Consult Buddy: Privacy Policy

This Privacy Policy explains how Consult Buddy ("Consult Buddy," "we," "us," or "our") collects, uses, shares, and protects information when you use our website, web or mobile applications, and related services that provide well-cited, research-driven medical and clinical answers using large language models (LLMs) and other technologies (the "Service").

This policy is designed to be clear and practical for a clinical and research audience. If anything here is unclear, please contact us at .

Scope and Who We Are

This policy applies to the Consult Buddy app, website, APIs, and related services.

Responsible entity (data controller): Consult Buddy, Inc.

Contact: privacy@consultbuddy.app

Postal address: USA

If you use Consult Buddy through an organization (e.g., your employer or institution), that organization may have its own policies and act as the controller for the data it provides. We are a processor for such organizational accounts to the extent specified in our agreement with that organization.

By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, you must not use the App.

Information We Collect

Account and profile information

Name, email address, authentication identifiers, role, organization, and preferences.

Content you submit

Prompts, questions, chat messages, feedback, and any files you upload (e.g., PDFs, guidelines). This content is used to generate answers and citations.

Citations and research context

Queries to public sources (e.g., medical literature, guidelines) and retrieval context used to support answers, including metadata required to produce citations.

Device and usage data

Device and browser type, operating system, language, time zone, app version, pages viewed, interactions, timestamps, and diagnostic logs.

Support communications

Messages you send to our support channels, error reports, and related attachments.

Payment information (if applicable)

Billing and transaction details processed by our payment provider. We do not store full payment card numbers on our systems.

How We Use Information

We use information to:

  • Provide and operate the Service, including generating answers with citations and delivering core features.
  • Process your prompts, files, and context through LLMs and retrieval systems to produce well-cited, research-driven outputs.
  • Maintain safety, security, and integrity (e.g., monitoring for abuse, preventing fraud, debugging).
  • Improve the Service (e.g., quality, accuracy, speed) using aggregated or de-identified analytics where feasible.
  • We do not use your content or usage data to train any models (ours or third-party).
  • Communicate with you about updates, security notices, and support; send product or feature announcements where permitted by law and your preferences.
  • Comply with legal obligations and enforce our terms.

We do not use your personal information for third-party advertising.

AI and LLM Processing

To generate answers and citations, Consult Buddy may send your submitted content and derived context to AI model providers and related infrastructure (e.g., vector databases, search/retrieval services):

  • Providers and subprocessors: We rely on reputable cloud and AI vendors to operate the Service. A current list of categories and examples appears in the Subprocessor Appendix below. Specific vendors may change over time.
  • Data minimization: We aim to send only the minimum necessary context to model providers and may apply automated redaction where feasible. Do not rely on automated redaction—avoid including personal or identifiable health information.
  • No training on your data: Consult Buddy does not use your prompts, files, chat history, or outputs to train any models — including our own or third-party models. We configure providers to disable training and include contract terms that prohibit training use. Providers may process data solely to deliver the Service, maintain safety, and comply with law.
  • Human review: Limited, access-controlled personnel may review content for safety, abuse investigation, debugging, or quality assurance in accordance with this Policy and applicable law.

Sharing and Disclosure

  • Service providers and subprocessors: Hosting, AI model providers, retrieval/search, analytics, logging, security, customer support, and payment processing. These parties may access information only to perform services for us and under appropriate contractual safeguards.
  • Organizational accounts: If you use the Service through an organization, administrators may access information associated with your use as described in your organization’s policies.
  • Research and safety collaborations: We may share de-identified or aggregated information to evaluate performance, safety, and fairness, or to improve clinical relevance and citation quality.
  • Legal compliance: To comply with applicable law, regulations, lawful requests, or to protect rights, safety, and property.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality and the commitments in this Policy.
  • At your direction: With third parties when you request or authorize it.

We do not sell your personal information or share it for cross-context behavioral advertising.

Data Retention

We retain information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Factors include the type of data, the purpose of processing, and legal/accounting requirements.

Chats and uploads: You can delete conversations and uploaded files from Settings at any time. When you delete content, we remove it from active systems promptly, and it may persist in backups for a limited period before being purged.

Account deletion: You can request account deletion from Settings. Deletion removes your personal content and account data, except where we must retain limited information to comply with legal or regulatory obligations.

Logs and diagnostics: Maintained for operational integrity and security for a reasonable period, then deleted or de-identified.

Vendor deletion: When you request deletion, we also request deletion from relevant processors where feasible and contractually supported.

Security

We employ administrative, technical, and physical safeguards designed to protect information, including encryption in transit, access controls, and vendor due-diligence. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

International Transfers

We may process and store information on servers located in various countries. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) for transfers of personal data from the EEA/UK/Switzerland.

Your Rights and Choices

Depending on your location, you may have rights to:

  • Access, correct, or delete personal information.
  • Object to or restrict certain processing, and request data portability.
  • Withdraw consent where processing relies on consent.

To exercise these rights, contact privacy@consultbuddy.app. We may need to verify your identity and jurisdiction. If we process your data on behalf of an organization, direct your request to that organization.

California Privacy (CCPA/CPRA)

California residents may request to know, access, correct, or delete personal information and to opt out of sharing for cross-context behavioral advertising. We do not sell personal information. Submit requests to privacy@consultbuddy.app.

Cookies and Similar Technologies

We use cookies and similar technologies to operate the Service, remember preferences, and perform analytics and security. You can control cookies through browser settings and, where applicable, our in-product controls or banners. Disabling certain cookies may impact functionality.

Children’s Privacy

The Service is not directed to children. We do not knowingly collect personal information from children under 13 (or a higher age where required by local law). If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

Third-Party Sites and Services

The Service may link to third-party sites or include third-party content. Their privacy practices are governed by their own policies.

Account and Data Deletion

You may delete your account within the App settings at any time.

This permanently deletes all medical history, user prompts, and reports stored locally and on AWS servers.

Contact Us

If you have questions about your privacy rights or wish to lodge a complaint, please contact us or the relevant authority in your jurisdiction:

Consult Buddy Privacy Officer
Consult Buddy Pty Ltd
Email: privacy@consultbuddy.app

Subprocessor Appendix (Categories and Examples)

This is a non-exhaustive list of categories of vendors we may use. For an up-to-date list, contact privacy@consultbuddy.app.

  • Cloud hosting and storage: Google Cloud, Render
  • AI model providers (LLMs): OpenAI, Anthropic
  • Retrieval/search and vector databases: Supabase
  • Analytics and telemetry: PostHog
  • Logging and error monitoring: PostHog

Changes to This Policy

We may update this Policy from time to time. The "Effective date" above reflects the latest revision. If changes materially affect your rights, we will provide additional notice as required by law.

Definitions

"Personal information" or "personal data": Information that identifies or can reasonably be linked to an identified or identifiable person.

"De-identified" data: Data that cannot reasonably be used to identify a person, subject to technical and organizational safeguards.

Scope and Who We Are

This policy applies to the Consult Buddy app, website, APIs, and related services.