Privacy Policy

MedLicensIQ, Inc. ("MedLicensIQ," "we," "us") provides software that helps physicians track, renew, and stay compliant with state medical licenses. This Privacy Policy explains what we collect, how we use it, and the choices you have.

This page is written in plain English. We try to mean what we say. Questions: privacy@medlicensiq.com.

1. What we collect

1.1 Information you give us

• Account info: name, email address, the password you create.
• Professional info: NPI number, specialty, state license numbers, expiration dates, CME records, certifications, and other documents you upload to your Vault.
• Payment info: if you subscribe to a paid plan, billing details are processed by Stripe — we never see or store your card number.
• Communications: messages you send us via email, contact form, or the in-app Consult chat.

1.2 Information collected automatically

• Device & log data: IP address, browser type, pages visited, timestamps.
• Cookies: session cookies for sign-in; minimal analytics cookies for understanding feature usage. No advertising trackers.

1.3 Information from third parties

• NPI Registry (CMS): when you provide an NPI, we look up the public registry record to pre-fill your specialty and primary state.
• State medical board websites: our Regulatory Watch agent scrapes publicly available news pages from state boards.

2. How we use your information

• Provide the service: track your licenses, generate renewal checklists, send reminder emails, run the Consult agent.
• Process payments via Stripe.
• Send transactional email (renewal reminders, account notifications).
• Improve the product: aggregate, anonymized analytics on which features get used.
• Communicate with you about your account and important changes to the service.
• Comply with legal obligations.

We do not sell your personal information. We do not share it with advertisers. We do not train third-party AI models on your data.

3. AI processing

MedLicensIQ uses Anthropic's Claude API to power Consult chat, renewal email drafts, document OCR, and regulatory news classification. When a feature requires AI processing, the relevant text (your question, a document you uploaded, a page we scraped) is sent to Anthropic's API for inference. Anthropic processes this content under its enterprise API terms and does not use it to train models.

AI suggestions are decision support, not authoritative guidance. The licensee remains responsible for the accuracy of every compliance action they take.

4. Storage and security

• Data is stored in Supabase (Postgres) and Supabase Storage, both hosted on AWS infrastructure in the United States.
• All traffic is encrypted in transit (TLS 1.2+).
• Data at rest is encrypted using AWS-managed keys.
• Row-level security policies ensure one user cannot read another user's data.
• Service-role access is restricted to authorized administrators.

No security program is perfect. If you spot a vulnerability, please report it to security@medlicensiq.com.

5. Sharing

We share data only with the service providers we need to run MedLicensIQ:

• Supabase — database, storage, authentication.
• Vercel — application hosting.
• Stripe — payment processing.
• Anthropic — AI inference.
• Resend — transactional email delivery.

Each provider is contractually bound to protect your data. We will also disclose information if required by law or to protect the rights, safety, or property of MedLicensIQ or its users.

6. Your rights

You have the right to access, correct, export, and delete your data. Several of these are self-service:

• Access & export: Settings → "Export your data" produces a CSV bundle.
• Correct: edit any field directly from the dashboard.
• Delete: email privacy@medlicensiq.com and we will purge your account within 30 days.

Residents of California, Colorado, Virginia, and similar jurisdictions have additional rights under their state privacy laws (CCPA/CPRA, CPA, VCDPA). We honor all such requests without discrimination.

7. Retention

We keep your data while your account is active. After account closure we retain it for 30 days to support recovery, then permanently delete it except where law requires longer retention (e.g., tax records for paid accounts).

8. HIPAA

MedLicensIQ is designed for the licensure-compliance workflows of individual physicians, not for storing patient health information (PHI). You should not upload PHI to your Vault. If a group practice subscribes and requests a Business Associate Agreement, we evaluate on a case-by-case basis — contact contact@medlicensiq.com.

9. Children

The service is intended for licensed medical professionals. We do not knowingly collect information from anyone under 18.

10. Changes to this policy

We will update this page when our practices change. Material changes will be announced by email and an in-app notice at least 30 days before taking effect.

11. Contact

Privacy questions: privacy@medlicensiq.com
General contact: contact@medlicensiq.com
Security reports: security@medlicensiq.com