Home
MedeliX

Privacy Policy

Version: v1.1 — launch · Last updated: 2026-05-20 · Effective: from the date of public launch

Pending counsel review. The "we" in this document is Medelix, currently operated by Melih Yaz as an individual in Vienna, Austria.

Medelix is a medical-evidence retrieval tool. We help doctors and medical students search peer-reviewed and open-access medical literature with citations on every claim. We are not a medical device and we do not provide clinical advice. Medelix is an AI-generated tool; outputs are clearly labelled as AI-generated, per EU AI Act §50 transparency obligations. This page explains what data we process, why, for how long, and what control you have.

1 · Who we are

Service: Medelix (medelix.ai) Controller / Currently operated by: Melih Yaz as an individual based in Vienna, Austria. References to "we", "us", or "Medelix" in this Policy include any future legal entity established to operate the service; on transition, signed-in users will be notified by email at least 30 days in advance and may withdraw consent or delete their data before the transition takes effect. Postal address: available on legitimate written request via [email protected]. A service address will be published in our Imprint once the project's business registration is complete. Privacy contact: [email protected] General / support: [email protected] · [email protected] Sub-processors: see §5.

A Data Protection Officer has not been appointed; given the scale of processing, GDPR Art. 37 does not require one. If that changes, contact details will be added here.

2 · What data we collect

When you use the service anonymously (no account)

  • Question text — used in real time to retrieve evidence and generate an answer; never persisted beyond the active request.
  • A rate-limit cookie (medelix_anon) — when you first ask a question without signing in, we set a small random identifier in a cookie scoped to .medelix.ai (HttpOnly, SameSite=Lax, 30-day max-age). We use it solely to enforce the anonymous quota of 2 questions per browser per 24 hours. The value is not linked to your identity, is never shared, and you can delete it from your browser at any time.
  • Hashed IP address (secondary backstop) — as a defence against scripted cookie rotation, we HMAC-hash your IP with a secret we hold and cap any single network to ~200 anonymous questions per 24 hours. The original IP is never stored on the anonymous path; only the hash, for 90 days.
  • Country code, request ID, user agent — for security monitoring and incident response.

When you create an account

  • Email address, hashed password (or Google / Apple OAuth identifier) — used to authenticate you.
  • Display name and language preference, if you set them.
  • Phone number, if and when phone-OTP authentication is added.
  • Consent flags — whether you accepted Terms of Service, opted in to cross-conversation memory, etc.

When you ask questions while signed in

  • Question + answer + citations — stored in your conversation history so you can return to past chats and so we can support data export. Stored only because you consented at sign-up; if you withdraw consent, we delete this data.
  • Per-query metadata — language, latency, model used, abstention flags, IP, country, user agent.
  • Cross-conversation memory — opt-in only, default off. If enabled, we store per-conversation summaries + entity sets to allow Medelix to refer to topics from your previous chats. You can disable, list, and delete these entries at any time.

Things we do not collect

  • We do not collect cookies for advertising or analytics.
  • We do not embed third-party trackers (no Google Analytics, no Facebook pixel).
  • We do not buy data from data brokers.
  • We do not require patient-identifying input — and our Terms prohibit you from entering it.

3 · Why we process this data (lawful bases)

ProcessingLawful basis
Account creation, sign-in, providing the servicePerformance of contract (Art. 6(1)(b))
Storing question + answer historyYour consent (Art. 6(1)(a)) — given at sign-up, withdrawable
Cross-conversation memoryYour consent (Art. 6(1)(a)) — separate opt-in, default off
Hashed IP for rate-limit / abuse detectionLegitimate interest (Art. 6(1)(f)) — see lia-security.md
Raw IP for incident response (signed-in users)Your consent + legitimate interest
Security event loggingLegitimate interest (Art. 6(1)(f)) — fraud prevention, security
Transactional email (verification, password reset)Performance of contract

3a · Health data and special categories

Summary: We don't want patient data in the system, and we actively filter for it. To the extent your own queries touch on health topics, you give explicit consent at sign-up.

Medelix is designed not to process health data of identifiable patients. Our Terms prohibit input of patient-identifying data (§5 of the Terms), and we apply automated pattern-matching filters at the input layer that detect and redact common direct identifiers — including names, addresses, and phone numbers — before queries are passed to model and embedding providers. These filters are a defence-in-depth measure, not a guarantee of perfect detection; the user-level prohibition in the Terms remains the primary safeguard.

To the extent your queries contain health-related context that constitutes special-category data within the meaning of GDPR Art. 9, we process that data on the basis of your explicit consent (Art. 9(2)(a) GDPR), which you give at sign-up. You may withdraw this consent at any time by deleting your account; without it, we cannot lawfully provide the service.

3b · Automated decision-making

Summary: Medelix gives you AI-generated information; it does not make decisions about you.

Medelix does not make decisions about you using solely automated processing that produce legal effects or similarly significantly affect you within the meaning of GDPR Art. 22. The service generates AI-summarised answers to your medical questions; these are informational outputs, not decisions about you. Any clinical, diagnostic, or treatment decision remains entirely with you and the qualified professionals involved.

