Privacy Policy

MedListIQ is a stateless API. We do not persist the medication data you send to the inference endpoint. We collect only what we need to run your account, process payments, and secure the Service.

• Account data (via Clerk): email, name, organization name, authentication tokens. Used for sign-in and access control.
• Billing data (via Clerk Billing + Stripe): plan, subscription status, payment method reference. We do not store full card numbers — Stripe does.
• API usage metadata: timestamp, endpoint, input/output counts, status code, API key prefix. Used for dashboards, rate limiting, monthly-cap enforcement, and debugging. Auto-purged after 13 months.
• Request payload (transient): the FHIR resources you send to the inference endpoint are processed in memory and discarded when the response returns. We do not log or persist payload contents.
• Analytics (via Vercel Analytics): anonymized page views and performance metrics on the marketing site. No cross-site tracking.

• Authenticate you and your organization
• Meter and bill for API usage
• Investigate abuse, debug errors, and improve reliability
• Communicate about your account, billing, and service updates

We do not sell your data. We do not share your data with advertisers.

MedListIQ is not yet HIPAA-covered and has not executed a Business Associate Agreement. Do not send PHI through the inference endpoint unless we have a signed BAA with you. If you send de-identified or test FHIR data (as we recommend), nothing in that payload is retained beyond the request lifecycle.

We rely on these vendors to operate the Service. Each has its own privacy policy:

• Google Cloud (Cloud Run, Firestore, Secret Manager) — hosting + storage
• Vercel — marketing site + dashboard hosting; Analytics
• Mintlify — developer documentation hosting
• Clerk — authentication, organizations, billing
• Stripe — payment processing (via Clerk Billing)
• U.S. National Library of Medicine (RxNav API) — RxNorm code resolution

We use cookies only for authentication (set by Clerk) and analytics (set by Vercel Analytics). No marketing or advertising cookies.

• Account data: retained until you delete your account
• API usage metadata: 13 months, then auto-purged
• Request payloads: not retained
• Billing records: retained as required by tax and accounting law

You can view, export, or delete your account data at any time from the dashboard, or by emailing brian@briankfung.com. Depending on your jurisdiction (EU, UK, California, etc.), you may have additional rights — we will honor those requests within the timeframes required by applicable law.

API keys are hashed with SHA-256 before storage; we never store the plaintext key. Data in transit is protected with TLS. Secrets (Clerk backend key, webhook secret) live in Google Secret Manager, not in our source code.

No system is 100% secure. Report a suspected vulnerability to brian@briankfung.com.

MedListIQ is not directed to individuals under 18 and we do not knowingly collect data from them.

We may update this policy. Material changes will be announced via email or an in-product notice.

Privacy questions? brian@briankfung.com.