Last updated: April 25, 2026
Account data: Your email address (used for authentication via magic link or Google OAuth).
API keys: Encrypted at rest with AES-256-GCM. Keys are only decrypted server-side at the moment of an API call and are never logged, stored in plaintext, or shared.
Usage data: We log the diagnosis searched, AI provider used, model name, and response latency for each workup. This helps us improve the service and detect abuse. We do not log the full AI response.
We use your data solely to: (a) authenticate you, (b) proxy your AI requests using your encrypted keys, (c) display your workup history, and (d) generate aggregate analytics (total workups, active users, popular diagnoses) to improve the service.
EmergencyRx integrates with:
Supabase — database and authentication (your data is stored in Supabase's infrastructure).
AI providers (Groq, Google, Anthropic, OpenAI) — your diagnosis text is sent to the provider you select, using your API key. Each provider has its own privacy policy.
PubMed / NCBI E-utilities — we search PubMed for relevant guidelines. No personal data is sent to PubMed.
Vercel — hosting and deployment.
Account data and encrypted API keys are retained until you delete your account. Workup logs are retained for analytics and may be purged periodically.
API keys are encrypted with AES-256-GCM before storage. All traffic is served over HTTPS. Row-level security in our database ensures users can only access their own data.
You may request deletion of your account and associated data at any time by emailing us. You can delete individual API keys from the app at any time.
EmergencyRx is not intended for users under 18.
We may update this policy at any time. We will notify users of material changes via email.
Questions? Email contact@emergencyrx.org.