Privacy Policy

1. Information We Collect

Account data: When you create an account, we collect your email address and store a securely hashed password.

Procedure cost inputs: You voluntarily provide procedure type, ZIP code, insurance status, hospital preference, and household income. This data is used solely to generate your procedure cost comparison. Free-tier inputs are processed in your browser session and not persisted server-side. We do not collect any medical records, diagnoses, or protected health information (PHI).

Usage data: We collect API request logs including timestamps, endpoints, and response codes for billing and abuse prevention. No personal health or financial inputs are included in request logs.

2. How We Use Your Information

We use your information to compute procedure cost comparisons, identify cash-pay discounts, estimate medical tourism ROI, and optimize payment plans. Account data is used for authentication and subscription management. Anonymized, aggregated data may be used to improve pricing accuracy. We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Email Communications

We send transactional emails for subscription confirmations, password resets, and critical service updates. We do not send unsolicited marketing emails. You may opt out of non-essential communications at any time.

4. Cookies

Melivaro uses only essential cookies for session management and authentication. We do not use third-party tracking cookies, advertising pixels, or behavioral analytics scripts. No cross-site tracking is performed.

5. Third-Party Services

We use Stripe for payment processing. Stripe receives your email and subscription tier and is governed by Stripe's Privacy Policy. We use Cloudflare for hosting infrastructure. No procedure cost inputs or health-related information is shared with any third party.

6. Data Retention

Account data is retained while your account is active plus 30 days after deletion. API request logs are retained for 90 days. Upon account deletion, all personally identifiable data is purged within 30 days. Anonymized audit logs may be retained for compliance purposes.

7. CCPA Rights (California Residents)

California residents have the right to know what personal information we collect, to request deletion of their data, and to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, use the DELETE /v1/account API endpoint or email privacy@smarttechinvest.com. We process CCPA requests within 45 days.

8. Security

All data is encrypted in transit via TLS 1.3 and at rest via AES-256. Passwords are hashed with bcrypt. API keys are generated using cryptographically secure random functions. We use parameterized database queries and enforce secure HTTP headers.

9. Contact

For privacy-related inquiries, contact privacy@smarttechinvest.com.