4 · How long we keep your data

DataRetention
Anonymous query metadata (hashed IP, country)90 days
Account data (email, profile)Until you delete your account
Conversation history (Q+A, citations)12 months from last access (24 months if you opt in to "help improve Medelix"); deletable by you at any time
Per-query operational metadata90 days
Security event logs24 months
Transactional email logs30 days

When you delete your account or your data via the controls below, we delete or irreversibly anonymise the data within 30 days, except where retention is legally required (e.g. tax / accounting where applicable).

5 · Where your data is processed

Your account and conversation data are stored in the European Union (database in Frankfurt, Germany; backend processing in Amsterdam, Netherlands).

We use external service providers ("sub-processors") in the following categories to deliver the service:

  • Managed database, authentication, and storage (EU)
  • Language-model inference (EU)
  • Text-embedding generation (EU)
  • Frontend and backend hosting (EU regions)
  • Content delivery, DNS, and security edge
  • Transactional email delivery (EU)
  • Privacy-friendly product analytics (EU, cookieless)
  • Federated sign-in identity providers (when you choose to use them)

The current, complete list of named sub-processors — including company, location, role, and what data they receive — is published at https://medelix.ai/subprocessors. We update that page whenever a sub-processor is added, removed, or replaced; signed-in users are notified by email at least 14 days before material changes take effect.

Where a sub-processor is US-headquartered, transfers rely on the Standard Contractual Clauses and the EU–US Data Privacy Framework where applicable, supported by an internal Transfer Impact Assessment available to supervisory authorities on request. We are progressively migrating to EU-only infrastructure (target: summer 2026).

We also send your anonymised question text (no account identifier, no IP) to the public literature search API of EuropePMC (UK) to retrieve evidence. EuropePMC does not receive any personal data about you. We may add additional public literature sources in the future; this page and the Sub-processors page will be updated accordingly.

6 · Your rights under GDPR

You have the right to:

  • Access the data we hold about you (Art. 15).
  • Correct inaccurate data (Art. 16).
  • Delete your data (Art. 17 — "right to be forgotten").
  • Restrict processing in certain circumstances (Art. 18).
  • Data portability — receive your data in a machine-readable format (Art. 20).
  • Object to processing based on legitimate interest (Art. 21).
  • Withdraw consent at any time, where consent is the lawful basis (Art. 7(3)).

To exercise these rights:

  • Through the app: sign in, go to Settings → Privacy. Export your data, delete specific conversations or memory entries, or delete your account entirely. Most rights are self-service.
  • By email: [email protected]. We will respond within 30 days (one extension of two months is possible for complex requests, with notice).

If you believe we have mishandled your data, you can lodge a complaint with the supervisory authority in your EU member state. Our lead authority is Austria's Datenschutzbehörde (DSB): https://www.dsb.gv.at · Barichgasse 40-42, 1030 Wien · [email protected]. EU users may also complain to their national DPA.

7 · Children

Medelix is intended for adults — primarily medical professionals and medical students. The minimum age to create an account is 18. We do not knowingly collect data from anyone under 18. If you believe we have, contact [email protected] and we will delete it.

8 · Security

Practical measures include encryption in transit (TLS 1.2+), encryption at rest for question and answer text (pgcrypto), per-tenant access controls (Row-Level Security + app-layer enforcement), strict admin access (Cloudflare Access + JWT role + TOTP MFA), input-layer pattern-matching to detect and redact direct patient identifiers (names, addresses, phone numbers) before queries reach model and embedding providers, prompt-injection scanning before model calls, and structured logging with personal-data scrubbing before logs leave the process. Nightly encrypted backups with monthly restore tests.

We work to GDPR Art. 32 standards. No security is absolute; if a breach occurs we will notify the supervisory authority within 72 hours where required and notify affected users without undue delay where there is a high risk to their rights.

9 · Cookies

Medelix uses only strictly necessary cookies — no advertising cookies, no analytics cookies (our analytics provider, Plausible, is cookieless). There is no cookie banner because none is required when only strictly-necessary cookies are used.

CookiePurposeLifetime
medelix_anonAnonymous rate-limit bucket; identifies the browser to enforce the 2-questions-per-day guest quota. Not linked to any account.30 days
sb-* (Supabase)Sign-in session cookies set by our authentication provider. Issued only after you sign in.Session-bound

10 · Changes to this policy

If we materially change how we process your data, we will:

  1. Update this page with a new "Last updated" date.
  2. Email signed-in users in advance.
  3. Where the change requires renewed consent (e.g. introducing a new lawful-basis category or sub-processor that requires consent), we will request that consent before applying the change to your data.

11 · Contact

Privacy: [email protected] General: [email protected] · [email protected] Security disclosures: [email protected] Legal correspondence: [email protected] Postal: available on legitimate written request via [email protected]. A service address will be published in the Imprint once the project's business registration is complete.

This is a clinical-evidence research tool. We are not a substitute for medical advice. If you are facing a medical emergency, contact your local emergency services (in the EU: 112). For mental-health crisis support: Telefonseelsorge Österreich 142, Rat auf Draht 147 (Austria); Telefonseelsorge 0800 111 0 111 (Germany).