Medlio Privacy Policy

Data Privacy and Security

You control your data
You create your account on Medlio, and you decide what data you want to share and not to share. You can also delete the account if and when you decide to do so. It is your data. Medlio has a complete privacy policy that explains in detail how we use your data. Medlio does not sell your data or profile for advertising.

Your security comes first
All your data on Medlio is securely protected. Medlio stores your data in a data center in the US and uses state-of-the-art, multi-layered security methods. These methods comply with best practices, and include both physical and logical protection, such as access control, encryption, and segregation.

Encryption keeps your data private in transit and at rest
We protect your data with multiple layers of security, including leading encryption technology like HTTP over Transport Layer Security (TLS with NIST recommended 2048-bit keys for RSA), often referred to as HTTPS. We employ managed data services with storage encryption for data at-rest, in-motion and including backups using AES-256.

Threat detection helps protect you
We continuously monitor our infrastructure and services to protect your data from threats. Our API Gateway meters, throttles, and analyzes all incoming connections to detect and prevent DDoS and other malicious attacks.

24/7 protected cloud infrastructure
Medlio operates on Microsoft Azure, one of the world’s most secure and reliable cloud infrastructures. Azure distributes data across multiple data centers, so that in the event of a fire or disaster, it can be automatically and seamlessly shifted to other stable and secure locations. “Security and privacy are built right into the Azure platform.“
“Azure is continually updated to make it even more secure.”
“Azure Security Center makes Azure the only public cloud platform to offer continuous security-health monitoring.”

Data Privacy

Medlio complies with data protection and privacy laws. As a user, you decide what you want to share. Medlio is not in the business of selling your personal data, or using your data for targeted advertising. Medlio is also committed to comply with the EU General Data Protection Regulation (GDPR).

We only store data that you share with us, either through the Medlio App or by connecting your Medlio account with your provider portals, tracking devices, or apps from third parties. We do not collect data about you from other sources. All your data is securely encrypted during transport and at rest.

You have the right to receive a full copy of all the data that we store about you. Should you find any incorrect data, you have the right to have that data corrected. You may ask for a copy of all the data that you have shared with Medlio. Should you decide to remove your Medlio account, we will delete your account and personal data after a deactivation period of 30 days.

Privacy Policy

This privacy policy (as amended from time to time, the “Privacy Policy“) describes our policies and procedures on the collection, use and disclosure of data obtained through your access to and use of the services available on the mobile and web applications and the Website (the “App/Website“) operated by Medlio (“Medlio“). The use of the App/Website is governed by the Terms of Use. Medlio prepared this Privacy Policy to demonstrate our commitment to ensuring the privacy and security of the data that you share with us in accordance with our obligations under the applicable laws, rules and regulations. By accessing the App/Website or using our services you agree to accept and be bound by the current version of this Privacy Policy.

Which Data We Collect

In order to create or reconfigure an account, you are expected to provide personal data, such as your name, username, password, personal contact details (address, zip code and location and email address), date of birth, gender, details about any of your previous health concerns or clinical issues, details about your family history, especially relating to health concerns or clinical issues, details about your lifestyle and activities (including underlying GPS data), clinical information and similar data (the “Data“) enabling Medlio to provide you with aggregate access to various information about your health, including a number of potential health risks based on your clinical background and lifestyle (collectively the “Information“).

How Your Data is Collected

We collect Data that you provide to us either directly through the App/Website, or third party devices or apps you connect with your account. We also collect information about your interactions within the App/Website as part of our continuous effort to improve the user experience.

How We Protect and Use Your Data

When using the App/Website you consent to the collection, transfer, modification, storage, disclosure and other uses of the Data. Irrespective of the country in which you reside or from where you access to the App/Website, the Data may be used by Medlio in the US or any other country of operation.

You authorize Medlio to de-identify your Data and subsequently to copy, process, use, publicly disclose and distribute the Data in anonymized form for academic and statistical purposes. Such anonymized Data shall no longer be considered as personal data.

You authorize Medlio to receive, review and store technical data (including crash reports) retrieved from the devices you are using to access the App/Website.

We restrict access to the Data to those Medlio employees or other parties who need access to such Data in order to provide the services. We maintain appropriate physical, electronic and procedural safeguards to protect your Data, including firewalls, individual passwords and encryption and authentication technology, and take all other necessary and adequate administrative, organizational, technical, personnel and physical measures to safeguard the same against unauthorized or unlawful processing and use, accidental loss or destruction or damage, theft, disclosure or modification and to ensure its integrity. Please note, however, that Data transported over an open network, such as the Internet or email, may be accessible to anybody. We cannot guarantee, and are not responsible for, the confidentiality of any communication or information transmitted via such open networks. When disclosing any Data via an open network, you should consider that it is potentially accessible to others, and consequently, may be collected and used by others without your consent. In particular, while individual data packets are often encrypted, the names of the sender and recipient are not. Even if both the sender and recipient are located in the same country, data may be transmitted via such networks to other countries regularly and without controls, including countries that do not afford the same level of data protection as the US. Your Data and Information may be lost during transmission or may be accessed by unauthorized parties. We do not accept any liability for direct or indirect losses as regards the security of the Data and Information during its transfer via Internet.

