MediDates
Privacy Policy
Last updated: 25 May 2026.
MediDates is a personal record app operated by InvocationAI. This policy explains how MediDates handles information for app testing and account use. Contact support@medidates.co.za for privacy questions.
Testing-stage boundary
MediDates is currently in a synthetic-only testing stage. Testers must use sample or synthetic records only. Real medical records, real appointment notes, real diagnoses, real files, and real personal health information are not approved for this testing stage.
Information MediDates handles
MediDates may handle account information such as email address, password authentication data, sign-in sessions, verification status, Google sign-in identifiers when you choose Google sign-in, account deletion status, and support or beta feedback you submit.
The app can store records you enter or upload, including titles, dates, appointment information, provider labels, notes, doctor diagnosis information you choose to store, attachment metadata, images, PDFs, and documents. During testing these records must be synthetic or sample content only.
How information is used
MediDates uses information to provide account access, personal record storage, sync across your devices, record retrieval, attachment upload and download, app security, support, backup and restore, abuse prevention, service monitoring, and account deletion.
MediDates does not diagnose, treat, prescribe, interpret medical information, or replace advice from a qualified healthcare professional.
Sharing and processors
MediDates does not sell health data, does not use third-party advertising SDKs, and does not enable third-party analytics or crash reporting in the current testing build.
The service uses controlled hosting and infrastructure providers to run the app, store data, distribute builds, authenticate Google sign-in where enabled, operate support email, and deliver account-related email when configured. These providers may process limited data needed for those service functions.
Security
MediDates uses HTTPS for network traffic, server-side access controls, hashed authentication tokens, app lock controls, local secure storage for session material, encrypted local cache proofing, and encrypted backup/restore procedures. No system can guarantee perfect security, so the app remains synthetic-only until the private beta readiness gate is approved.
Retention and deletion
Account deletion is available through the public deletion page. After account ownership is verified, live service data is targeted for deletion or de-identification; encrypted backups may retain deleted data until the rolling backup window expires.
Deletion, audit, and restore records may be retained where needed for security, abuse prevention, service recovery, or legal obligations. Restore procedures are designed to keep deleted accounts and records from reappearing in the live service.
Your choices
You can sign out, clear local device data, request account deletion in the app, or use the public account deletion page. Do not send medical details in support email unless a specific secure support process has been arranged.