be visible to OpenRouter at the network level.

Each provider in the AI processing chain has its own privacy policy and data handling practices. By using MediXGPT you acknowledge that your query content is subject to the terms of OpenRouter and the applicable downstream model provider. We recommend reviewing their policies:

• OpenRouter: openrouter.ai/privacy
• OpenAI: openai.com/privacy
• Anthropic: anthropic.com/privacy
• Google: policies.google.com/privacy

Beyond AI model providers, MediXGPT integrates the following services, each of which may process certain data:

• Vercel — Platform hosting and edge network. Processes request logs and may cache responses. (vercel.com/legal/privacy-policy)
• Neon — Serverless PostgreSQL database hosting. Stores all structured application data. (neon.tech/privacy)
• Razorpay — Payment processing. Handles all financial transactions. (razorpay.com/privacy)
• Google OAuth — Optional sign-in provider. Data sharing governed by Google's policies if you choose this sign-in method.
• Sentry — Application error monitoring. May capture stack traces and request context when errors occur. (sentry.io/privacy)

When you upload a DICOM file through the chat interface, the following steps occur:

• The file is transmitted over an encrypted HTTPS connection to our API
• An automated anonymization process attempts to remove or replace common identifying DICOM tags (patient name, patient ID, date of birth, institution name, accession number, and others defined in the DICOM PS3.15 E.1 Basic Application Level Confidentiality Profile)
• The processed file is stored in Vercel Blob cloud storage with a randomly generated, non-guessable URL
• DICOM pixel data and selected metadata are made available to the AI model for educational analysis
• A reference to the stored file is saved in your chat session record in the database

By uploading a DICOM file or any medical image, you represent and warrant that:

• The file does not contain any protected health information (PHI) or personally identifiable information (PII) belonging to any real patient
• You have performed or commissioned appropriate de-identification prior to upload, independent of any processing MediXGPT may apply
• You have the legal right and institutional authorization to upload and share the image content for educational purposes
• The upload does not violate any patient consent agreement, data use agreement, or applicable law

Uploaded files are stored in Vercel Blob. Files are retained for the duration of your account and for a reasonable period thereafter. You may request deletion of specific files or all uploaded content by contacting ayush@medixgpt.com. Vercel Blob stores data in data centers operated by Vercel and their cloud infrastructure partners.

• Structured data (accounts, sessions, messages, subscriptions): PostgreSQL database hosted on Neon's serverless platform, with primary infrastructure in AWS data centers.
• Uploaded files (DICOM, PDFs, images): Vercel Blob object storage, distributed across Vercel's global edge network.
• Application sessions: Encrypted session tokens stored in HTTP-only cookies in your browser.

All data transmitted between your browser and MediXGPT's servers is encrypted using TLS 1.2 or higher. All connections to third-party services (database, blob storage, AI providers, payment processor) use encrypted connections. We do not transmit personal data over unencrypted channels.

Neon encrypts database storage at rest using AES-256. Vercel Blob encrypts stored objects at rest. Passwords are hashed using bcrypt with an appropriate work factor before storage; we cannot recover your plain-text password.

We implement technical and organizational security measures appropriate to the sensitivity of the data we process, including:

• Role-based access controls limiting who can access user data internally
• API authentication and authorization on all data access endpoints
• Rate limiting to mitigate brute-force and denial-of-service attacks
• Dependency vulnerability scanning and prompt patching of known security issues
• Application error monitoring via Sentry to detect anomalous behavior

MediXGPT uses HTTP-only, secure, same-site cookies to maintain your authenticated session. These cookies are strictly necessary for the Platform to function and cannot be disabled without preventing you from logging in. They are automatically deleted when your session expires or you sign out.

Some user preferences (such as selected AI model, response length setting, and UI theme) are stored in your browser's localStorage. This data remains on your device and is not transmitted to our servers except when needed to initialize a request.

We may use privacy-respecting analytics tools to collect aggregate data about how the Platform is used. Where such tools are used, we configure them to:

• Anonymize IP addresses before storage
• Disable cross-site tracking and fingerprinting
• Respect Do Not Track browser signals
• Not share data with advertising networks

We do not use advertising trackers, retargeting pixels, or third-party behavioral profiling cookies. We do not share your data with advertising networks, data brokers, or marketing platforms for advertising purposes.

We retain your personal data, chat history, and uploaded files for as long as your account exists. This allows you to access your conversation history and settings across devices and sessions. You may delete individual chat sessions at any time from within the Platform.

You may request deletion of your entire account and associated personal data at any time by emailing ayush@medixgpt.com with the subject line “Account Deletion Request” from the email address registered to your account. We will process your request within 30 days. Upon deletion:

• Your account profile and authentication credentials will be permanently deleted
• Your chat sessions and message history will be deleted from our primary database
• Uploaded files in blob storage will be removed
• Aggregated, anonymized analytics data derived from your usage may be retained as it cannot be attributed to you

Notwithstanding the above, we are required by applicable financial and tax regulations to retain billing records (subscription transactions, payment IDs, amounts, and dates) for a period of seven years from the date of the transaction. These records contain minimal personal data (email address and transaction details) and are kept in restricted-access storage.

If your account has been inactive (no login) for a continuous period of 24 months, we may send you a notice and subsequently delete your account and associated data if you do not respond or log in within 30 days of the notice. We will always notify you before taking this action.

You have the right to request a copy of the personal data we hold about you. We will provide this in a structured, commonly used format within 30 days of a verified request.

If the personal data we hold is inaccurate or incomplete, you have the right to request correction. You can update most account information directly from your profile settings. For information you cannot update yourself, contact us and we will make the correction within a reasonable time.

You have the right to request deletion of your personal data, subject to limitations described in Section 7 (Data Retention & Deletion). We will honor deletion requests that do not conflict with our legal obligations or legitimate business interests.

You may request an export of your chat history and account data in a machine-readable format (JSON). The Platform also provides an in-app export feature for individual conversations. Contact us to request a comprehensive data export.

Where our processing of your data is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. Withdrawing consent to essential processing (such as authentication session cookies) will prevent you from using the Platform.

To exercise any of the rights above, contact us at ayush@medixgpt.com from the email address registered to your account. We may need to verify your identity before processing your request. We will respond within 30 days; if your request is complex or numerous, we may extend this period by a further 30 days with notice.

MediXGPT is subject to the Digital Personal Data Protection Act, 2023 (“DPDPA”) of India. We process personal data of Indian residents in compliance with the obligations applicable to Data Fiduciaries under the DPDPA.

We process your personal data on the following grounds under the DPDPA:

• Consent: You provide informed consent at account creation for the data processing described in this Policy.
• Contractual necessity: Processing your account data, chat queries, and payment information is necessary to fulfill the service agreement between you and MediXGPT.
• Legitimate uses: Processing for purposes such as fraud prevention, security, and legal compliance.

In our role as Data Fiduciary under the DPDPA, we commit to:

• Collecting only the personal data necessary for the stated purposes
• Maintaining the accuracy and completeness of personal data
• Implementing reasonable security safeguards to prevent unauthorized access or breach
• Notifying the Data Protection Board of India and affected users in the event of a personal data breach, as required
• Not retaining personal data beyond the period necessary for the stated purpose
• Honoring the rights of Data Principals (users) as outlined in Section 10