Privacy Policy medcast.media

Medcast Media ("we", "us", or "our") is a service provided by Medcast Media Pty Ltd (located at Level 34, 100 Miller Street, North Sydney, NSW 2060, Australia). Medcast Media delivers AI-driven audio synopses of medical research and news to our users. We are committed to protecting your privacy and handling your personal information in an open and transparent way. This Privacy Policy explains what information we collect, how we use and protect it, and your rights regarding your data. By using the Medcast Media app or website, you agree to the terms of this Privacy Policy.

Data Collection

We only collect personal information that is necessary to provide our services and personalise your experience. The information we collect includes:

• Contact Information: Your email address, first name, and last name.
• Interests: Topics or categories you flag or select as interests, which help us tailor your content feed to what is relevant for you.
• Payment Information: If you are a paying subscriber (e.g., on our AUD $8 per month plan), you will provide payment details. Medcast Media itself does not store your full credit card information on our servers.
• Account Access Key (for Sponsored Users): If you are accessing Medcast Media via a sponsorship, we may collect an access key or code associated with that sponsorship to validate your access.

We do not collect any unnecessary personal data. For example, we do not collect sensitive information such as your health records, financial details, or government identifiers, unless it becomes essential for providing the service (in which case we would explicitly inform you and obtain consent as required).

How We Use Your Information

Medcast Media uses the collected information solely for purposes of providing and improving our services. This includes:

• Providing the Service: Using your email and access credentials to create and manage your account, authenticate you, and provide you with the Medcast Media audio synopsis service (including customer support if needed).
• Personalising Content: Using your provided name and indicated interests to personalise the audio content and news feed you receive. This helps us show you relevant synopses and recommendations.
• Communication: Sending you service-related notifications, updates about new features or content in your interest areas, and administrative messages (such as subscription confirmations, billing receipts, or important policy updates). We may also send you newsletters if you have subscribed to them, but you can opt out of marketing emails at any time.
• Sponsored Access Verification: If you use an access key from a sponsor, we use that key to verify your eligibility with the sponsoring organisation (for example, confirming that your access key is valid and has been provided by the sponsor for your use).
• Improvement and Analytics: Internally analysing usage patterns and user feedback to improve our app's content, user interface, and features. Any analytics are performed in aggregate where possible, and personal identifiers are minimised or removed when analysing trends.

We do not use your personal information for any purposes unrelated to the above without your consent. Specifically, we do not sell your personal data to third-party marketers or use it for automated decision-making or profiling beyond what is necessary to deliver the personalised content feed you expect from Medcast Media.

Data Sharing and Disclosure

We value your privacy and do not share your personal data with third parties except in the limited circumstances described below:

• Sponsorship Verification: If your subscription to Medcast Media is sponsored by a third party (such as a pharmaceutical company), we may need to communicate with that sponsor to verify that your access key or account is valid under their sponsorship program. In doing so, we limit the information shared to the minimum necessary (for example, confirming that a particular access key or code has been used and is valid). We do not provide the sponsor with your personal details beyond what they already provided or expect, unless you have given explicit consent.
• Service Providers: We may use trusted third-party service providers to help us operate the Medcast Media service (for example, cloud hosting providers, payment processors, email delivery services, or customer support tools). These providers may process personal data on our behalf solely for the purpose of assisting us in delivering the service. We ensure any such partners are bound by strict confidentiality and data protection obligations, and they are not permitted to use your information for their own purposes.
• Audits and Compliance: We may allow authorised third-party auditors or consultants to access necessary information for the purpose of performing security audits or privacy compliance assessments. These audits help ensure we meet regulatory requirements (such as the Australian Privacy Principles and GDPR) and maintain high standards of data protection. Any third parties involved in such audits are required to keep all information confidential and use it only for the audit purposes.
• Legal Requirements: We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government directive). We may also disclose information when we believe in good faith that it is necessary to comply with a legal obligation, protect our rights or property, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our business, user information (which may include personal data) could be among the assets transferred. Should such an event occur, we will ensure that the successor entity is bound by privacy obligations equivalent to those described in this policy, and we will notify you of any changes to how your data is handled.

