Privacy & Transparency
How MedRM handles your data and your rights as a user.
Your Rights
Depending on where you live, you may have the following rights regarding your personal data:
How to Submit a Request
Most actions, including exporting your data, editing your profile, and deleting your account, are available directly in Account Settings.
For any other request, email [email protected]. Include your name and the email address associated with your account. I respond to all requests personally.
Response Timeframes
MedRM processes all data requests in accordance with applicable law:
What Data MedRM Collects
• Profile information you provide (name, role, specialty, preferences, bio).
• Trip details you enter (location, dates, budget, housing preferences).
• Match and roommate activity (requests sent, received, accepted, declined).
• Affiliate and service link clicks (which links, which page, timestamp), used to improve recommendations.
• Activity signals (last profile update) used to manage platform health. Never shared externally.
What MedRM Does Not Do
• MedRM does not sell your personal information to third parties.
• MedRM does not share your contact information without your consent.
• MedRM does not use your data to serve third-party advertising.
• Affiliate relationships never influence which matches you are shown.
Legal Basis for Processing (GDPR)
For users in the EU, EEA, and UK, MedRM processes personal data under the following legal bases:
• Contract performance, processing needed to provide the roommate matching service you signed up for.
• Legitimate interests, platform safety, fraud prevention, and improving the service.
• Consent, where you have explicitly opted in (e.g., email notifications).
Special category data (sex): Sex is a special category of personal data under GDPR Article 9. MedRM collects it solely to support sex-based roommate preference filtering. It is processed under your explicit consent (Art. 9(2)(a)) given at signup. You may withdraw this consent at any time by deleting your account or contacting [email protected].
You have the right to lodge a complaint with your local supervisory authority if you believe your data has been processed unlawfully.
Data Processing Agreements (DPAs)
MedRM uses the following sub-processors to operate the platform. Where required under GDPR or other applicable law, Data Processing Agreements are in place with each:
• Supabase, database, authentication, and storage infrastructure. Supabase's DPA is available at supabase.com/privacy. User account, profile, trip, and match data is stored on Supabase infrastructure.
• Resend, transactional email delivery. Resend's DPA is available at resend.com/legal/dpa. Email addresses and notification content are shared with Resend solely to deliver emails to you.
• Vercel, application hosting and edge network. Vercel's DPA is available at vercel.com/legal/dpa.
These sub-processors are only permitted to process your data as directed by MedRM and for no other purpose.
Contact
For any privacy-related questions or requests, email [email protected].