Privacy Policy

Last updated: December 11, 2025

1. Information We Collect

Medica collects information necessary to provide medical practice management services:

Personal Information (Public Data - MySQL)
  • User account data: name, email, phone number
  • Professional credentials: cédula profesional
  • Workspace information: name, address, contact details
  • Patient basic information: name, email, phone, birthdate
Protected Health Information (Private Data - Encrypted)
  • Patient medical profiles: blood type, allergies, medical history
  • Consultation details: symptoms, diagnoses, treatments, prescriptions
  • Medical documents: X-rays, lab results, images (encrypted at rest)
Technical Information
  • Login activity and session data
  • IP addresses and user agents (for audit logs)
  • Browser type and device information

2. How We Use Your Information

  • Provide and maintain the Service
  • Process subscription payments
  • Send service-related notifications
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Improve our services

3. Data Sovereignty and Storage

All data is stored in Mexico:

  • Database: MariaDB (Datacenter Querétaro, México)
  • Protected health info: Encrypted at application level (AES-256)
  • Medical documents: Local encrypted storage (Datacenter Querétaro)

Your data never leaves Mexican territory, ensuring full compliance with data sovereignty requirements.

4. Data Sharing and Disclosure

We do NOT sell your personal information. We may share data only in these circumstances:

  • Within your workspace (with doctors, nurses, staff as permitted)
  • With other workspaces when you explicitly grant access
  • With payment processors (Stripe) for billing
  • When required by Mexican law or legal process
  • With your explicit consent

5. Security Measures

  • End-to-end encryption for medical documents
  • Two-factor authentication (2FA)
  • Comprehensive audit logging
  • Role-based access control
  • Regular security audits
  • HTTPS/TLS encryption for all connections

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Export your data
  • Delete your account and data
  • Revoke granted access to other workspaces
  • Object to data processing

7. Data Retention

We retain data for:

  • Active accounts: Indefinitely while subscription is active
  • Cancelled accounts: 90 days after cancellation
  • Legal requirements: As required by Mexican medical record laws

8. Compliance

Medica complies with:

  • HIPAA (Health Insurance Portability and Accountability Act)
  • NOM-024-SSA3-2012 (Mexican medical record standard)
  • LFPDPPP (Mexican Federal Data Protection Law)

9. Cookies

We use essential cookies for:

  • Session management
  • Authentication
  • Security (CSRF protection)
  • Theme preferences

10. Children's Privacy

Medica is not intended for use by individuals under 18. We do not knowingly collect data from minors.

11. Changes to Privacy Policy

We may update this policy. We will notify users of significant changes via email.

12. Contact Us

For privacy concerns or data requests:

SEPREMEX
Email: servicio@sepremex.com
Data Protection Officer: Ruben Mc

Back to Home