SECURITY & PRIVACY

Security & Privacy

At PatientMentor, privacy, security, and patient trust are core to our mission.
We are committed to protecting sensitive medical information through strong technical safeguards, responsible AI use, and full transparency about how data is handled.

Privacy by Design & by Default

PatientMentor is built following privacy-by-design and privacy-by-default principles:

  • Only the minimum necessary data is processed
  • All access is controlled and logged
  • Privacy safeguards are embedded into system architecture
  • Data is never used beyond clearly stated purposes

From onboarding to data deletion, privacy is enforced at every stage.

Patient Data Ownership & Control

Patients always remain the owners of their medical data.

PatientMentor does not claim ownership over uploaded medical records. Users decide:

  • What data to upload
  • Whether data may be used beyond personal insights
  • Whether anonymized data may be shared (with explicit consent)
  • When data is deleted or consent is withdrawn

Control remains with the patient at all times.

Secure Data Storage & Transmission

We apply industry-standard security measures to protect medical information:

  • Encryption of data at rest
  • Encryption of data in transit (TLS/HTTPS)
  • Secure authentication and role-based access control
  • Segregated processing and storage environments

These safeguards are designed to prevent unauthorized access, disclosure, or misuse.

Responsible Use of AI

PatientMentor uses AI solely to organize, analyze, and explain user-provided medical information.

Key principles:

  • AI does not diagnose, prescribe, or recommend treatment
  • AI outputs are informational and educational
  • Clinical decisions remain entirely with licensed healthcare professionals
  • AI supports understanding—not clinical judgment

PatientMentor is an assistive tool, not a medical authority.

Anonymized Data Use & Patient Consent

To keep PatientMentor free for patients, the platform may offer the option for users to voluntarily consent to the use of their data in a fully anonymized and aggregated form.

Important safeguards apply:

  • Data is anonymized so that no individual can be identified, directly or indirectly
  • Personal identifiers are permanently removed before any secondary use
  • Anonymized data may be used for research, analytics, or collaboration with third parties such as research institutions or life sciences organizations
  • No identifiable or personal health data is ever sold or shared

Participation is entirely optional and requires explicit patient consent.

Consent Withdrawal & Data Deletion

Patients may withdraw consent at any time, without penalty.

Users can:

  • Revoke consent for anonymized data use
  • Delete uploaded medical data
  • Close their account entirely

Upon withdrawal or deletion request:

  • Data is removed from active systems
  • Data is no longer included in any future anonymized datasets

Patient autonomy is respected at every stage.

No Unauthorized Secondary Use

PatientMentor does not:

  • Sell identifiable medical or personal data
  • Use patient data for advertising or profiling
  • Share personal health information without explicit consent

All data usage is purpose-limited, transparent, and consent-based.

GDPR & EU Data Protection Compliance

PatientMentor is designed to align with the EU General Data Protection Regulation (GDPR), including:

  • Lawful and transparent processing
  • Explicit consent for sensitive health data
  • Data minimization and purpose limitation
  • Rights to access, rectification, erasure, and objection
  • Strong safeguards for special category data

Patients may exercise their data protection rights at any time.

Access Control & Accountability

To ensure operational integrity:

  • All user access requires authentication
  • Internal access is restricted to authorized personnel only
  • System activity is logged and monitored

These controls help maintain confidentiality and accountability.

Data Retention & Secure Deletion

Data is retained only for as long as necessary to provide the service or as required by law.

When data is deleted:

  • It is securely erased from active systems
  • Retention policies are applied consistently
  • Anonymized datasets are not re-identifiable

Transparency & Trust

We believe trust is built through openness.

PatientMentor is committed to:

  • Clear communication about data use
  • Honest disclosure of system capabilities and limitations
  • Respect for patient dignity and clinician authority
  • Knowing that privacy is not optional—it is fundamental

Designed to Support Care, Not Replace It

PatientMentor is designed to enhance understanding and communication—not to replace professional medical care.

Security and privacy practices are implemented to protect:

  • Patients’ confidentiality
  • Clinicians’ professional responsibility
  • The integrity of healthcare decision-making

Your medical data is deeply personal.
We protect it, respect it, and use it only in ways you explicitly approve. We treat it that way—by design.