fr
Réservez une démo
fr
Réservez une démo

Privacy Policy - MediAgent

Last updated: November 2025

1. Who We Are

This Privacy Policy applies to MEDIAGENT SOLUTIONS, S.L., a company incorporated in Spain with registered office at: Carrer de la Cadernera 5, 08800 Vilanova i la Geltrú, Barcelona, Spain.
Email for privacy matters: info@mediagent.es

MediAgent has appointed a privacy contact person (not a formal Data Protection Officer under Article 37 GDPR) who can be reached at the same email address.
MediAgent acts as Data Controller for doctors’ personal data and as Data Processor for any patient-related information processed through the application.

2. Purpose of This Policy

This Policy explains how MediAgent collects, uses, stores, and protects personal data when doctors use the MediAgent application (“App”).
The App transcribes and summarizes medical consultations through AI technology to support clinical documentation, it is not a diagnostic or treatment tool.

3. Data We Collect

We collect and process:

  • Doctor account data: name, surname, email, password (hashed), specialty and optionally phone number, medical license number, billing details and professional affiliation (e.g., clinic, hospital, or medical center).

  • Session data: temporary audio recordings and AI-generated , transcripts and summaries.

  • Session metadata (technical and operational logs): technical and operational information such as session identifiers, timestamps (start and end times), processing status, event logs (e.g., creation, update, deletion, or error events), and other system-generated data required to ensure service functionality, performance monitoring, and security.

  • Technical logs: error, crash, and performance data.

Patients: MediAgent does not create patient accounts.
Any patient data appears only within the doctor’s consultation summaries, which are automatically deleted after 72 hours.

Doctors are responsible for informing patients before starting a recording that the consultation will be transcribed and summarized by MediAgent to support clinical documentation, and that the transcription and summary (not the audio) will normally be retained for up to 72 hours, except in database backup where data is kept up to one month.

4. How We Use Your Data

  • To authenticate users/doctors and provide secure access to the App.

  • To transcribe and summarize consultations using AI.

  • To store short-term transcriptions and summaries for clinical continuity.

  • To ensure performance, security, and compliance.

  • To manage user support, billing, and internal client communication, including service updates or limited marketing where applicable.

5. Legal Bases

Processing is based on:

  • Article 6(1)(b) GDPR – contractual necessity (for doctors).

  • Article 9(2)(h) GDPR – provision of healthcare (for patient-related data).

  • Legitimate interests – maintaining app functionality, safety, and fraud prevention.

6. Data Storage & Security

All personal data are processed and stored primarily within the European Union on secure, encrypted, GDPR-compliant cloud infrastructure (Frankfurt, Germany). Audio files, summaries, or transcripts may be transferred outside the EU (for example, to OpenAI’s U.S. affiliate for processing purposes), such transfers are protected by the European Commission’s Standard Contractual Clauses (SCCs) and equivalent safeguards.

Subprocessors
We rely on trusted subprocessors under GDPR-compliant agreements:

  • Amazon Web Services (AWS) – hosting (Frankfurt, EU)

  • MongoDB Atlas – database (Frankfurt, EU)

  • OpenAI API – AI processing (OpenAI Ireland Ltd / OpenAI LLC under a signed Data Processing Agreement (DPA) including Standard Contractual Clauses for international transfers)

  • Firebase Authentication – global user authentication

  • Crashlytics & monitoring tools – technical logs (EU/US)

  • Zoho/Gmail – secure business email communications

A live list of subprocessors is maintained at https://www.mediagent.es/en-subprocessors and updated as needed.
All data is encrypted in transit (HTTPS/TLS) and at rest.

7. Data Retention

  • Audio files: kept locally on device during recording, then uploaded and deleted after processing.

  • Transcriptions & summaries: stored for up to 72 hours for continuity of care and quality review, then permanently deleted.

  • Metadata: Currently retained without an automated time limit.

  • Crash & system logs: retained for 30–90 days depending on provider.

  • Account data: kept while the account remains active and deleted within 30 days after closure, except where retention is required by any applicable law or legal obligation (see Data Retention Policy).

  • Certain financial or billing records may be retained longer where required by any applicable legal, tax, or accounting obligations.

For full retention logic, see the MediAgent Data Retention Policy

8. Temporary Free Access and Account Revocation

  • MediAgent may provide temporary free access to the App for evaluation or promotional purposes. The duration and terms of this free access are established at MediAgent’s discretion.

  • MediAgent may revoke or suspend such free access at any time, after notifying the user in advance.

  • No billing or payment data are collected during the free access period unless the user voluntarily subscribes to a paid plan.

  • Upon revocation of free access, user accounts may be deactivated or deleted in accordance with MediAgent’s Data Retention Policy.


9. Data Transfers & DPA

Some data (transcriptions and summaries) are sent from MediAgent’s EU servers to OpenAI’s API for processing.
This transfer is governed by the signed Data Processing Agreement between MediAgent Solutions, S.L. and OpenAI Ireland Ltd, ensuring:

  • Data are processed only for transcription/summarization purposes.

  • Retained for a maximum of 30 days by OpenAI before deletion.

  • Protected through Standard Contractual Clauses (SCCs) and strong technical safeguards.

Some limited technical logs may also be processed by OpenAI LLC (United States) under the same DPA, with protections ensured by the EU Standard Contractual Clauses (SCCs) to guarantee GDPR-level safeguards.

Processing involves automated generation of transcriptions and summaries using AI technology. However, MediAgent does not make automated decisions that produce legal or similarly significant effects on individuals.

10. Your Rights and Contact Options

Doctors and patients may request:

  • Access, rectification, deletion, restriction, or portability of their data.
    Requests can be submitted to     admin@mediagent.es and will be handled within 30 days in compliance with GDPR.
    Supervisory authority: Agencia Española de Protección de Datos (AEPD) -     www.aepd.es

11. Security & Breach Notification

We implement encryption, access controls, and continuous monitoring to protect all personal data. In the event of a personal-data breach, MediAgent will, upon becoming aware of the incident, notify the Agencia Española de Protección de Datos (AEPD) within 72 hours when required by law, and will inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

12. Updates to This Policy

This Policy may be updated at MediAgent’s discretion following changes in technology, subprocessors, or legal obligations.
All updates will be communicated via the App or website and will take effect within 30 days of publication.


info@mediagent.es

Politique de confidentialité
Conditions générales d’utilisation
Politique de cookies