Med Concierge Privacy Policy

Effective Date: May 7th 2026

Last Updated: May 7th 2026

1. Introduction

Med Concierge is a DBA of 1 World Insurance LLC (NPN: 20116201), a licensed insurance agency operating the Med Concierge mobile application and the website at medconcierge.com. We are a Medicare concierge service that helps members access their plan benefits, find in-network providers, manage medications, book transportation, prepare for doctor visits, decode lab results, and connect with their assigned licensed insurance agent.

This Privacy Policy explains what information we hold about you, where we got it, how we use it, with whom we share it, and the choices you have.

By using the App or visiting our website, you agree to the practices described in this Privacy Policy.

2. Information We Have About You

2.1 Information Provided at Enrollment by Your Licensed Agent

Before you installed the App, your licensed agent recorded the following information in our agent-of-record customer-relationship-management system (Zoho CRM) as part of the standard Medicare enrollment process:

  • Your name, date of birth, mailing address (including ZIP code), phone number, and email address
  • Medicare Beneficiary Identifier (MBI) or Medicare ID number
  • Plan elections and policy details
  • Medications you disclosed during enrollment
  • Your primary-care physician and any other physicians you named
  • Scope of Appointment documentation
  • Social Security Number, used solely to complete insurance enrollment applications

This information was not collected by the App. It is already stored in our agent-of-record system, and the App retrieves it so you can view and use it on your phone. To request correction of any of this information, contact your assigned agent or email support@medconcierge.com (HIPAA §164.526 Right to Amendment). Amendments to your profile are made in Zoho, which is the source of record.

2.2 Information You Provide Through the App

When you actively use the App, you may provide:

  • Your phone number (to receive a one-time passcode at sign-in)
  • Medication reminders you add, the schedule you set, and each dose you log, snooze, or dismiss
  • Voice questions you speak to the assistant
  • Audio of voice calls placed or received through the App between you and your Med Concierge concierge agent (see Section 6)
  • Transportation pickup and dropoff addresses, ride date/time, and reason for the ride
  • Appointment-request details: doctor name, preferred date and time, reason for visit, and location
  • Visit-preparation inputs: specialty of the upcoming visit and any optional reason
  • Photos of lab reports or After-Visit Summaries submitted to the Decode Results feature
  • Health screening and social-needs (SDoH) screening answers
  • Communication-preference toggles
  • Callback-request topics (when you tap “Call Us”)
  • Caregiver invitations you send

2.3 Information Automatically Collected

  • Device information: device type, operating system, app version, unique device identifiers
  • Usage data: features accessed, screens viewed, session duration
  • Push notification tokens (required to deliver reminders)
  • Log data: IP address, access times, browser type (website only), URLs visited (website only)
  • Cookies and similar technologies on the website only; we do not use cookies or tracking technologies inside the mobile App for advertising or cross-site tracking

We do not request or collect GPS, Wi-Fi, or Bluetooth-based device location. Geographic relevance for pharmacy and provider search is derived server-side from the ZIP code stored in your profile (see Section 12).

2.4 Information from Third-Party Sources

  • Zoho CRM (HIPAA Business Associate) — our agent-of-record system and the source of record for your profile data listed in Section 2.1. Zoho is bound by a Business Associate Agreement with Med Concierge under HIPAA §164.504(e).
  • Centers for Medicare & Medicaid Services (CMS) — public Medicare plan benefit data used to display your coverage details. Use of CMS data is governed by CMS data-use terms. Med Concierge is not affiliated with or endorsed by CMS.
  • Insurance Carriers — enrollment verification, plan servicing, formulary data, and provider directories specific to your plan.

3. How We Use Your Information

We use the information described above to:

  • Display your plan benefits, copays, formulary tier information, and cost estimates
  • Search for in-network providers and pharmacies near your ZIP code
  • Facilitate transportation bookings and doctor-appointment requests
  • Send medication reminders, refill alerts, and adherence check-ins
  • Generate tailored pre-visit question lists (Visit Prep)
  • Interpret lab reports and After-Visit Summaries you submit to the Decode Results feature
  • Route you to your assigned licensed insurance agent
  • Process enrollment, plan changes, and Scope of Appointment documentation
  • Send service communications (not marketing)
  • Improve the App, monitor for security and fraud, and comply with applicable legal obligations

4. AI-Assisted Benefits Processing

We use artificial intelligence provided by Anthropic (Claude AI) to extract and interpret benefit information from insurance carrier Summary of Benefits documents. AI-assisted processing is used solely to extract and organize plan benefit data — it does not make coverage decisions, deny claims, or determine your eligibility for any benefit.