Importantly, we do not sell or rent your personal information to any third parties for their marketing or other independent uses. Any third parties that receive access to your data as part of providing Medcast Media's services or verifying sponsorship are limited in how they can use it and must protect it.

Data Storage and International Transfer

Medcast Media stores and processes user data on secure servers. Currently, our primary data storage is located in Australia, using Amazon Web Services (AWS) infrastructure in Australian data centers. This means your personal information is initially collected and held in Australia.

In the future, as our user base grows or our operational needs change, we may expand our infrastructure to other regions such as the United States or Europe. If we transfer or store your data in other countries, we will ensure that:

• The overseas data storage or transfer is done in compliance with applicable laws. For example, if we transfer personal data from Australia to another country, we will follow the requirements of the Australian Privacy Act 1988 (Cth) and Australian Privacy Principles regarding cross-border disclosure of personal information.
• For transfers involving European users' data, we will comply with the EU General Data Protection Regulation (GDPR) requirements for international data transfers. This may include using safeguards such as Standard Contractual Clauses or ensuring the recipient country has an adequacy decision from the European Commission.
• The level of protection given to your personal information will be equivalent to that provided under Australian law and this Privacy Policy, regardless of where it is stored or processed. We will take reasonable steps to ensure any overseas recipient of personal data will handle it in a manner consistent with our obligations and this policy.

All information is stored on AWS or other reputable cloud services that implement strong security measures. AWS data centers are certified for industry-standard security and compliance (such as ISO 27001 and SOC 2), providing a high level of protection for stored data.

Security Measures

We take data security seriously and have implemented a range of measures to protect your personal information from unauthorised access, loss, misuse, or alteration. These measures include:

• Encryption: Sensitive data (like passwords and personal details) is encrypted both in transit (using SSL/TLS when you interact with our app or website) and at rest in our databases.
• Access Controls: Our team members and any authorised contractors can only access personal data on a need-to-know basis. We employ strict access controls, authentication procedures, and role-based permissions to prevent unauthorised access within our organisation.
• Cybersecurity Monitoring: We utilise cybersecurity tools and monitoring systems to detect and respond to unusual activities or potential threats on our platform. Regular security audits and penetration testing are conducted to identify and fix vulnerabilities.
• Secure Development Practices: Our application is developed following security best practices. We keep our software and third-party libraries up to date to protect against known vulnerabilities, and we use secure coding standards to prevent issues like SQL injection or cross-site scripting.
• Incident Response: In the unlikely event of a data breach or security incident, we have a detailed response plan in place. This includes notifying affected users and relevant authorities as required by law, and taking immediate steps to contain and remedy the issue.

While we strive to protect your information, please note that no method of transmission over the internet or electronic storage is 100% secure. However, we continuously update and improve our security practices to meet or exceed industry standards and to adapt to new threats.

Compliance with Privacy Laws

Medcast Media is an Australian-based service and complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). These principles govern how we collect, use, store, and disclose personal information, and we adhere to them fully. In practice, this means we handle your personal data in an open and transparent way, use it only for legitimate purposes as described in this policy, and give you access to and control over your information.

If our services are used by individuals in the European Union or if we otherwise become subject to the General Data Protection Regulation (GDPR), we also comply with the GDPR's requirements. This includes respecting the legal bases for processing personal data (such as obtaining your consent when required, or relying on our legitimate interests to provide the service), and honoring the rights granted to EU data subjects under the GDPR.

Key privacy principles we follow include:

• Transparency: We maintain clear policies (like this Privacy Policy) about how we handle personal data and who to contact with questions or concerns.
• Data Minimisation: We limit the personal information we collect to only what is necessary for the purposes outlined. We also keep data only as long as needed (see "Data Retention" below).
• Security: As noted above, we apply appropriate technical and organisational security measures to safeguard data.
• Accountability: We are responsible for the personal information we hold. We have appointed a Privacy Officer to oversee compliance and to address any privacy-related issues promptly. We also conduct periodic reviews of our privacy practices.

