Privacy Policy
Last updated: 30 March 2026
1. Who We Are
Medyra ("we", "us", "our") is an AI-powered medical report explanation service accessible at medyra.de. We are the data controller responsible for your personal data.
Contact: contact@medyra.de
2. What Data We Collect
- Account data: Your email address, name, and authentication credentials collected when you sign up via Clerk.
- Uploaded documents: Medical reports (PDF, images, or text files) that you upload for analysis.
- Generated explanations: The AI-generated explanations of your uploaded reports.
- Payment data: If you purchase a paid plan, payment information is processed by Stripe. We do not store your card details.
- Usage data: Pages visited, features used, and technical information (IP address, browser type) collected via Google Analytics.
- Cookies: Authentication cookies (Clerk), analytics cookies (Google Analytics). See Section 7.
3. Legal Basis for Processing
- Contract performance (Art. 6(1)(b) GDPR): Processing your uploaded documents and generating explanations is necessary to provide the service you requested.
- Consent (Art. 6(1)(a) GDPR): Analytics cookies are only placed with your consent.
- Legitimate interest (Art. 6(1)(f) GDPR): Basic security logging and fraud prevention.
Note on health data: Medical reports may contain health data (special category data under Art. 9 GDPR). By uploading a report, you explicitly consent to processing this data for the sole purpose of generating your explanation.
4. How Long We Keep Your Data
- Uploaded documents and explanations: Automatically deleted after 30 days.
- Account data: Retained until you delete your account.
- Payment records: Retained for 7 years as required by EU tax law.
- Analytics data: Retained by Google Analytics for 14 months (standard setting).
5. Third-Party Data Processors
We share your data with the following sub-processors under GDPR Art. 28. Each processor operates under their own standard data processing terms or SCCs for international transfers. Your medical documents are processed by Anthropic (Claude AI) solely to generate your explanation — Anthropic does not use this data to train its models.
| Processor | Purpose | Location |
|---|---|---|
| Clerk | User authentication | USA (SCCs applied) |
| MongoDB Atlas | Data storage | EU (Frankfurt) |
| Anthropic (Claude AI) | AI report analysis — Privacy Policy | USA (SCCs applied) |
| Stripe | Payment processing | USA/EU (SCCs applied) |
| Vercel | Website hosting | EU (Frankfurt) |
| Google Analytics | Usage analytics (with consent) | USA (SCCs applied) |
SCCs = Standard Contractual Clauses, the approved EU mechanism for international data transfers. All processors are bound by their respective GDPR-compliant data processing terms (Art. 28 GDPR).
6. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of your data.
- Right to rectification (Art. 16): Correct inaccurate data.
- Right to erasure (Art. 17): Delete your account and all associated data.
- Right to data portability (Art. 20): Receive your data in a machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interest.
- Right to withdraw consent: You can withdraw consent for analytics at any time via our cookie settings.
To exercise any right, email us at contact@medyra.de. We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection authority. In Germany: Bundesbeauftragte für den Datenschutz (BfDI).
7. Cookies
We use the following cookies:
- Essential cookies: Set by Clerk for authentication. Cannot be disabled as they are necessary for login.
- Analytics cookies (Google Analytics): Collect anonymous usage data to help us improve the service. Only set with your consent.
You can withdraw consent for analytics cookies at any time by clearing your browser cookies or contacting us.
8. Data Security
All data is transmitted over HTTPS (TLS encryption). Uploaded documents are stored encrypted at rest in MongoDB Atlas (EU Frankfurt region). Access to the database is restricted to authenticated service processes only. We conduct no manual review of your uploaded medical documents.
9. Changes to This Policy
We may update this policy from time to time. We will notify registered users by email of any material changes. The "Last updated" date at the top of this page always reflects the most recent version.
10. Contact
For any privacy-related questions or to exercise your rights:
Email: contact@medyra.de
Website: medyra.de