Privacy Policy

1. Introduction

Welcome to EvidencePro (referred to as "we," "us," or "our"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Privacy Policy applies to the EvidencePro International version. By using our service, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

• User account information (User ID, username)
• Medical queries and questions you submit
• Conversation history with our AI assistant
• Feedback and ratings

2.2 Automatically Collected Information

• Device information (browser type, operating system)
• Usage data (access times, page views)
• Information collected through cookies and similar technologies

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for processing your data
• Contract Performance: Processing is necessary to provide our services
• Legitimate Interests: To improve our services and ensure security
• Legal Obligation: To comply with applicable laws and regulations

4. How We Use Your Information

• Provide, maintain, and improve our services
• Process your medical queries and generate responses
• Store your conversation history for your reference
• Analyze service usage to enhance user experience
• Ensure service security and prevent fraud
• Comply with legal requirements

5. Third-Party Services

To provide our services, we use the following third-party service providers:

• OpenAI: For processing medical queries and generating responses
• MedSci: For user authentication and medical knowledge base retrieval

These third-party providers may collect and process some of your information. We have Data Processing Agreements (DPAs) in place with these providers to ensure GDPR compliance.

International Data Transfers: Some of our service providers (e.g., OpenAI) may transfer your data outside the European Economic Area (EEA). We ensure such transfers comply with GDPR requirements through Standard Contractual Clauses (SCCs) or other appropriate safeguards.

6. Data Storage and Security

Data Storage Location: Your data is stored on servers located outside China, in compliance with international data protection standards.

Data Retention: We retain your conversation history until you delete it or close your account.

Security Measures: We implement industry-standard security measures to protect your data:

• Data encryption in transit (HTTPS/TLS)
• Database access controls
• Regular security audits
• Employee data access management

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: View your conversation history at any time
• Right to Rectification: Update your account information
• Right to Erasure: Delete any conversation or close your account
• Right to Data Portability: Export your data in a structured format
• Right to Object: Object to certain types of data processing
• Right to Withdraw Consent: Withdraw your consent at any time

To exercise these rights, please contact us at privacy@medsci.com

8. Cookies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze service usage

You can manage cookies through your browser settings. However, disabling cookies may affect some functionality.

9. Children's Privacy

Our service is intended for adults. If you are under 18 years old, please use this service under parental guidance. Users under 13 require parental consent in accordance with GDPR requirements.

10. Data Breach Notification

In the event of a data breach that may pose a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through website announcements or other means.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@medsci.com
• Address: [Your International Office Address]

EU Representative: [If applicable, provide EU representative contact information]