Privacy Policy
Last updated: see effective date inside the policy.
PRIVACY POLICY
A3HCS, doing business as MedPlate Effective Date: May 12, 2026
This Privacy Notice describes how A3HCS, doing business as MedPlate ("we," "us," or "our"), collects, uses, stores, and shares your personal information when you use the MedPlate web application at https://medplate.io (the "Service").
By using the Service, you agree to the practices described in this Privacy Notice. Questions? Contact us at niteshmd@medplate.io.
Summary of Key Points
- We collect your email, name, and medication list at registration
- Meal and grocery photos are processed by AI to identify foods for interaction screening
- Your medication list is sensitive health data. We do not sell it or use it for advertising
- Payment is processed by Stripe. We do not store full card numbers
- You may review, update, or delete your data at any time
1. What Information We Collect
Personal Information You Provide
- Name and email address at registration
- Username and password or social media login credentials
- Medications and supplements on your personal medication list (sensitive health data)
- Photos of meals and grocery items submitted for scanning
- Billing information for paid subscriptions (processed and stored by Stripe; we do not store full card numbers)
- Contact preferences and account settings
Information Collected Automatically
- IP address, browser type, and operating system
- Pages accessed, features used, and session duration
- Log and usage data for security and diagnostics
- Cookies and similar tracking technologies (see Cookie Policy)
Sensitive Information
Your medication list constitutes health data, which is a sensitive category of personal information under applicable law. We process this data solely to provide interaction screening and with heightened security protections. We do not use health data for advertising, profiling, or sale.
AI-Derived Information
- Foods and ingredients identified from your meal or grocery photos (via AI image recognition)
- Severity-coded food-drug interaction alerts generated by cross-referencing identified foods against your medication list
- Scan usage data (scans performed, remaining quota under your plan)
2. How We Process Your Information
We process personal information to:
- Create and manage your account
- Provide the core Service: AI-powered food identification and food-drug interaction screening
- Generate and display severity-coded interaction alerts
- Manage subscription billing and scan quota
- Send transactional communications (account notices, billing receipts, security alerts)
- Improve the accuracy of our food recognition models and interaction database
- Comply with applicable legal and regulatory obligations
We process your information only when we have a valid legal basis: performance of a contract (providing the Service), your consent, or a legitimate interest (security, fraud prevention, service improvement).
3. AI-Based Products. Food Recognition and Interaction Screening
MedPlate's core features are powered by AI technologies, including food image recognition and interaction database matching. We use AI Service Providers, which may include Anthropic and OpenAI, to process food photo inputs and generate identification outputs. Your meal or grocery photos and derived food identification data may be shared with AI Service Providers for this purpose.
Your medication list is not transmitted to AI Service Providers for food recognition purposes. Interaction screening is performed by cross-referencing AI-identified foods against our curated database and your stored medication list.
You may opt out of AI feature usage by contacting us at niteshmd@medplate.io, though this will substantially limit Service functionality.
4. Sharing Your Information
We do not sell your personal information. We share information only in the following limited circumstances:
- Service providers: Vendors supporting our infrastructure (cloud hosting, payment processing via Stripe, analytics, AI processing) under strict data processing agreements
- AI Service Providers: For food image recognition as described in Section 3
- Legal compliance: When required by law, valid legal process, or regulatory authority
- Business transfers: In the event of a merger or acquisition, users will be notified in advance
- With your consent: For any purpose you explicitly authorize
Medication list data is never shared with insurers, employers, pharmaceutical manufacturers, data brokers, or government agencies except as required by law.
5. Social Media Logins
We offer optional registration and login using social media accounts (such as Google or Facebook). If you use this option, we receive limited profile information from your social media provider (such as name and email address), which we use only for account authentication. We are not responsible for how your social media provider collects or uses your information.
6. Cookies and Tracking Technologies
We use cookies and similar technologies for session management, security, analytics, and service improvement. We do not use advertising or behavioral tracking cookies. See our Cookie Policy for full details.
You can control cookies through your browser settings, though disabling essential cookies may impair Service functionality.
7. Data Retention
- Account and profile data: Retained while your account is active plus 30 days after deletion
- Medication list: Deleted within 7 days of account termination
- Scan photos and history: Retained up to 12 months or until you delete them
- Billing records: Retained for 7 years as required by financial law
- Usage and diagnostic logs: Retained up to 12 months
8. How We Keep Your Information Safe
We implement reasonable administrative, technical, and physical safeguards, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256 or equivalent)
- Role-based access controls limiting internal access to personal data
- Regular security assessments and vulnerability reviews
- Multi-factor authentication options for account access
No electronic transmission or storage system is guaranteed to be 100% secure. If we become aware of a breach affecting your data, we will notify you as required by applicable law.
9. Your Privacy Rights
Depending on your location, you may have the right to:
- Access: Obtain a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your account and personal data
- Portability: Receive your data in a structured, machine-readable format
- Opt-out of sale/sharing: MedPlate does not sell personal data
- Limit sensitive data use: Request that we limit use of your health data beyond core Service functions
- Withdraw consent: Where processing is based on consent, you may withdraw at any time
To exercise any right, submit a request to niteshmd@medplate.io. We will respond within 30 days.
10. United States Residents. Additional Privacy Rights
If you are a resident of California, Colorado, Connecticut, Virginia, or other U.S. states with comprehensive privacy laws, you have additional rights as described above, including the right to appeal our decision if we decline your request. Appeals may be submitted to niteshmd@medplate.io. If your appeal is denied, you may file a complaint with your state attorney general.
Categories of personal information collected in the past 12 months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Email address, username, IP address | YES |
| B. Personal information (CA Records statute) | Name, contact information, billing address | YES |
| C. Protected classification characteristics | Age (for eligibility verification only) | NO |
| D. Commercial information | Subscription history, billing records | YES |
| E. Biometric information | Fingerprints, voiceprints | NO |
| F. Internet/network activity | Pages viewed, features used, session data | YES |
| G. Geolocation data | Approximate location from IP address | YES |
| H. Audio, electronic, sensory | Meal and grocery photos submitted for scanning | YES |
| I. Professional/employment information | Not collected | NO |
| J. Education information | Not collected | NO |
| K. Inferences from personal information | Not used for profiling | NO |
| L. Sensitive personal information | Medication list (health data), account login, payment data | YES |
Sensitive personal information (Category L) is used only to provide the Service and is deleted upon account closure. We do not use it for profiling or to infer characteristics about you.
California "Shine the Light" (Civil Code Section 1798.83): We do not disclose personal information to third parties for their direct marketing purposes.
11. Children's Privacy
MedPlate is not intended for users under 13. We do not knowingly collect personal information from children under 13. Users between 13 and 17 require parental or guardian consent. If we learn a user under 13 has registered, we will delete their account promptly.
12. Updates to This Privacy Notice
We may update this Privacy Notice periodically. Material changes will be communicated via email or in-app notice prior to taking effect. The revised notice will display an updated effective date.
13. Contact
A3HCS, doing business as MedPlate. Privacy Team Email: niteshmd@medplate.io Address: Hainesville, Illinois 60030, United States