Privacy isn't a feature.
It's a promise.
We built Medical Companion from the ground up around one principle: your health data belongs to you and no one else. Here's exactly how we deliver on that.
Local-first storage
Everything you log — medications, symptoms, weight, hydration — lives only on your device. We don't send it to any server unless you explicitly opt in to cloud sync.
Encryption at rest
Your health database is encrypted using device-level keys tied to your biometric or passcode authentication. Even if someone extracted your device storage, your data would be unreadable.
Zero data selling
We have no advertisers. We have no data broker relationships. Your health information is not sold, shared, or used to train third-party machine learning models — full stop.
No account required
You can use Medical Companion fully without ever creating an account. There is no email verification, no login wall, and no requirement to link your identity to your health data.
You own your data
Export everything as CSV, PDF, or FHIR R4 at any time. Delete everything with one tap. We never hold your data hostage or make export a premium feature.
Transparent analytics
If you opt in to crash reporting, it uses only anonymised, aggregated data to improve app stability — never health content. You can opt out at any time in Settings.
Technical implementation
SQLite with SQLCipher — All health data is stored in an encrypted SQLite database on your device. The encryption key is derived from your device passcode and biometric authentication using the OS secure enclave.
No network calls without consent — The app performs no outbound network requests during normal operation except when you explicitly use cloud sync or FHIR export features. All features work fully offline.
Sync is opt-in and additive — If you upgrade to the Sync tier, your data is encrypted client-side before transmission using keys only you hold. Sync servers store ciphertext they cannot read.
Standard export formats — We export CSV for spreadsheet analysis, PDF for doctors, and FHIR R4 JSON for clinical systems. None of these formats contain telemetry or phone-home mechanisms.
Email communications
We collect email addresses only when you explicitly provide them — for waitlist signup or newsletter subscription. We use Resend to deliver emails. We never share your email with third parties.
Waitlist emails are one-time only. When you join the waitlist, you consent to receive a single email when Medical Companion launches. No further marketing emails are sent unless you separately opt in to the newsletter.
Newsletter subscription is always separate. The Informed Patient is our free monthly newsletter covering evidence-based health and wellness topics for patients and caregivers — including nutrition, sleep, hydration, medication management, and living well with chronic conditions. Subscription is always opt-in. We use Resend to deliver emails. You can unsubscribe at any time using the link in any email we send.
The Informed Patient may include clearly labelled sponsored content from carefully selected partners. Sponsors never have access to subscriber data. Our full sponsorship policy is available at medicalcompanion.app/newsletter/sponsorship.
CASL compliance. Medical Companion is based in Victoria, BC, Canada and complies with CASL (Canadian Anti-Spam Legislation). We require explicit opt-in consent for all marketing communications. Every email we send identifies Medical Companion as the sender and includes an unsubscribe mechanism. Consent records are retained as proof of permission.
Have a privacy question?
Read our full privacy policy or reach out to us directly.