Privacy Policy

Protecting Your Data & Trust

Learn how we collect, use, and protect personal information while helping you navigate medical care abroad with confidence.

Last updated: October 31, 2025

Introduction

Medical Tourism Chat ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you interact with our website, AI assistants, and concierge services (collectively, the "Services").

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use. This policy was last updated on October 31, 2025.

Information We Collect

We collect personal information from three primary sources: information you provide directly, information collected automatically, and information received from partners or public sources.

Information You Provide

  • Chat interactions, including details about medical interests, destinations, budget, travel preferences, and email or name submissions during the flow.
  • Contact details, such as name, email address, and the message you submit through our contact forms or concierge intake surveys.
  • Business or partnership inquiries shared with our team through email or scheduling tools.

Information Collected Automatically

  • Usage data about how you interact with the Services, including timestamps, pages viewed, referral URLs, device type, and browser characteristics.
  • Approximate location and airport personalization data derived from your IP address via IPAPI when you access the Irish-tourists experience (only when required to suggest relevant airports).
  • Analytics data captured through Emerald Traffic Platform scripts, Google Analytics/gtag events, and similar measurement tools to understand performance and improve user experience.
  • Log files and diagnostic information for security monitoring, abuse prevention, and service reliability.

Information From Partners

  • Limited confirmation data from travel or medical partners when you choose to move forward with a referral (e.g., whether a booking or consultation was scheduled).
  • Publicly available data used to enrich country or destination recommendations, such as currency, visa requirements, or accreditation status.

How We Use Personal Information

We process personal information to:

  • Provide, personalize, and improve the Services, including AI-generated recommendations and concierge follow-up.
  • Understand user needs and develop new features or service enhancements.
  • Facilitate requested introductions to accredited hospitals, clinics, or travel partners such as Expedia™.
  • Send administrative or service-related communications, including responses to inquiries or booking logistics.
  • Monitor and protect the security, integrity, and availability of the Services.
  • Comply with legal obligations and enforce our Terms of Service.

Legal Bases for Processing (EEA & UK Users)

If you are located in the European Economic Area or United Kingdom, we rely on the following legal bases to process personal information:

  • Performance of a contract, when providing requested planning assistance or concierge services.
  • Legitimate interests, such as improving the Services, ensuring security, preventing abuse, and understanding usage trends.
  • Compliance with legal obligations, including responding to lawful requests from authorities.
  • Consent, when we rely on analytics cookies, marketing communications, or optional personalizations that require your permission. You may withdraw consent at any time.

How We Share Information

We share personal information with trusted providers only as necessary to deliver the Services or comply with law:

  • Supabase, for secure storage of trip states, chat transcripts, and backend analytics.
  • OpenRouter, to generate AI responses using hosted large language models.
  • Expedia™, when you choose to explore bundled flight and hotel options through our affiliate links (we may receive referral commissions).
  • IPAPI, solely to estimate location within Ireland for airport personalization in the Irish-tourists flow.
  • Emerald Traffic Platform, Google Analytics, and similar analytics providers, to understand aggregated traffic and engagement.
  • Cloud hosting, security, and compliance vendors who support infrastructure operations and are bound by contractual confidentiality obligations.
  • Regulators, law enforcement, or advisors when required to comply with legal obligations, enforce our agreements, or defend legal claims.

We do not sell personal information for monetary consideration. We also do not provide direct API integrations to other flight or hotel marketplaces beyond the Expedia affiliate relationship described above.

International Data Transfers

We operate globally, and personal information may be transferred to servers in the United States and other locations where our service providers operate. When data is transferred from the European Economic Area, United Kingdom, or Switzerland to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses or comparable contractual protections.

Data Retention

We retain personal information for as long as reasonably necessary to deliver the Services, meet our contractual and legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on the nature of the data and the purpose for which it was collected. When data is no longer needed, we anonymize or securely delete it.

Your Choices & Rights

Depending on your location, you may have rights over your personal information, including the right to access, correct, update, delete, or restrict use of your data. You may also request data portability or object to certain processing, including profiling or direct marketing.

Users in the European Economic Area, United Kingdom, Switzerland, and California may exercise additional statutory rights. To submit a request, contact us at privacy@medicaltourismchat.com.

We may need to verify your identity before fulfilling certain requests. If you are dissatisfied with our response, you may lodge a complaint with your local supervisory authority.

Cookies & Similar Technologies

We use cookies and similar technologies to remember preferences, maintain session state, measure engagement, and support marketing campaigns. You can adjust browser settings to block or delete cookies. Some features may not function correctly without cookies.

Where required by law, we obtain your consent before storing non-essential cookies. You may withdraw or modify your consent at any time through browser controls or in-product settings when available.

Security

We implement technical and organizational safeguards designed to protect personal information, including encryption in transit, access controls, logging, and regular security reviews. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Children's Privacy

The Services are intended for adults and are not directed to children under 18. We do not knowingly collect personal information from children. If we learn that a child has provided personal information, we will delete it promptly. If you believe we may have collected a child's data, contact us using the details below.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in technology, applicable laws, or business practices. We will revise the "Last updated" date at the top of the policy and, when appropriate, provide additional notice. Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.

Contact Us

For privacy questions, concerns, or requests, contact us at privacy@medicaltourismchat.com.

You may also reach our concierge team at hello@medicaltourismchat.com for general support.