← Back to mydischarge.org
Privacy Policy
Last updated: June 12, 2026
MyDischarge is designed so that we never know who you are. We do not collect, store, or sell personal information. Your privacy is the foundation of everything we build.
What MyDischarge Does
MyDischarge helps you understand your hospital discharge paperwork by reading your documents and explaining them in plain language. You can photograph your discharge papers or type your diagnosis manually. The app processes your health and medical data solely to provide you with plain-language explanations of your discharge instructions.
Health Data We Access and Process
MyDischarge accesses and processes the following categories of health data in order to explain your discharge paperwork:
- Diagnosis information — The medical conditions listed on your discharge paperwork, used to generate plain-language explanations.
- Medication information — Medication names, dosages, and instructions from your discharge paperwork, used to explain what you were prescribed and how to take it.
- Follow-up care instructions — Doctor names, appointment dates, and follow-up instructions, used to help you understand your next steps.
- Warning signs and clinical notes — Symptoms that require an ER return and other clinical guidance from your discharge paperwork.
- Hospital and provider information — Hospital names, clinic addresses, and provider phone numbers from your paperwork, preserved so you can contact your care team.
This health data is processed solely to generate plain-language explanations, text-to-speech audio, and to answer your follow-up questions about your discharge instructions. It is not used for advertising, profiling, or any purpose other than helping you understand your discharge paperwork.
How Health Data Is Protected
Before any health data leaves your device, we apply multiple layers of on-device protection to remove all patient-identifying information:
- On-device OCR — Photos of your discharge paperwork are read using on-device text recognition (Google ML Kit). Photos are never uploaded to any server.
- On-device PII redaction — Patient names, date of birth, age, Social Security number, insurance IDs, medical record numbers, account numbers, patient phone numbers, patient email addresses, and patient home addresses are automatically detected and removed on your device before any data is transmitted. The redactor uses multilingual labels, multiline OCR layouts, repeated-name scrubbing, and fail-closed patterns for unlabeled names, dates, IDs, phones, emails, and addresses.
- Encrypted on-device storage — Your session data (discharge summary and chat history) is stored in encrypted storage on your device (iOS Keychain / Android Keystore). It is never stored on our servers.
- Chat message redaction — If you type personal information in the chat, it is automatically redacted on your device before being stored or sent to our server.
- Server-side safety barrier — The proxy redacts parse, chat, translation, and text-to-speech requests again before sending de-identified text to Groq.
Only de-identified medical content (diagnosis, medications, follow-up instructions, hospital information) is transmitted to our server for processing. We never receive your name, date of birth, age, Social Security number, insurance information, home address, or any other personally identifying information.
What Leaves Your Device
- De-identified health data only — After all patient identity has been stripped, only the medical content (diagnosis, medication names, follow-up instructions, hospital/clinic information) is sent to our server for processing by a language model.
- An anonymous device token — A randomly generated identifier (not tied to your identity) is used solely for rate limiting to prevent abuse. It is never stored or logged on our servers, and research-study submissions (see below) are sent without it.
Like any internet service, our server transiently sees your IP address in order to respond to your request and to limit abuse. IP addresses are not recorded or stored.
How Health Data Is Used
Your de-identified health data is used exclusively for the following purposes:
- Generating plain-language explanations — Your de-identified discharge text is sent to a language model to produce a structured summary of your diagnosis, medications, warnings, and follow-up instructions.
- Answering your follow-up questions — When you ask questions in the chat, your de-identified discharge text is used as context so the language model can answer questions about your specific discharge instructions.
- Text-to-speech — De-identified text is sent to a text-to-speech service to read explanations aloud. For non-English languages, speech is generated entirely on your device.
- Translation — When you change languages, de-identified chat messages are sent for translation so you can read explanations in your preferred language.
Your health data is never used for advertising, marketing, data mining, profiling, or any purpose other than those listed above.
What We Do NOT Collect or Do
- We do not create user accounts or require sign-up
- We do not store your health data or medical information on our servers
- We do not log the content of your requests on our servers
- We do not sell, share, or transfer any data to third parties for advertising, marketing, or data brokering
- We do not use analytics, tracking tools, or advertising SDKs
- We do not use cookies
- We do not display advertisements
- We do not upload or transmit your photos or images to any server
Third-Party Services
We use the following third-party service to process your de-identified health data:
- Groq — A language model provider that processes de-identified health text to generate plain-language explanations and text-to-speech audio. Groq receives only de-identified medical content with patient identity removed. Groq's data documentation states that inference request customer data is not retained by default, with limited temporary logging for reliability or abuse investigation unless Zero Data Retention is enabled. Groq's data documentation is available at console.groq.com/docs/your-data.
No other third-party services receive any of your data. We do not use Firebase, Google Analytics, Facebook SDK, or any other third-party tracking or analytics tools.
Data Retention
- On our servers: The medical pipeline retains nothing. Our server processes requests in real-time and does not store request or response content. No health data is persisted server-side. The single exception is the opt-in research store described below, which contains no health data, documents, or messages.
- On your device: Your session data (de-identified discharge summary and chat history) is stored in encrypted storage on your device. You can clear this data at any time by closing the app or clearing the app's data in your device settings.
- At Groq: Groq processes requests in real-time. Groq's current documentation says inference customer data is not retained by default, with limited temporary retention possible for reliability or abuse investigation unless Zero Data Retention is enabled.
Research Study Participation (Opt-In)
During active research study periods, the app may invite you to join an IRB-overseen study after you review a separate research consent form. Participation is entirely optional — declining changes nothing about how the app works.
- If you join: the generated multiple-choice quiz questions and answer options, which options you selected before and after using the app, whether each answer was right or wrong, your ratings of the app, optional demographic ranges you choose to share, and the broad topic of your visit (e.g. "respiratory") are stored on a secure research server under a random code generated on your device.
- Never stored: your documents or full discharge text, your photos, your chat messages, your device token, your IP address, or anything that could identify you.
- Anonymous by design: records cannot be linked back to you — which also means they cannot be located and deleted after submission.
- Results are reported only in aggregate.
Children's Privacy
MyDischarge does not knowingly collect information from children under 13. The app does not require any personal information to use. If you believe a child under 13 has provided personal information through the app, please contact us at privacy@mydischarge.org.
Your Rights
Because we do not collect or store personal information on our servers, there is no personal data for us to access, correct, or delete. Your session data is stored only on your device under your control. You may delete it at any time by clearing the app's data in your device settings.
Medical Disclaimer
MyDischarge is not a substitute for professional medical advice, diagnosis, or treatment. It explains your existing discharge paperwork in simpler terms. Always call 911 in an emergency. Always follow up with your healthcare provider as directed in your discharge instructions.
Changes to This Policy
If we make material changes to this privacy policy, we will update the "Last updated" date above. We encourage you to review this policy periodically.
Contact
If you have questions about this privacy policy, how MyDischarge handles your health data, or wish to exercise any privacy rights, contact us at privacy@mydischarge.org.