● MedRM CLINICAL v2.1 BACK TO HOME

Privacy & Transparency

How MedRM handles your data and your rights as a user.

Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

AccessRequest a copy of the personal data MedRM holds about you.
CorrectionAsk us to correct inaccurate or incomplete information.
DeletionRequest that your account and associated data be permanently deleted.
Export / PortabilityReceive your data in a portable format (available directly in Account Settings).
Opt-outOpt out of any sale or sharing of personal information. MedRM does not sell your data.
Non-discriminationExercising your privacy rights will never affect your access to MedRM.

How to Submit a Request

Most actions, including exporting your data, editing your profile, and deleting your account, are available directly in Account Settings.

For any other request, email [email protected]. Include your name and the email address associated with your account. I respond to all requests personally.

Response Timeframes

MedRM processes all data requests in accordance with applicable law:

CCPA (California)Response within 45 days; extendable by 45 days with notice.
GDPR (EU / EEA / UK)Response within 30 days; extendable by 2 months for complex requests.
LGPD (Brazil)Response within 15 days.
PIPEDA (Canada)Response within 30 days; extendable with notice.
All other regionsBest effort within 30 days.

What Data MedRM Collects

• Profile information you provide (name, role, specialty, preferences, bio).

• Trip details you enter (location, dates, budget, housing preferences).

• Match and roommate activity (requests sent, received, accepted, declined).

• Affiliate and service link clicks (which links, which page, timestamp), used to improve recommendations.

• Activity signals (last profile update) used to manage platform health. Never shared externally.

What MedRM Does Not Do

• MedRM does not sell your personal information to third parties.

• MedRM does not share your contact information without your consent.

• MedRM does not use your data to serve third-party advertising.

• Affiliate relationships never influence which matches you are shown.

Legal Basis for Processing (GDPR)

For users in the EU, EEA, and UK, MedRM processes personal data under the following legal bases:

Contract performance, processing needed to provide the roommate matching service you signed up for.

Legitimate interests, platform safety, fraud prevention, and improving the service.

Consent, where you have explicitly opted in (e.g., email notifications).

Special category data (sex): Sex is a special category of personal data under GDPR Article 9. MedRM collects it solely to support sex-based roommate preference filtering. It is processed under your explicit consent (Art. 9(2)(a)) given at signup. You may withdraw this consent at any time by deleting your account or contacting [email protected].

You have the right to lodge a complaint with your local supervisory authority if you believe your data has been processed unlawfully.

Data Processing Agreements (DPAs)

MedRM uses the following sub-processors to operate the platform. Where required under GDPR or other applicable law, Data Processing Agreements are in place with each:

Supabase, database, authentication, and storage infrastructure. Supabase's DPA is available at supabase.com/privacy. User account, profile, trip, and match data is stored on Supabase infrastructure.

Resend, transactional email delivery. Resend's DPA is available at resend.com/legal/dpa. Email addresses and notification content are shared with Resend solely to deliver emails to you.

Vercel, application hosting and edge network. Vercel's DPA is available at vercel.com/legal/dpa.

These sub-processors are only permitted to process your data as directed by MedRM and for no other purpose.

Contact

For any privacy-related questions or requests, email [email protected].