Privacy Policy

MedZee

1. Introduction

This Privacy Policy describes how the MedZee platform, provided by MEDZEE TECHNOLOGY LTDA, registered under CNPJ No. 65.642.996/0001-84, headquartered in Goiânia – Brazil, and which uses technology developed by Erde Enterprise, collects, uses, stores, and protects the information of users who access or use the platform.

MedZee is a technology platform focused on the health and wellness ecosystem, offering digital solutions that connect doctors, patients, and partners through management tools, telemedicine, electronic medical records, and service automation.

By accessing or using the platform, the user declares that they are aware of and agree with the practices described in this Privacy Policy, in compliance with the Brazilian General Data Protection Law (LGPD).

2. Data We Collect

We may collect different categories of personal data, depending on how the platform is used.

2.1 Identification Data

We may collect:

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • CPF or other identifiers necessary for user identification

2.2 Professional Data (for Doctors)

For users who are doctors or healthcare professionals, the following information may be collected:

  • Medical specialty
  • Academic background
  • Professional registration (CRM or equivalent)
  • Professional history
  • Scheduling and availability information

2.3 Health Data (Sensitive Personal Data)

In the context of providing digital health services, sensitive personal data may be processed, including:

  • Clinical history
  • Medical records
  • Diagnoses
  • Prescribed treatments
  • Indicated medications
  • Laboratory or imaging exams
  • Medical documents (prescriptions, medical certificates, reports, and statements)
  • Images sent by the patient for medical evaluation

These data are processed exclusively to enable medical care and the functionalities of the platform.

2.4 Consent for Processing Health Data

By using the MedZee platform to conduct consultations, share medical exams, or record clinical information, the patient declares that they are aware of and authorize the processing of their sensitive personal health data by the healthcare professionals responsible for the care provided.

The processing of this information occurs exclusively for the purpose of providing healthcare services, managing appointments, maintaining electronic medical records, monitoring treatments, and enabling other functionalities of the platform.

MedZee acts as a provider of technological infrastructure for the storage and processing of this information, while healthcare professionals are responsible for the clinical use of the data.

3. Information Collected Automatically

When the user accesses the platform, certain information may be collected automatically, including:

  • IP address
  • Type of device used
  • Operating system
  • Browser
  • Access logs
  • Date and time of use
  • Pages or features accessed

These data are used for security purposes, platform improvement, and performance analysis.

4. Use of Information

The collected information may be used to:

  • Enable the operation of the MedZee platform
  • Manage user accounts
  • Facilitate communication between doctors and patients
  • Enable in-person or telemedicine consultations
  • Record medical records and clinical history
  • Issue digital medical documents
  • Schedule appointments
  • Automate interactions with patients through communication channels
  • Improve the user experience
  • Comply with legal or regulatory obligations

5. Use of Artificial Intelligence

The MedZee platform may use artificial intelligence systems to assist in the organization and processing of information.

These functionalities may include:

  • Automatic transcription of consultations
  • Assisted generation of clinical records
  • Support in organizing medical records
  • Automation of initial interactions with patients through communication channels

Artificial intelligence acts exclusively as a support tool and does not replace the evaluation, diagnosis, or professional decision of the responsible physician.

6. Integration with Communication Services

MedZee may integrate with third-party communication services, including WhatsApp Business API, to facilitate contact between doctors, patients, and care teams.

In this context:

  • Messages may be processed by the platform
  • Contact information may be used to enable communication
  • Certain interactions may be automated by intelligent systems

Third-party services may have their own privacy policies.

6.1 Consent for Communication

By providing their phone number and initiating contact through communication channels integrated with the platform, including WhatsApp, the user authorizes the receipt of messages related to care, appointment confirmations, sending of medical information, clinical guidance, and other communications necessary for the use of the platform.

The user may request the interruption of these communications at any time through the platform settings or by responding directly to the communication channel used.

7. Information Sharing

MedZee may share personal data in the following situations:

  • With doctors responsible for the patient's care
  • With clinics or partners associated with the care provided
  • With technological service providers necessary for the operation of the platform
  • With cloud infrastructure and storage services
  • With financial processing services
  • With public authorities when required by law or court order

Whenever possible, sharing will occur in a limited manner, restricted to the minimum necessary for the intended purpose.

7.1 Access Control to Clinical Information

Clinical information recorded on the platform is accessible only to the healthcare professionals responsible for the patient's care or to those to whom the patient has authorized access.

Each healthcare professional has access only to the information necessary for providing care and to the information associated with their clinical relationship with the patient within the platform.

MedZee adopts technical and organizational mechanisms to ensure access control and protection of stored clinical information.

8. Payment Processing

To enable financial transactions within the platform, MedZee uses its own payment system called ZEEPAY, operated by the company ZEEPAY, registered under CNPJ No. 65.650.690/0001-70.

Financial information may be processed exclusively for the purpose of carrying out payments and transfers related to services provided through the platform.

9. Data Storage and Security

The information collected is stored in technological infrastructure operated by the Supabase platform, which uses cloud infrastructure based on Amazon Web Services (AWS).

Appropriate technical and administrative measures are adopted to protect personal data against unauthorized access, loss, alteration, or improper disclosure, including:

  • Data encryption
  • Access control
  • Secure authentication
  • System monitoring

9.1 Security Measures

MedZee adopts appropriate technical and organizational practices to protect personal data processed on the platform, including:

  • Encryption of data in transit and at rest
  • Access control based on user roles
  • Secure authentication and activity monitoring
  • Audit logs for critical operations

These measures aim to reduce the risks of unauthorized access, loss, or misuse of stored information.

10. Data Retention

Personal data will be retained only for the period necessary to fulfill the purposes described in this policy or as required by legal, regulatory, or contractual obligations.

After this period, the data may be deleted or anonymized, except when retention is necessary to comply with legal obligations.

11. Data Subject Rights

Under the Brazilian General Data Protection Law (LGPD), the data subject may request:

  • Confirmation of the existence of data processing
  • Access to personal data
  • Correction of incomplete or outdated data
  • Anonymization or deletion of data when applicable
  • Data portability
  • Information about data sharing

Requests may be made through the contact channels indicated in this policy.

12. Cookies and Tracking Technologies

The platform may use cookies or similar technologies to:

  • Maintain user sessions
  • Improve navigation
  • Analyze platform usage
  • Enhance functionalities and performance

Users may manage the use of cookies through their browser settings.

13. Restriction on Use by Minors

The MedZee platform is not intended for individuals under the age of 18. Registration and use of the platform are permitted only for users who are of legal age and legally capable.

If a registration made by a minor is identified, the account may be suspended or removed.

14. Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in legislation, platform functionalities, or internal data processing procedures.

When relevant changes are made, users may be notified through the platform or through the registered communication channels.

15. Contact

For questions, requests, or the exercise of rights related to personal data protection, the user may contact:

Email: contato@medzee.com.br