+1 (345) 623-0030 | info@mednest.ky

Privacy Policy

Version: 1.0 Effective Date: February 23, 2026

1. Introduction

MedNest ("we", "our", or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications (iOS and Android), and related services (collectively, the "Platform"). By using MedNest, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide
  • Account Information: Name, email address, phone number, date of birth, gender, profile photo, and login credentials.
  • Health Information: Medical history, symptoms, prescriptions, diagnoses, allergies, insurance details, and other health-related data you share with practitioners.
  • Payment Information: Credit/debit card details (tokenized and processed securely through our PCI-compliant payment gateway - we do not store full card numbers), billing address, and transaction history.
  • Communications: Messages sent through the platform, appointment notes, reviews, and feedback.
2.2 Information Collected Automatically
  • Device Information: Device type, operating system, unique device identifiers, and mobile network information.
  • Usage Data: Pages visited, features used, search queries, appointment history, and interaction patterns.
  • Location Data: Approximate location based on IP address or, with your explicit consent, precise GPS location for finding nearby practitioners and clinics.
  • Push Notification Tokens: Device tokens for delivering appointment reminders and important notifications (with your consent).
2.3 Information from Third Parties
  • Information from social login providers (Google, Apple) if you choose to sign in using third-party accounts.
  • Information from practitioners or clinics related to your appointments and care.

3. How We Use Your Information

We use the collected information to:

  • Create and manage your account on the Platform.
  • Facilitate appointment bookings between patients and healthcare providers.
  • Process payments, issue receipts, and manage refunds.
  • Send appointment reminders, confirmations, and cancellation notices.
  • Enable communication between patients and practitioners.
  • Provide customer support and respond to inquiries.
  • Improve our services, features, and user experience through analytics.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations and regulatory requirements.
  • Send promotional communications (only with your opt-in consent).

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Consent: For marketing communications, location data, and push notifications.
  • Contract Performance: To provide our services, manage bookings, and process payments.
  • Legitimate Interest: For fraud prevention, analytics, and platform improvement.
  • Legal Obligation: To comply with healthcare regulations, tax requirements, and law enforcement requests.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information with:

  • Healthcare Providers: Practitioners and clinics you book appointments with receive necessary information to provide care.
  • Payment Processors: Our PCI-compliant payment gateway processes transactions securely.
  • Service Providers: Trusted third parties that assist us in operating the Platform (email delivery, push notifications, cloud hosting, analytics) under strict data protection agreements.
  • Legal Requirements: When required by law, court order, subpoena, or governmental authority.
  • Safety: To protect the rights, safety, or property of MedNest, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified).

6. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for data at rest and TLS 1.2+ for data in transit.
  • Tokenized payment processing (full card numbers are never stored on our servers).
  • Role-based access controls and multi-factor authentication for administrative access.
  • Regular security assessments and vulnerability testing.
  • Secure cloud infrastructure with data backup and disaster recovery.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We encourage you to use strong passwords and protect your account credentials.

7. Data Retention

  • Active Accounts: We retain your data for as long as your account is active.
  • Medical Records: Retained per applicable healthcare regulations (minimum 7 years or as required by law).
  • Payment Records: Retained for 7 years for tax and legal compliance.
  • Deleted Accounts: After account deletion, personal data is removed within 30 days, except where retention is required by law.

8. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and personal data (subject to legal retention requirements).
  • Portability: Receive your data in a structured, machine-readable format.
  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent for data processing at any time (without affecting prior lawful processing).
  • Opt-Out: Unsubscribe from marketing communications at any time.

To exercise these rights, contact us at privacy@mednest.ky or use the account settings in the app.

9. Account Deletion

You may request deletion of your account at any time through the app settings or by contacting us at privacy@mednest.ky. Upon deletion:

  • Your profile information, preferences, and appointment history will be permanently removed within 30 days.
  • Health records may be retained as required by applicable healthcare regulations.
  • Payment transaction records are retained for legal and tax compliance purposes.
  • You will receive confirmation once the deletion is complete.

10. Cookies and Tracking Technologies

  • Essential Cookies: Required for platform functionality (session management, security).
  • Analytics Cookies: Help us understand usage patterns and improve our services.
  • Preference Cookies: Remember your settings and preferences.

You can manage cookie preferences through your browser settings. The mobile app uses similar tracking technologies for analytics purposes, which can be controlled through device settings.

11. Children's Privacy

MedNest is not intended for use by children under the age of 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children under these age thresholds without verifiable parental or guardian consent. If we discover that we have inadvertently collected data from a child, we will delete it promptly. Parents or guardians may book appointments on behalf of minor children through their own accounts.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms, to protect your data during such transfers.

13. Third-Party Links and SDKs

Our Platform may contain links to third-party websites or services. Our mobile apps may integrate third-party SDKs for analytics, crash reporting, and push notifications. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app, email, or by posting a prominent notice on the Platform. The "Effective Date" at the top reflects the most recent revision. Continued use after changes constitutes acceptance.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: privacy@mednest.ky
Phone: +1 (800) MED-NEST
Address: 123 Healthcare Ave, Medical City, MC 10001

For EU/EEA residents, you also have the right to lodge a complaint with your local data protection authority.