Privacy policy
Last updated: 2026-04-28
1. Who we are
OurMedHistory ("we", "us") provides a web application to keep a private medical history of family members and pets. The data controller is the operator of ourmedhistory.com.
2. Data we collect
- Account data: email, display name, hashed password, preferred language.
- Family content you create: members, episodes, medications, allergies, vaccinations and any files you upload.
- Login telemetry: IP address, user agent, timestamp and outcome — used solely to detect abuse.
3. Lawful basis
We process your data on the basis of your consent and to perform the contract you signed up to (Articles 6(1)(a) and 6(1)(b) GDPR).
4. Storage and security
Your data is stored on servers operated by us in the European Union. Passwords are stored hashed using ASP.NET Core Identity defaults; uploaded files are stored outside the public web root and served only after a per-family access check.
5. Sharing
Members of the same family see each other's family data. Nothing is shared with anyone outside that family. We do not sell or rent your data.
6. Your rights
Under GDPR / similar laws you have the right to access, rectify, port, delete and restrict processing of your data. You can request these directly from the application or by emailing us. Soft-deleted data is fully purged within 90 days; uploaded files are retained in a recoverable trash for the same period.
7. Cookies
We use a session cookie for authentication and a small "language" cookie to remember your preferred language. We do not use third-party advertising cookies.
8. Contact
Email: privacy@ourmedhistory.com.
This text is a placeholder draft and will be replaced by a final, lawyer-reviewed version before public launch.