Data Privacy and Security
You control your data
Your security comes first
All your data on Medlio is securely protected. Medlio stores your data in a data center in the US and uses state-of-the-art, multi-layered security methods. These methods comply with best practices, and include both physical and logical protection, such as access control, encryption, and segregation.
Encryption keeps your data private in transit and at rest
We protect your data with multiple layers of security, including leading encryption technology like HTTP over Transport Layer Security (TLS with NIST recommended 2048-bit keys for RSA), often referred to as HTTPS. We employ managed data services with storage encryption for data at-rest, in-motion and including backups using AES-256.
Threat detection helps protect you
We continuously monitor our infrastructure and services to protect your data from threats. Our API Gateway meters, throttles, and analyzes all incoming connections to detect and prevent DDoS and other malicious attacks.
24/7 protected cloud infrastructure
Medlio operates on Microsoft Azure, one of the world’s most secure and reliable cloud infrastructures. Azure distributes data across multiple data centers, so that in the event of a fire or disaster, it can be automatically and seamlessly shifted to other stable and secure locations. “Security and privacy are built right into the Azure platform.“
“Azure is continually updated to make it even more secure.”
“Azure Security Center makes Azure the only public cloud platform to offer continuous security-health monitoring.”
Medlio complies with data protection and privacy laws. As a user, you decide what you want to share. Medlio is not in the business of selling your personal data, or using your data for targeted advertising. Medlio is also committed to comply with the EU General Data Protection Regulation (GDPR).
We only store data that you share with us, either through the Medlio App or by connecting your Medlio account with your provider portals, tracking devices, or apps from third parties. We do not collect data about you from other sources. All your data is securely encrypted during transport and at rest.
You have the right to receive a full copy of all the data that we store about you. Should you find any incorrect data, you have the right to have that data corrected. You may ask for a copy of all the data that you have shared with Medlio. Should you decide to remove your Medlio account, we will delete your account and personal data after a deactivation period of 30 days.
Which Data We Collect
In order to create or reconfigure an account, you are expected to provide personal data, such as your name, username, password, personal contact details (address, zip code and location and email address), date of birth, gender, details about any of your previous health concerns or clinical issues, details about your family history, especially relating to health concerns or clinical issues, details about your lifestyle and activities (including underlying GPS data), clinical information and similar data (the “Data“) enabling Medlio to provide you with aggregate access to various information about your health, including a number of potential health risks based on your clinical background and lifestyle (collectively the “Information“).
How Your Data is Collected
We collect Data that you provide to us either directly through the App/Website, or third party devices or apps you connect with your account. We also collect information about your interactions within the App/Website as part of our continuous effort to improve the user experience.
How We Protect and Use Your Data
When using the App/Website you consent to the collection, transfer, modification, storage, disclosure and other uses of the Data. Irrespective of the country in which you reside or from where you access to the App/Website, the Data may be used by Medlio in the US or any other country of operation.
You authorize Medlio to de-identify your Data and subsequently to copy, process, use, publicly disclose and distribute the Data in anonymized form for academic and statistical purposes. Such anonymized Data shall no longer be considered as personal data.
You authorize Medlio to receive, review and store technical data (including crash reports) retrieved from the devices you are using to access the App/Website.
We restrict access to the Data to those Medlio employees or other parties who need access to such Data in order to provide the services. We maintain appropriate physical, electronic and procedural safeguards to protect your Data, including firewalls, individual passwords and encryption and authentication technology, and take all other necessary and adequate administrative, organizational, technical, personnel and physical measures to safeguard the same against unauthorized or unlawful processing and use, accidental loss or destruction or damage, theft, disclosure or modification and to ensure its integrity. Please note, however, that Data transported over an open network, such as the Internet or email, may be accessible to anybody. We cannot guarantee, and are not responsible for, the confidentiality of any communication or information transmitted via such open networks. When disclosing any Data via an open network, you should consider that it is potentially accessible to others, and consequently, may be collected and used by others without your consent. In particular, while individual data packets are often encrypted, the names of the sender and recipient are not. Even if both the sender and recipient are located in the same country, data may be transmitted via such networks to other countries regularly and without controls, including countries that do not afford the same level of data protection as the US. Your Data and Information may be lost during transmission or may be accessed by unauthorized parties. We do not accept any liability for direct or indirect losses as regards the security of the Data and Information during its transfer via Internet.
