Privacy Policy
Last updated: July 4, 2026
Mappie was built on a simple idea. Your health information belongs to you, and nobody should have to trade their privacy to get a clear picture of their own medical history. So we built Mappie to store as little as physically possible. Here is exactly how it works, in plain language.
Our promise
- We do not have a database of your medical records. We never build one.
- We do not sell your data. Not to advertisers, not to data brokers, not to anyone.
- We do not run ads or third party advertising trackers.
- You are the patient, not the product.
What happens to your files
When you upload a document, it is read and converted to text inside your own browser, on your device. Your original files (the PDFs, photos, and scans) never leave your browser and are never uploaded to us. We never see them, and we cannot see them.
To build your summary, only the extracted text is sent over an encrypted connection to our AI provider, Anthropic, which reads it and returns the structured summary. That text passes through our processing function in memory only. We do not save it, and we do not log it.
Your text is not used to train AI models.
What we do collect
We try to collect almost nothing. If you buy a report export, we store the minimum needed to run a fair payment system:
- A scrambled (hashed) access key that represents your prepaid export. It contains no personal or health information.
- Your remaining export balance.
- Your email address, only if you provide it at checkout for a receipt. It is never required to use the tool.
Payments are handled by Stripe. Your card details go directly to Stripe and never touch our systems. Our site runs on Cloudflare, which provides hosting and cookieless, privacy-friendly analytics.
We do not collect your name, your diagnoses, or any content from your records. There is nothing in our systems that ties a person to their health data, because we do not keep the health data.
How long we keep things
- Health data: we keep none, so there is nothing to retain.
- Payment records: we keep a basic purchase record (amount, date, and the hashed key) for accounting and support, as required by law.
- Email: if you gave us one, you can ask us to delete it at any time.
Security
Everything runs over HTTPS. Because we do not store your records, there is no medical database for anyone to breach.
Your choices
You can use Mappie without giving us any personal information at all. If you shared an email, you can ask us to delete it, or ask what we hold, by writing to maz866@g.harvard.edu. We will respond within a reasonable time.
Children
Mappie is not intended for use by children under 13, and we do not knowingly collect their information. A parent or legal guardian may use Mappie to manage a child's records.
Changes to this policy
If we change how any of this works, we will update this page and the date at the top. If a change is significant, we will make a clear effort to tell you.
Contact
Questions about privacy? Email maz866@g.harvard.edu. A real person will read it.