MedBriefSign In

Privacy Policy

Last updated: February 17, 2026

1. Who we are

MedBrief (“we”, “us”, “our”) is an AI-powered medical research summary service accessible at medbrief.app. We are committed to protecting your personal data and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

For privacy enquiries: contact@medbrief.org

2. Data we collect

Account data

When you sign up, we collect your email address and (if you sign in via Google or Apple) your name and profile picture. We do not store your password — authentication is handled securely by NextAuth.js.

Onboarding preferences

During onboarding we ask a few questions: how you describe yourself (e.g. diagnosed patient, healthcare professional), how long you've been dealing with SIBO, which features matter to you, and how often you want updates. This data is stored to personalise your experience.

Usage data

We record study ratings (thumbs up/down) and bookmarks you create. We may also log anonymous page view counts to understand which studies are most popular.

Email logs

We track whether digest emails were sent successfully. We do not track open rates or click tracking unless you explicitly consent to that in future.

3. How we use your data

  • To create and manage your account
  • To send weekly or monthly email digests based on your preferences
  • To save your bookmarks and ratings across sessions
  • To improve the quality of our AI summaries using aggregated feedback
  • To send occasional product updates (you can opt out at any time)

We do not sell your data. We do not use your data for advertising. We do not share it with third parties except as described in Section 4.

4. Third-party services

SupabaseOur database and authentication provider. Your data is stored on Supabase servers. Supabase Privacy Policy.
ResendUsed to send email digests. Your email address is passed to Resend only for the purpose of delivering your notifications. Resend Privacy Policy.
AnthropicWe use Claude AI to generate study summaries. Study abstracts (publicly available scientific text) are sent to Anthropic's API. No personal data is included in these requests.
VercelOur hosting provider. Standard web server logs (IP address, request metadata) may be collected. Vercel Privacy Policy.

5. Your rights (GDPR)

If you are located in the EU or UK, you have the following rights:

  • Access: Request a copy of the data we hold about you
  • Correction: Ask us to correct inaccurate data
  • Deletion: Request that we delete your account and all associated data
  • Portability: Request an export of your data in a machine-readable format
  • Objection: Object to processing of your data for direct marketing

To exercise any of these rights, email us at contact@medbrief.org. We will respond within 30 days.

6. Cookies

We use a single session cookie to keep you signed in. We do not use advertising cookies or third-party tracking cookies. If we add analytics in future, we will update this policy and seek your consent.

7. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will permanently delete your personal data within 30 days. Anonymised, aggregated usage data (e.g. total ratings per study) may be retained indefinitely.

8. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and by updating the “Last updated” date above. Continued use of MedBrief after changes constitutes acceptance of the updated policy.