How Your Data is Shared
The concept of the App/Website includes the disclosure of the Data provided by you and accessible via the App/Website to other users or third parties. For all other data, you control and decide yourself which Data shall be accessible to others. You can change the privacy settings of your account at any time and thereby determine who will be able to see which Data. Sensitive personal data such as medications, labs and tests, conditions, allergies, procedures, vitals, are only accessible to others if you choose to share. The following types of sharing options are available: (i) Providers: If you are part of health system and choose to connect to that system and share your records, providers of that system will have access to your information. (ii) Family and Caretakers: If you shoose the share your information, Your family and caretakers will be able to see the Data. (iii) None: Only you as the user of your account will be able to see the Data. According to our default settings, only you as the user will be able to see all the above-mentioned Data. You can change the privacy settings of your account at any time after your registration.
Cookies and Similar Technologies
Like many websites, we use “cookie” technology to collect additional website usage data and to improve the website, but we do not require cookies for many parts of our services. A cookie is a small data file created by a web server and transferred to and stored on your computer’s persistent memory. The cookies created by the web servers contain data that uniquely identifies you during your use of the website. We use session cookies to better understand how you interact with our services, to monitor aggregate usage by our users and to improve our services. Most Internet browsers automatically accept cookies. However, you have the option of using your browser software to stop accepting cookies or to warn you before accepting a cookie from the websites you visit. However, if you disable or choose not to accept cookies, some of the functionality of the website may be impaired or you may not have access to areas of the website that require this type of identification. When using mobile applications, Data may be stored and processed temporarily on your mobile device. By accessing mobile applications operated by Medlio you agree to the transfer and temporary storage of Data.
We use Google Analytics on our App/Website to help us understand things like how long a visitor stays on our App/Website, what pages they find most useful and how they navigate through our App/Website. To learn more about Google Analytics and how to opt-out visit this Google webpage: https://support.google.com/analytics/answer/6004245
How Long Your Data is Stored
We store your Data for as long as you have an account with Medlio. You can delete your account at any time. If you follow the instructions available on the App/Website, your account will be deactivated and then deleted. For up to 30 days it is still possible to recover your account if it was deactivated by mistake. After 30 days, we begin the process of deleting your account permanently from our systems and your account may become non-recoverable. You acknowledge that any content posted by you on the App/Website cannot be recovered after the deletion of your account. We reserve the right to keep Data to the extent we reasonably believe it is necessary to satisfy any applicable law or regulation.
You have the right to be informed by us on any processing of your Data and obtain a copy of our Data (right of access). If you are affected by incorrect or incomplete Data, you may request rectification or completion of any relevant data (right to rectification). You may request the deletion of your Data (right to erasure) or a temporary restriction of processing in certain cases (right to restriction of processing). You may object to the processing of your Data (right to object) and you have the right to receive your Data in a structured, commonly used and machine-readable format or have your Data transferred to another data controller if technically feasible (right to data portability).
Your rights are subject to limitations necessary (a) to satisfy any applicable law, regulation, legal process or governmental request; (b) in connection with any legal proceedings (including prospective legal proceedings), obtaining legal advice or otherwise establishing exercising or defending legal rights; and (c) for medical purposes undertaken by a health professional or any person who in the circumstances is subject to an equivalent duty of confidentiality.
Disclosure of Data
We reserve the right to disclose Data to the extent we reasonably believe it is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce the Terms, including investigations of a potential violation thereof, (iii) detect, prevent or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or to (v) protect the rights, property or safety of Medlio, its users and the public.
Please note that Medlio uses encryption software that may be subject to export control regulations.
Data Controller and Data Protection Officer
In case you are dissatisfied with any aspect of processing of your Data, we would like to understand how we can solve this issue. Please contact us at:
110 Corcoran Street, 5th Floor
Durham, NC 27701
The data protection officer is located at the same address and can be contacted by mail or sending an email to firstname.lastname@example.org
You also have the right to contact the data protection supervisory authority in your country of residence.
Version: April 22, 2019