Home

Privacy Policy

Effective: May 2, 2026·Last updated: May 2, 2026·Version v1.0

MedSideInfo helps you compare medicine side effects across trusted sources. This page explains what we collect, why we collect it, who we share it with, and the rights you have over your information.

Two commitments up front: we never sell your data, ever — and we never show you ads. Those are not promises we trade away later.

What we collect

From everyone (anonymous)

  • Search queries and pages you visit on the site.
  • Browser type, operating system, screen size.
  • Your IP address, truncated to its network prefix (we discard the last octet so it cannot identify your specific connection).

From signed-in users (with your account)

  • Email address (required for account recovery).
  • OAuth tokens from Google, when you sign in with Google. We never see your Google password.
  • The medicines you save to your cabinet.
  • Scans of prescription documents, leaflets, or pill bottles — only if you explicitly upload them and only for the extraction the upload triggers. Stored in private Vercel Blob and deleted on a rolling schedule (default: 30 days, sooner on request).

What we do NOT collect

  • Social Security numbers or government IDs.
  • Financial data, credit card numbers, or payment details.
  • Your full home address.
  • Your full health record. We never connect to EHR systems.

How we use what we collect

  • To run the search service: take your medicine name, look it up across sources, return results.
  • To personalize your cabinet (the saved medicines list) so it persists across devices.
  • To improve our source coverage and the accuracy of our medicine-name resolver — using aggregated, de-identified query patterns only.
  • To send transactional emails (account verification, password resets, sign-in alerts).
  • To respond to questions you send us via the feedback form.

We do not use your data to train external AI models. We do not sell, rent, or trade it. We do not show you advertising of any kind.

Third-party processors

We use the following vendors to operate the service. Each has access only to the data needed for its specific role.

  • Vercel — hosts the site and serves the API. Also stores private blobs (e.g. uploaded scan documents).
  • InsForge — runs our database and authentication.
  • Fireworks AI — performs the LLM inference that normalizes side-effect text. Inputs are the source text and the medicine name; we do not retain results outside our cache. Fireworks does not retain inputs beyond the inference window.
  • TinyFish — fetches public medical reference pages on our behalf. TinyFish only accesses publicly-published source pages; we do not pass user data to it.
  • Mixedbread — embeddings for the medicine-name resolver. We send only the medicine string the user typed.
  • PostHog — product analytics (page views, feature usage). You can opt out — see "Cookie policy" below.
  • ElevenLabs — text-to-speech for the side-effect playback feature. The text we send is the side-effect description; ElevenLabs does not retain it.
  • Resend — transactional email delivery (verification, password reset, alerts).
  • Sentry — error tracking. Stack traces only; we do not send page content.
  • Axiom — application logs.

We may add or remove processors over time. Material changes will be reflected in this page and the version number bumped.

Your rights

Whether you live in California (CCPA/CPRA), the EU/UK (GDPR), or elsewhere, you have these rights:

  • Access: request a copy of the data we hold about you.
  • Export: request your data in a portable format.
  • Correction: ask us to fix data that's wrong.
  • Deletion: ask us to delete your account and associated data.
  • Opt-out: for analytics tracking, see "Cookie policy" below.

To exercise any of these, email privacy@medsideinfo.com. We aim to respond within 30 days.

Cookie policy

We use the smallest set of cookies that lets the service work:

  • Strictly necessary — keeps you signed in. We can't turn this off without breaking authentication.
  • Analytics — PostHog uses a single first-party cookie to deduplicate your sessions for product-usage stats. You can opt out by visiting our feedback page and telling us, or by sending Do Not Track from your browser.

We do not use third-party advertising cookies. Ever.

Children's privacy

MedSideInfo is intended for users 13 and older. We do not knowingly collect data from children under 13 (COPPA). If you believe a child under 13 has provided us with personal information, contact us at privacy@medsideinfo.com and we will delete it.

International transfers

Our infrastructure runs primarily in the United States. If you access the service from outside the US, your data is transferred to and processed in the US. By using MedSideInfo you consent to this transfer.

Data retention

  • Account data (email, cabinet) — kept as long as your account is active. Deleted on request or 90 days after account deletion.
  • Search history — anonymized after 90 days.
  • Scan-document uploads — deleted after 30 days by default; sooner on request.
  • Analytics events — retained for 12 months in aggregate form.

How we'll notify you of changes

If we make material changes to this policy, we will (1) update the "Last updated" date at the top, (2) bump the version number, and (3) email signed-in users at the address on file. Continued use of the service after a change constitutes acceptance of the new policy.

Contact

Questions or concerns about this policy? privacy@medsideinfo.com.