Medlio will not use the Data for marketing purposes and will not sell, rent or otherwise make available any Data submitted by users to any third parties without the user’s consent, unless as permitted under this Privacy Policy or required by law. Medlio may use the Data to contact users with respect to all matters related to the user’s activity on the website, including but not limited to sending informational e-mails and reminders.

How Your Data is Shared

The concept of the App/Website includes the disclosure of the Data provided by you and accessible via the App/Website to other users or third parties. For all other data, you control and decide yourself which Data shall be accessible to others. You can change the privacy settings of your account at any time and thereby determine who will be able to see which Data. Sensitive personal data such as medications, labs and tests, conditions, allergies, procedures, vitals, are only accessible to others if you choose to share. The following types of sharing options are available: (i) Providers: If you are part of health system and choose to connect to that system and share your records, providers of that system will have access to your information. (ii) Family and Caretakers: If you shoose the share your information, Your family and caretakers will be able to see the Data. (iii) None: Only you as the user of your account will be able to see the Data. According to our default settings, only you as the user will be able to see all the above-mentioned Data. You can change the privacy settings of your account at any time after your registration.

Cookies and Similar Technologies

Like many websites, we use “cookie” technology to collect additional website usage data and to improve the website, but we do not require cookies for many parts of our services. A cookie is a small data file created by a web server and transferred to and stored on your computer’s persistent memory. The cookies created by the web servers contain data that uniquely identifies you during your use of the website. We use session cookies to better understand how you interact with our services, to monitor aggregate usage by our users and to improve our services. Most Internet browsers automatically accept cookies. However, you have the option of using your browser software to stop accepting cookies or to warn you before accepting a cookie from the websites you visit. However, if you disable or choose not to accept cookies, some of the functionality of the website may be impaired or you may not have access to areas of the website that require this type of identification. When using mobile applications, Data may be stored and processed temporarily on your mobile device. By accessing mobile applications operated by Medlio you agree to the transfer and temporary storage of Data.

Google Analytics

We use Google Analytics on our App/Website to help us understand things like how long a visitor stays on our App/Website, what pages they find most useful and how they navigate through our App/Website. To learn more about Google Analytics and how to opt-out visit this Google webpage:

How Long Your Data is Stored

We store your Data for as long as you have an account with Medlio. You can delete your account at any time. If you follow the instructions available on the App/Website, your account will be deactivated and then deleted. For up to 30 days it is still possible to recover your account if it was deactivated by mistake. After 30 days, we begin the process of deleting your account permanently from our systems and your account may become non-recoverable. You acknowledge that any content posted by you on the App/Website cannot be recovered after the deletion of your account. We reserve the right to keep Data to the extent we reasonably believe it is necessary to satisfy any applicable law or regulation.

Your Rights

You have the right to be informed by us on any processing of your Data and obtain a copy of our Data (right of access). If you are affected by incorrect or incomplete Data, you may request rectification or completion of any relevant data (right to rectification). You may request the deletion of your Data (right to erasure) or a temporary restriction of processing in certain cases (right to restriction of processing). You may object to the processing of your Data (right to object) and you have the right to receive your Data in a structured, commonly used and machine-readable format or have your Data transferred to another data controller if technically feasible (right to data portability).

Your rights are subject to limitations necessary (a) to satisfy any applicable law, regulation, legal process or governmental request; (b) in connection with any legal proceedings (including prospective legal proceedings), obtaining legal advice or otherwise establishing exercising or defending legal rights; and (c) for medical purposes undertaken by a health professional or any person who in the circumstances is subject to an equivalent duty of confidentiality.

Disclosure of Data

We reserve the right to disclose Data to the extent we reasonably believe it is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce the Terms, including investigations of a potential violation thereof, (iii) detect, prevent or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or to (v) protect the rights, property or safety of Medlio, its users and the public.

Additional Points

Please note that Medlio uses encryption software that may be subject to export control regulations.

The App/Website may contain links to App/Websites or materials that are not operated by Medlio. Such other App/Websites are not subject to this Privacy Policy and Medlio is not responsible in any way for the content or accuracy of such App/Websites or for the policies applied to the treatment of personal data and information. Connecting to or otherwise accessing such App/Websites is at your own risk. We recommend that you read the policies used by these App/Websites, and check how these App/Websites protect your personal data and information and whether they are trustworthy.

Updates to this Privacy Policy

We may revise this Privacy Policy from time to time. The most current version is always available on our App/Website ( The revised Privacy Policy shall become effective from the date of publication on the App/Website. Should these changes be substantial, we will provide you with notice and, where required by applicable law, obtain your consent. This notice will be provided by email or by publication on the App/Website.

Data Controller and Data Protection Officer

In case you are dissatisfied with any aspect of processing of your Data, we would like to understand how we can solve this issue. Please contact us at:
110 Corcoran Street, 5th Floor
Durham, NC 27701

The data protection officer is located at the same address and can be contacted by mail or sending an email to
You also have the right to contact the data protection supervisory authority in your country of residence.


This Privacy Policy shall in all respects be governed by US law. Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of the US and you consent to such jurisdiction of and venue in such courts and waive any objection as to inconvenient forum.

Version: April 22, 2019