This notice describes how MedSideInfo collects, uses, shares, and secures consumer health data— a category defined by Washington State’s My Health My Data Act (RCW 19.373) and similar laws in Nevada, Connecticut, and other states. It is a separate notice from our general Privacy Policy because the statute requires that.
If you live in Washington State and your data is processed by MedSideInfo, you have specific rights under MHMDA. We honor the same rights for consumers in any state.
What counts as “consumer health data”
Under MHMDA, consumer health data is any personal information that is linked or reasonably linkable to a consumer and identifies that consumer’s past, present, or future physical or mental health status. The statute’s definition is broad and explicitly includes data inferred from product use.
For MedSideInfo, the categories of consumer health data we may collect, depending on what you do with the service:
- Medicines you save to your cabinet (signed-in users). Each saved medicine implies you, or someone you care for, may take or be considering that medicine. We treat that implication itself as consumer health data.
- Prescription documents, leaflets, or pill-bottle scans you upload (signed-in users, only when you explicitly upload them). The image content typically contains drug names, dose, and sometimes patient identifiers printed on the label.
- Symptom-check inputs. When you use the symptom-check feature to look up which medicines list a symptom as a side effect, the typed symptom plus your medicine list could be inferred to imply a current health concern. We treat that as consumer health data.
- Search queries while signed in. Your medicine searches, when associated with your account, can imply medications you or those you care for use.
We do not collect: full health records, EHR data, biometric identifiers, location-tracking data tied to health facilities, or genetic/genomic information.
Why we collect it and how we use it
- To run the service for you.Cabinet entries persist your saved medicines so they’re available across devices. Uploaded scans are processed once for the extraction you requested and then stored only long enough to support a re-fetch (default 30 days, sooner on request).
- To improve source coverage and pipeline accuracy. We use aggregated, de-identifiedpatterns of medicine searches and resolver outcomes — never your individual cabinet contents or scan content.
- To respond to feedback you send us. If you describe a medicine experience in the feedback form, the message you wrote is what we read.
We do not show ads on MedSideInfotoday. We do not sell consumer health data — the kind that is linked or reasonably linkable to you — ever.
Who we share it with
We share consumer health data only with the third-party processors necessary to operate the service. Each receives only what its role requires:
- Vercel (hosting; private Blob storage of uploaded scans).
- InsForge (database for your account + cabinet).
- Fireworks AI (LLM inference for normalizing extracted side-effect text; receives only the source text and the medicine name, not your cabinet or account identifiers).
- Sentry (error tracking; stack traces only, no page content).
We do not share consumer health data with: data brokers, advertising networks, government surveillance programs, or any party for marketing purposes. We do not use consumer health data to train external AI models.
Your rights
Whether or not you are a Washington resident, you have these rights with respect to your consumer health data on MedSideInfo:
- Right to confirm: ask whether we are processing your consumer health data.
- Right to access: get a copy of the consumer health data we hold about you.
- Right to delete: request deletion of your consumer health data. We action deletion within 30 calendar days, with a target of 7 days, and we delete from any third-party processors that hold it on our behalf.
- Right to withdraw consent: if we relied on consent to process your consumer health data, you can withdraw that consent at any time.
- Right to non-discrimination: we will not deny you service, charge a different price, or degrade your experience for exercising these rights.
- Right to appeal a denial of any request.
To exercise any of these rights, submit a privacy/data request through the button below. The request posts to our admin queue and emails our privacy team at privacy@medsideinfo.comin the same action — single channel, two paths so we don’t miss it.
We respond within 30 days. If we deny a request, we explain why and how to appeal; appeals also receive a 30-day response.
How we secure consumer health data
- Transport encryption: TLS 1.2 or higher on every connection to/from MedSideInfo.
- At-rest encryption: managed-database and managed-blob storage with provider-side encryption.
- Access controls: only authenticated users see their own cabinet; operator access to consumer health data is restricted to designated administrators and audited.
- Retention minimization: uploaded scans default to 30-day deletion; accounts deleted on request remove cabinet contents within 30 days.
Geographic notes
Washington residents (MHMDA):the rights and practices in this notice meet RCW 19.373 requirements as we understand them. We do not currently sell consumer health data and therefore do not require an additional “valid authorization” document beyond the consents users provide when interacting with the service.
EU/UK residents (GDPR/UK GDPR): our lawful bases for processing health-related data are explicit consent (Art. 9(2) (a)) for cabinet entries and uploaded scans, and contract necessity (Art. 6(1)(b)) for service operation. See the lawful-basis section of our general Privacy Policy for the full table.
California residents (CMIA + CCPA/CPRA):we treat consumer health data as “medical information” under the 2022 CMIA expansion (Civ. Code § 56.05(j)) and grant the same access, deletion, correction, and opt-out rights as our general Privacy Policy describes.
Changes to this notice
If we make material changes to this notice we will (1) update the “Last updated” date at the top of this page and (2) bump the version number. We do not currently push individual notifications about consumer-health-data-policy changes; please check this page periodically.
Contact
Questions about how we handle consumer health data, or to exercise any of the rights above — submit through the form below.