We uphold obligations such as notifying you and regulators of certain data breaches if they occur, in line with the Australian Notifiable Data Breaches scheme and the GDPR's breach notification requirements. We also commit to resolving any complaints or issues in accordance with the procedures set out by the APPs and GDPR.

Your Privacy Rights

We believe in giving users control over their personal information. Subject to applicable law, you have several rights regarding the personal data we hold about you. These include:

• Access and Correction: You have the right to request a copy of the personal information we hold about you. We will provide this information within a reasonable time. If any of your personal details are incorrect or have changed (for example, you have a new email address), you can update them in your account settings or contact us to correct the information. We encourage you to keep your information up to date.
• Deletion (Right to be Forgotten): You can request that we delete your personal data. This is sometimes called the "right to be forgotten" under GDPR. Upon your request, we will erase your personal information from our active systems, provided we do not have a legal obligation or other overriding reason to keep it (such as completing a transaction you requested, or complying with a court order). Note that removal from backups will occur in the normal course of our backup cycle.
• Withdrawal of Consent: If we are processing your personal information based on your consent (for instance, if you opted in to receive a newsletter or optional feature), you have the right to withdraw your consent at any time. Withdrawing consent will not affect the legality of any processing we conducted prior to your withdrawal, and it may prevent us from providing certain services if those services rely on your consent.
• Data Portability: To the extent applicable (primarily for users under GDPR jurisdiction), you can request a copy of the personal data you have directly provided to us in a structured, commonly used, machine-readable format. This allows you to transfer your data to another service if needed.
• Object or Restrict Processing: You may have the right to object to certain processing activities or request that we limit how we use your data. For example, you can ask us to stop using your data for direct marketing, or completely stop any processing if you believe we have no legal right to continue using it. We will honor such requests in accordance with applicable laws.
• Lodging a Complaint: If you believe that we have breached your privacy rights or handled your personal information improperly, you have the right to complain. We encourage you to contact us first so we can address your concerns. However, under Australian law you can also lodge a complaint with the Office of the Australian Information Commissioner (OAIC), and under GDPR you can reach out to your local data protection authority. We will provide assistance in directing you to the appropriate authority if needed.

To exercise any of these rights, please contact us using the contact details provided in the Contact Us section below. We will respond to your requests in accordance with applicable law (typically within 30 days). Please note that to protect your privacy, we might ask you to verify your identity before fulfilling certain requests (especially for access or deletion requests).

Data Retention

We retain personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or as required for legal and operational reasons. In practice:

• Active Accounts: If you have an active Medcast Media account, we will retain your information for as long as your account is active so that we can provide you with the service.
• Inactive Accounts: If you cease using Medcast Media (for example, your subscription ends and is not renewed, or your sponsored access expires), we may retain your information for a reasonable period in case you return or to maintain records of your transactions. We periodically review the data we hold, and if we identify accounts that have been inactive for an extended period, we may delete or anonymise the personal data associated with those accounts.
• Deletion Requests: As noted above, if you request deletion of your data, we will process that request promptly (after verifying your identity and entitlement to the account). We will also inform third parties who have received your data (if any, and if required by law) of your deletion request so they can also erase your information from their records.
• Legal Obligations and Disputes: We may retain certain information for longer periods if necessary to comply with our legal obligations (for example, keeping transaction records for tax or accounting purposes) or to resolve disputes and enforce our agreements. During such retention, your data will continue to be protected under the terms of this Privacy Policy and will be access-restricted to only fulfill the stated obligation.

When we no longer need personal data for any of the above purposes, we will securely delete it or irreversibly anonymise it so that it can no longer be associated with you.

