Privacy Policy
1. Who we are
MD AI SERVICES LLC is a Limited Liability Company registered in the State of New Mexico, United States (EIN 61-2329644). For any privacy-related question, you can contact us at contact@mdaiservices.com.
2. Information we collect
We collect different categories of information depending on the Service you use and how you interact with it.
2.1 Information you provide directly
- Account information — name, email address, phone number, password (always stored hashed);
- Profile content — any optional details you add to your account, such as preferences or settings;
- Content you submit — messages, questions, files, or feedback you provide while using the Services;
- Payment-related information — when applicable, your billing address and payment details are collected and processed directly by our payment partners (Apple, Google, Stripe). We do not store your full card number.
2.2 Information collected automatically
- Device and technical data — operating system, device model, browser type, IP address, language preferences, app version;
- Usage data — pages or screens viewed, features used, timestamps, crash reports, performance metrics;
- Cookies and similar technologies — used on our websites for authentication, preferences, and basic analytics. You can manage cookies through your browser settings.
2.3 Information from third parties
We may receive information about you from third parties if you authorize them to share it with us, for example when you sign in with a third-party login provider or when our app stores send us aggregated install/uninstall metrics.
3. How we use your information
We use the information we collect to:
- Provide, operate, and maintain the Services;
- Process payments and deliver paid features through our regulated payment partners;
- Personalize content and recommendations within the Services;
- Generate AI-powered responses based on the questions you submit (see Section 4);
- Communicate with you about your account, security alerts, or important changes to the Services;
- Detect, prevent, and respond to fraud, abuse, or security incidents;
- Comply with legal obligations and respond to lawful requests from authorities;
- Improve our products through aggregate, de-identified analytics.
4. AI and large language models
Several of our Services rely on large language models (LLMs) provided by third-party AI providers such as OpenAI. When you submit a question, message, or other text to one of these Services:
- Your input may be transmitted to the AI provider's API to generate a response;
- We instruct our AI providers, where possible, not to use your data to train their public models;
- You should not submit sensitive personal data (such as government IDs, financial account numbers, or medical records) to any of our AI-powered Services.
5. How we share information
We do not sell your personal information. We share it only with the following categories of recipients, and only as necessary:
| Recipient | Purpose |
|---|---|
| Cloud infrastructure (Vercel, Supabase, Hostinger) | Hosting our applications and storing user data |
| AI providers (OpenAI) | Processing user inputs to generate AI responses |
| Payment processors (Stripe, Apple, Google) | Processing payments and subscriptions |
| Analytics providers | Aggregated usage analytics and crash reports |
| Email and notification providers | Sending transactional emails and push notifications |
| Law enforcement and authorities | Only when legally required (e.g., subpoena, court order) |
Each of these providers acts as a processor under our instructions and is bound by data protection commitments.
6. International data transfers
Our infrastructure is hosted in the United States and the European Union. If you access our Services from another country, your information may be transferred to, stored in, and processed in those regions. Where required by applicable law (such as the GDPR for EU-based users), we rely on appropriate safeguards for these transfers, including the European Commission's Standard Contractual Clauses.
7. How long we keep your information
We retain your personal information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it.
Typical retention periods:
- Account data — for as long as your account exists, plus up to 12 months after deletion;
- Transaction records — at least 7 years, as required by US tax and accounting rules;
- Logs and analytics — typically 90 days for raw logs, longer for aggregated metrics.
8. Your rights
Depending on where you are located, you may have the following rights with respect to your personal information:
- Access — request a copy of the personal information we hold about you;
- Correction — ask us to fix inaccurate or incomplete information;
- Deletion — request that we delete your information, subject to legal retention obligations;
- Restriction or objection — ask us to limit or stop certain uses of your information;
- Portability — receive your data in a structured, machine-readable format;
- Withdraw consent — where we rely on your consent, you can withdraw it at any time;
- Complain to a supervisory authority — for example, your local data protection authority in the EU, or the relevant agency in your country.
To exercise any of these rights, write to contact@mdaiservices.com. We will respond within the time limits required by applicable law (typically 30 days under GDPR).
8.1 Rights of California residents (CCPA)
If you are a California resident, you have the right to know what personal information we have collected about you, to request deletion, and to opt out of any "sale" of personal information. We do not sell personal information.
9. Children's privacy
Our Services are not directed to children under 13 (or the higher minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.
10. Security
We take reasonable technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), encryption at rest where applicable, access controls, and regular security reviews. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will post the updated version with a new "Last updated" date and, for material changes, provide additional notice through the Services or by email.
12. Contact us
For any question, concern, or request regarding this Privacy Policy or your personal information, please contact:
MD AI SERVICES LLC
New Mexico, USA
Email: contact@mdaiservices.com