Privacy Policy

TranslateMD (translatemd.io) is an AI-powered medical document translation service. We help healthcare professionals understand medical documents across different healthcare systems and languages.

Data controller: TranslateMD
Contact: privacy@translatemd.io

Account information: Your email address and a hashed password when you sign up.

Payment information: Billing is handled entirely by Stripe. We never see or store your card number. Stripe may retain payment records as required by law.

Documents you upload: Medical documents are transmitted to our servers for processing. You choose what happens next:

• Ephemeral mode — the document is deleted from our servers immediately after translation completes.
• History mode — the document and its translation are stored encrypted so you can access them later. You can delete them at any time.

Usage data: We log which features you use (e.g., "a translation was requested") and basic technical information (IP address, browser type) for security and reliability. We do not log the contents of your documents.

• Documents are encrypted at rest using AES-256.
• All data is transmitted over TLS 1.3 (the HTTPS padlock you see in your browser).
• We do not include document contents in application logs.
• We do not use your documents to train AI models.
• We do not sell, rent, or share your documents with third parties, except as described below under "Third parties."

Anthropic (Claude AI): We send document text to Anthropic's API to perform the AI translation. Anthropic's API data is processed under their commercial API terms and is not used to train their models. See Anthropic's Privacy Policy.

Stripe: Payment processing. Stripe stores your billing details and transaction history. See Stripe's Privacy Policy.

Cloud storage: Documents are stored in encrypted S3-compatible object storage hosted in data centers that comply with SOC 2 standards.

We do not use advertising networks, social media trackers, or analytics cookies.

We use one type of cookie: a session cookie that keeps you logged in while you use the service. This cookie:

• Is deleted when you close your browser or log out.
• Does not track you across other websites.
• Does not contain any personal health information.

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

If you're in the EU or EEA, you have the right to:

• Access — request a copy of the data we hold about you.
• Rectification — correct inaccurate personal data.
• Erasure ("right to be forgotten") — delete your account and all associated data.
• Data portability — receive your data in a machine-readable format.
• Objection — object to certain types of processing.
• Restriction — ask us to pause processing while a dispute is resolved.

To exercise any of these rights, email privacy@translatemd.io. We'll respond within 30 days.

If you're a California resident, you have the right to:

• Know what personal information we collect and how we use it.
• Delete personal information we hold about you.
• Opt out of sale — we do not sell personal information, but you can confirm this in writing by emailing us.
• Non-discrimination — we won't treat you differently for exercising your privacy rights.

• Ephemeral documents: Deleted immediately after translation. No copies retained.
• Stored documents: Kept until you delete them or close your account.
• Account data: Retained while your account is active and for up to 30 days after deletion (for fraud prevention), then permanently erased.
• Billing records: Retained for 7 years as required by financial regulations (held by Stripe).

You can delete your account from the Account Settings page. This will permanently delete:

• Your email address and login credentials.
• All stored documents and translation history.
• Your usage history on our platform.

Deletion is permanent and cannot be undone. Billing records remain with Stripe as required by law.

TranslateMD is designed with PHI (Protected Health Information) safety in mind. However, we do not currently offer a signed Business Associate Agreement (BAA), which is required for covered entities and their business associates under HIPAA. If you require a BAA, please contact us at privacy@translatemd.io to discuss enterprise options.

If we make significant changes, we'll notify you by email at least 14 days before the changes take effect. Minor clarifications may be made without notice.

Questions about this policy? privacy@translatemd.io