Cookies and Tracking Technologies

Our website and application may use cookies and similar tracking technologies to enhance your experience, gather usage data, and improve our services:

• Cookies: Cookies are small data files placed on your device or browser when you visit our website. We may use cookies to remember your login session (so you don't have to re-enter your credentials on every visit), to collect web analytics information (via tools like Google Analytics) about how users interact with our site, and to understand user preferences. You can set your browser to refuse some or all cookies or to alert you when cookies are being used. However, please note that if you disable or refuse cookies, some parts of our service (especially web-based features) might not function properly.
• Analytics: We may use third-party analytics providers that utilise cookies or other identifiers to help us analyse usage of the Medcast Media app and website. This information, which can include your IP address, device type, and browsing actions, helps us understand our audience and improve the content and user experience. Analytics data is generally aggregated and does not directly identify individual users. We will not allow analytics companies to use your data for purposes beyond providing services to us, and where required by law or regulations, we will obtain your consent for the use of analytics cookies.
• Tracking Pixels and SDKs: In our email communications or within the mobile app, we might use tracking pixels (tiny graphic images) or software development kits (SDKs) to know if you've opened an email, tapped on certain content, or used specific app features. This helps us gauge engagement with our content and refine our offerings. We will only use these tools in accordance with applicable privacy laws, and where required, we will obtain your consent before enabling such tracking technologies.

We are transparent about our use of cookies and tracking. When you first use our services, particularly in jurisdictions that require it (like the EU), we will present you with a cookie notice or consent option. You will have the choice to accept or decline non-essential cookies. You can also adjust your preferences later by changing your browser settings or in-app settings, if available.

For more detailed information, you can refer to our Cookies Policy (if we have a separate one) or contact us with any questions about the specific cookies and trackers we employ.

Copyright and Content Usage

Medcast Media is committed to copyright compliance in all the content we deliver. Our service provides summaries (audio synopses) of research papers, articles, and news, and we ensure that we respect the intellectual property rights of the original content creators:

• Limited Excerpts: We do not copy or reproduce substantial portions of any single source. In fact, our synopses use only a small excerpt or key points from source material — generally well under 5% of the original content. This limitation ensures our use qualifies as fair use or fair dealing (as applicable by jurisdiction) and that we do not substitute for the original sources.
• Original Summaries: The majority of each synopsis is original content generated by our AI and editorial team. We digest the findings or news from the source and then present it in a new form (an audio summary with supporting text) using our own words and structure. This transformative use adds value and understanding without copying the source verbatim.
• Source Acknowledgment: We always acknowledge and credit the sources of our content. Each synopsis includes the title or reference of the original article or study and often a link to the original source material. This allows users to refer to the full content if they wish to learn more, and it gives proper attribution to the original authors and publishers.
• Copyright Policy Document: We maintain a detailed Copyright Policy document that further explains our content sourcing practices, our adherence to copyright laws, and the measures we take to avoid infringement. Users or content owners can request a copy of this document for more information.
• Handling Copyright Concerns: If you believe that any content on Medcast Media infringes on your copyright or is used improperly, please contact us immediately (see the Contact Us section below). We will promptly investigate your claim and, if necessary, remove or modify any content that may be in violation. We are committed to cooperating with rights holders and resolving copyright issues swiftly and fairly.

By taking these steps, Medcast Media seeks to provide valuable summaries to users without unfairly exploiting any source material, thus maintaining a balance between information sharing and respect for creators' rights.

Children's Privacy

Medcast Media is intended for adult users such as healthcare professionals or individuals interested in medical news. It is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16 years old. If you are under 16, please do not use Medcast Media or provide any personal information. If we become aware that we have inadvertently gathered personal data from a child under 16, we will take steps to delete such information as soon as possible.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will revise the "Last Updated" date at the top of this policy. If the changes are significant, we may also provide a more prominent notice – such as an email notification or an in-app alert – before the change becomes effective.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Medcast Media after any changes to the Privacy Policy will signify your acceptance of the updated terms, unless applicable law requires explicit consent, in which case we will obtain such consent from you.

Contact Us

Your privacy is important to us. If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal information is handled, please contact us:

We will respond to your inquiry as soon as possible, and no later than required by applicable law. If you contact us with a privacy complaint, we will review your complaint and reply within a reasonable timeframe, outlining the steps we will take to address your concerns. We are committed to resolving any privacy issues in a fair and effective manner.

End of Privacy Policy