Privacy Policy

Last updated: April 18, 2026

1. Introduction

BGMediLink ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and website (collectively, the "Service").

2. Information We Collect

We collect information you provide directly to us when you:

  • Create an account (name, email, password)
  • Complete your profile (phone, specialization, resident level)
  • Use the Service (messages, logbook entries, patient data, notes)
  • Record voice notes via your device microphone for transcription into text
  • Contact us via the website contact form

Microphone access: The app requests microphone permission solely to capture short voice recordings when you tap the record button within a logbook or notes entry. Audio is never captured in the background or without your explicit action. Recordings are transmitted to our transcription service, converted to text, and are not retained after the transcript is returned.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate users and manage workspace access
  • Facilitate communication between team members within a workspace
  • Send administrative notifications (account approval, workspace invitations)
  • Respond to your requests and support inquiries

4. Data Isolation & Multi-Tenancy

BGMediLink uses a multi-tenant architecture where each workspace (department) has its own isolated data environment. Data from one workspace is never accessible to users of another workspace. Row-Level Security (RLS) policies enforce this isolation at the database level.

5. Data Storage & Security

Your data is stored securely using Supabase, which provides encrypted storage, secure authentication, and database-level access controls. We use industry-standard security measures including:

  • Encrypted data in transit (TLS/HTTPS)
  • Encrypted data at rest
  • Role-based access controls
  • Admin approval workflow for new workspace members

6. Third-Party Services

We use the following third-party services to operate BGMediLink:

  • Supabase — Authentication, database, and file storage
  • Google Gemini AI — Powers the AI assistant feature and transcribes voice recordings into text (no patient data is sent to AI; audio clips are sent solely for transcription and are not retained by us after the transcript is returned)
  • Google OAuth — Optional sign-in method
  • Vercel — Website hosting

7. Patient Data Disclaimer

BGMediLink is a department management tool, not an Electronic Health Record (EHR) system. While the app allows tracking of patient census information (name, bed number, diagnosis, status), it is not intended to replace official medical records. Users are responsible for ensuring compliance with their institution's data handling policies and applicable healthcare regulations (e.g., HIPAA, local data protection laws).

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Workspace administrators can manage member access. If you wish to delete your account or have your data removed, contact us at privacy@bgmedilink.com.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and receive a copy of your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your personal data
  • Withdraw consent for data processing

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@bgmedilink.com.