MedVault
Privacy policy
MedVault helps you keep your medical history in one place, understand it, and share it on your terms. This policy explains, in plain language, what we collect, how we protect it, and the choices that stay in your hands. The short version: your information is stored only in Australia, your private notes are encrypted so only you can read them, and nothing — including our AI features — happens with your data until you ask for it.
Last updated: 14 June 2026
1. Who we are and how to reach us
MedVault is a medical-records app made by Studio Parallel, an Australian software studio. We built MedVault first for the ME/CFS community, and we are extending it to support NDIS participants.
The organisation responsible for your personal information is Studio Parallel Technology (ABN 97 500 571 232). We treat your health information as some of the most sensitive information there is, and we handle it under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.
You can reach our privacy contact at any time at team@studioparallel.com.au. This is also the address for any privacy questions or complaints.
You must be 18 or older to use MedVault. The app is intended for adults, and is not designed for use by anyone under 18.
2. What information we collect
We only collect what you give us, and what the app needs to work. You choose what to add, and you can add as little or as much as you like.
Your account
To create and secure your account, we collect your email address and your sign-in details, including your password and your two-factor authentication. How your password is handled is explained in the sections below.
Your health records and documents
When you choose to, you can add your medical information to MedVault. This includes the structured details you enter — such as your medical history, medications, doses and dates — the free-text notes you write, and any medical documents you upload for the app to read.
Health information is treated as "sensitive information" under Australian privacy law. We collect it only with your consent, when you choose to add it.
3. How we use your information
We use your information for one purpose: to provide the features you ask for. That includes storing your records, reading documents you upload, helping you fill in medical forms, and creating plain-language summaries when you choose to generate them.
We do not use your health information for anything you have not asked for. MedVault does not use product analytics or advertising trackers, and we never sell your information.
4. How we protect your information
Protecting your information is the core of how MedVault is built. Here is what that means in practice.
Everything stays in Australia
Your information is stored and processed in Sydney, on Amazon Web Services (AWS, in the ap-southeast-2 region). That includes our database, sign-in, file storage and AI processing. Your personal information is not sent or disclosed overseas.
Your private notes are encrypted so only you can read them
The free-text notes you write are encrypted on your own device — using a key created from your account password — before they are ever stored. Because of this, we cannot read your notes.
Your other details are encrypted and access-controlled
The structured details you enter, such as a medication name, dose or date, are kept in our secured Australian database. They are encrypted at rest, and protected by strict per-user access controls so that you, and only you, can reach your own records.
Extra protections
- Two-factor authentication is required on every account, so a password alone is never enough to sign in.
- On supported devices, you can turn on Face ID or Touch ID for quick, secure unlock.
- Access to medical data is recorded in a secure audit log.
- Our logs are kept free of health information. Medical content is never written to our error-reporting or system logs.
5. Our AI features — what they do, and what they don't
MedVault includes AI features that can read a document you upload to pull out structured information, and create plain-language summaries you can share with a specialist.
You are always asked first
Before any AI feature runs, you see exactly what information will be sent, and you confirm before it happens. Nothing the AI produces is saved, exported or shared until you confirm it.
It runs in Australia
Our AI processing runs in Sydney, on AWS Bedrock using Anthropic's Claude model. Your information is not sent overseas for AI processing.
What the AI does not do
- It only restates or summarises the information you give it.
- It does not diagnose, give medical advice, or recommend treatment.
- Your information is never used to train AI models.
6. If you forget your password
Your password is the only key to your encrypted notes. This is what lets us promise that no one but you can read them — and it comes with one important trade-off, which we want to be upfront about.
If you forget your password, your encrypted notes cannot be recovered. Not by you, and not by us. There is no backdoor and no reset that can unlock them. Even if you use Face ID or Touch ID to unlock the app, it is your password that protects your notes.
Because of this, we strongly recommend keeping your password somewhere safe, such as a password manager. We cannot recover your password for you, and we cannot recover the notes it protects.
7. Who else can access your information
We keep the number of companies that can touch your data small, and they are all based in Australia. We use trusted providers (sometimes called sub-processors) to run the app:
- Supabase — provides our database, sign-in and file storage, hosted on AWS in Sydney.
- Amazon Web Services (AWS), including AWS Bedrock — hosts our infrastructure and runs our AI processing, in Sydney.
Your personal information is not sent or disclosed overseas. We do not sell your personal information, and MedVault contains no third-party advertising or ad-tracking.
8. Your rights and choices
Australian privacy law gives you clear rights over your information, and MedVault is built to respect them.
See and correct your information
Most of your information you can view and edit directly in the app at any time. You can also ask us for a copy of the personal information we hold about you, or ask us to correct anything that is wrong, and we will respond within a reasonable time.
Make a complaint
If you are concerned about how we have handled your information, please contact us at team@studioparallel.com.au. We take privacy complaints seriously and will work with you to put things right.
Escalate to the regulator
If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC), the body that oversees privacy in Australia, at www.oaic.gov.au.
9. Keeping and deleting your information
We keep your information for as long as you have an account, so that MedVault works for you. We do not keep your personal information for longer than we need it to provide the app.
If your account is closed, we delete your information as described below. We may keep limited records for a short time where the law requires it, or to deal with a complaint or dispute — and only for as long as that purpose needs.
Deleting your account
You can ask to delete your account at any time. When you do, we permanently delete your account and the medical records, documents and notes you have added. Because your notes are encrypted with a key only you hold, they are already unreadable to us — deleting your account removes them entirely.
Any copies kept in routine backups are removed in the ordinary course, after which your information cannot be recovered, by you or by us.
10. If there is ever a data breach
We work hard to keep your information safe. If a data breach ever happened that was likely to put you at risk of serious harm, we would act under Australia's Notifiable Data Breaches scheme.
That means we would notify you and the Office of the Australian Information Commissioner (OAIC) as the law requires, explain what happened, and tell you the steps you can take.
11. Changes to this policy
We may update this policy as MedVault grows — for example, as we extend the app to support NDIS participants. If we make an important change, we will update the date below and, where appropriate, let you know in the app.
This policy is effective 14 June 2026.
12. Contact us
If you have any questions about this policy or your information, we are here to help.
- Responsible organisation: Studio Parallel Technology (ABN 97 500 571 232)
- Email: team@studioparallel.com.au