Privacy Policy

MedLedger is designed with privacy by design principles. We collect minimal information necessary to provide our services:

• Account Information: Email address, full name, and encrypted authentication credentials
• Medical Data: Stored encrypted on IPFS/blockchain - we only store metadata and access permissions
• Usage Data: Access logs, security audit trails, and platform interaction data
• Enterprise Information: Business credentials, verification documents, and institutional details for verified organizations

Your medical data is protected using military-grade encryption and blockchain technology:

• Zero-Knowledge Architecture: We never have access to your unencrypted medical data
• Blockchain Security: Immutable access logs and permissions stored on XRPL
• End-to-End Encryption: AES-256 encryption with patient-controlled keys
• HIPAA Compliance: All security measures meet or exceed HIPAA requirements
• Decentralized Storage: Medical files stored on IPFS, not our servers

You have complete control over your medical data:

• Granular Access Control: Choose exactly which providers can access which records
• Revoke Access: Instantly revoke access permissions at any time
• Data Portability: Export all your data in FHIR-compliant formats
• Right to Deletion: Request deletion of your account and associated metadata
• Transparency: View complete audit logs of who accessed your data when

We never sell your data. Information is only shared in these limited circumstances:

• With Your Explicit Consent: Only to enterprises you explicitly authorize
• Legal Requirements: When required by law or legal process
• Emergency Situations: Life-threatening emergencies where consent cannot be obtained
• Service Providers: Third-party services that help operate our platform (under strict agreements)

For questions about this Privacy Policy or your data rights, contact us:

• Email: privacy@medledgers.org
• Data Protection Officer: dpo@medledgers.org
• Address: Leeds, United Kingdom