MD Connect Privacy Policy

This privacy policy describes how Bytechnik LLC ("Bytechnik," "we," "us," or "our") collects, uses, shares, and protects personal information through the MD Connect patient mobile application (the "App"), available on the Apple App Store and Google Play under the bundle identifier com.mdconnect.patient. For information about bytechnik.com and our other services, see our general Privacy Policy.

1. About MD Connect

MD Connect is a patient-facing companion to your healthcare provider's electronic medical record (EMR) system. It lets patients view their medical records, book appointments, message their care team, join secure video consultations, sync wearable and fitness data, and receive after-visit summaries. Bytechnik operates the App on behalf of healthcare providers (the "Provider") who serve as the HIPAA-covered entity for any United States patient data accessed through the App.

2. Information we collect

2.1 Information you provide directly

• Account and identity information: name, date of birth, gender, email, phone number, mailing address.
• Healthcare information: medical history, diagnoses, medications, allergies, immunizations, lab orders, vitals, symptom assessments, daily health logs, care-plan progress, family medical history, insurance details, and pharmacy preferences.
• Documents and images: files, photos, and after-visit summaries you upload or your Provider shares with you.
• Communications: messages, notes, and content you exchange with your Provider through the App.
• Payment information: subscription billing details processed by Stripe (see section 4).

2.2 Camera and microphone

The App requests access to your device's camera and microphone for two purposes: (a) to join secure one-to-one video and audio consultations with your Provider using Twilio Programmable Video, and (b) to let you capture and upload documents or photos (for example, an insurance card or prescription label) for your medical record. Camera and microphone are only active while you are in a video call or while a capture screen is open; we do not record audio or video in the background. Video calls are streamed peer-to-peer or via Twilio relays and are not recorded by the App unless your Provider explicitly enables recording with your consent.

2.3 Health and fitness data

With your explicit permission, the App reads health metrics from Apple HealthKit on iOS and Android Health Connect on Android. This may include blood pressure, heart rate, resting heart rate, oxygen saturation, body weight, height, steps, body temperature, menstruation flow, and ovulation test results. These readings are stored alongside your patient record so your Provider can review trends. We never write data back to HealthKit or Health Connect, and you may revoke access at any time in your device settings. We do not use HealthKit or Health Connect data for advertising, and we do not share it with third parties other than your Provider and the infrastructure subprocessors listed in section 4.

2.4 Automatically collected information

• Device identifiers (push notification tokens issued by Apple Push Notification service and Firebase Cloud Messaging), device model, operating system version, and locale.
• Diagnostic and crash data needed to keep the App stable.
• Authentication tokens and session metadata so you stay signed in securely.

3. How we use information

• To provide the App's core features: viewing and updating your record, booking appointments, messaging your care team, conducting video consultations, syncing health data, and delivering after-visit summaries.
• To send appointment reminders, message alerts, and other transactional push notifications. You can disable notifications in your device settings.
• To authenticate you, prevent fraud, and maintain the security of your account and our systems.
• To process subscription payments through Stripe when paid features are enabled.
• To improve the App by analyzing aggregated and de-identified usage patterns. We do not use your identifiable health information to train or develop generative AI models.
• To comply with legal obligations, respond to lawful requests, and protect the rights and safety of patients, Providers, and Bytechnik.

4. Third parties and subprocessors

We share information only with the subprocessors required to deliver the App. Each operates under written confidentiality and data-protection terms; United States Providers maintain HIPAA Business Associate Agreements where required.

• Your healthcare Provider — receives the information you enter or sync so they can provide care. The Provider, not Bytechnik, is your HIPAA-covered entity for United States patient records.
• Twilio, Inc. — powers secure video and audio consultations. Twilio receives the audio and video stream and session metadata while a call is in progress.
• Stripe, Inc. — processes subscription payments. Card numbers are entered into Stripe's SDK and are never stored on Bytechnik servers.
• Apple Push Notification service and Firebase Cloud Messaging — deliver push notifications to your device.
• Expo Application Services — provides over-the-air update delivery and crash diagnostics for the App.
• Cloud infrastructure providers hosting the EMR backend (under appropriate security and contractual controls).

We do not sell your personal or health information. We do not share it with advertisers or data brokers.

5. HIPAA and security

When the App is used to access Protected Health Information ("PHI") for United States patients, Bytechnik acts as a Business Associate of the Provider under the Health Insurance Portability and Accountability Act (HIPAA). We maintain administrative, physical, and technical safeguards designed to protect PHI, including encryption of data in transit (TLS 1.2+) and at rest, role-based access controls, audit logging, and regular security review. No system can be guaranteed completely secure; if you become aware of a security issue, please contact us immediately using the details in section 11.

6. Your rights and choices

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to withdraw consent. For PHI held by your Provider, you exercise these rights through the Provider in accordance with HIPAA and applicable state law. For all other information, you may contact us using the details in section 11 and we will respond consistent with applicable law.

You can also: revoke camera, microphone, HealthKit, Health Connect, and notification permissions in your device settings at any time; sign out of the App; or request account deletion. Disabling permissions may reduce App functionality.

7. Account deletion

To request deletion of your MD Connect account and the personal information we hold outside of clinical records, email us at info@bytechnik.com with the subject "MD Connect Account Deletion." We will verify your identity and complete the request within thirty (30) days. Clinical records held by your Provider are governed by HIPAA and state medical-record retention laws; the Provider, not Bytechnik, is responsible for those records.

8. Data retention

We retain personal information only as long as needed to provide the App, comply with legal obligations, resolve disputes, and enforce our agreements. Diagnostic logs are typically retained for ninety (90) days. Clinical records are retained by your Provider according to applicable medical-record retention laws.

9. International transfers

Bytechnik is headquartered in the United States. If you use the App from outside the United States, your information will be processed in the United States and other countries where our subprocessors operate, subject to appropriate safeguards required by applicable law.

10. Children

MD Connect is intended for use by individuals aged 18 or older, or by a parent or legal guardian using the App on behalf of a minor patient under the direction of the Provider. We do not knowingly collect personal information from children under 13 in the United States, or under the equivalent local age-of-consent elsewhere, without verified parental consent. If you believe a child has provided information without authorization, contact us using section 11 and we will delete it.

11. Contact us

Bytechnik LLC
Email: info@bytechnik.com (privacy and data-deletion requests)
Email: sales@bytechnik.com (general inquiries)
Phone: +1 (951) 851-8702

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the latest revision. For material changes affecting how we use personal or health information, we will provide notice through the App or by email when feasible.