When our primary AI provider is unavailable, we may use Google Gemini as a fallback for the same purpose. Both providers receive queries that have been scrubbed of direct identifiers (phone numbers, email addresses, street addresses, Medicare IDs) before transmission.

Our AI providers do not retain your queries for model training purposes.

5. Photo-Based Lab and After-Visit Summary Decoding

Med Concierge offers an optional feature that lets you take a photo of a paper lab report or After-Visit Summary with your device camera. The photo is sent securely to our AI assistant (Anthropic) for the sole purpose of interpreting the document and translating the results into plain English.

  • We request camera access only when you tap Decode Results. We do not request photo-library access at any time.
  • The original photo is not stored on your device after upload and is not retained on our servers. We keep only a one-way cryptographic hash of the photo so we can recognize duplicate uploads and avoid re-processing the same image.
  • The decoded output (test names, values, reference ranges, plain-English interpretations, and suggested follow-up questions) is encrypted at rest and retained under the HIPAA six-year schedule in Section 18.
  • Decoded results are educational only and are not a substitute for advice from a licensed healthcare provider. They do not constitute a diagnosis.

6. Voice Calls Between Members and Concierge Agents

The Med Concierge App supports voice calls between members and concierge agents using Voice over Internet Protocol (VoIP) technology. To deliver these calls we require access to your device’s microphone and operate a foreground service that keeps the call connected while the screen is locked, dimmed, or you switch to another app — this is required by Android and iOS for any call-quality VoIP application.

6.1 What We Collect During Calls

When you place or receive a call inside the App, we capture:

  • The audio of the call between you and the concierge agent
  • Your member identifier and the agent’s identifier
  • Call start and end timestamps and call duration
  • Connection-quality metadata (jitter, packet loss, codec, network type)

6.2 Recording and Consent

Calls between members and concierge agents are recorded in full for quality assurance, compliance review, and to support the agent in resolving your request. You will see a “this call may be recorded” disclosure on the in-app incoming-call screen before each call connects, and tapping Answer or initiating an outbound call indicates your consent to the recording. You may decline any call by tapping Decline; declining a call has no effect on your enrollment, your benefits, or your relationship with your assigned agent.

6.3 Storage, Encryption, and Retention

Call audio recordings and call metadata are treated as Protected Health Information (PHI) under HIPAA. They are transmitted over TLS, encrypted at rest with AES-256, and retained for a minimum of six (6) years from the date of the call to meet HIPAA §164.530(j) recordkeeping requirements, after which they are deleted. See Section 18 for the full retention schedule.

6.4 Voice Sub-Processor

Call routing, signaling, audio transport, and recording are processed by Telnyx LLC, our voice infrastructure provider, under a Business Associate Agreement (BAA) that requires HIPAA-compliant handling of call audio and metadata. Telnyx receives only the call audio, the SIP signaling needed to deliver the call, and the call identifiers required to route between you and the agent. Telnyx is contractually prohibited from using call content for any purpose other than delivering the service to Med Concierge.

We do not use call recordings to train AI models, and we do not share call recordings with advertisers or unrelated third parties.

6.5 Microphone and Foreground Service

The microphone is activated only when you have an active or ringing call inside the App, or when you tap the in-app voice-question button. It is released the moment the call ends or the voice query completes; the App never listens passively in the background, and we do not capture audio outside of these moments.

While a call is ringing, connecting, or active, an Android foreground service (with a persistent in-call notification) and an iOS VoIP background mode are used to keep the call alive when the screen is locked or you switch to another app. These are operating-system requirements for any VoIP application and exist solely to keep your call connected; the foreground service is stopped immediately when the call ends.

7. Information Shared with Insurance Carriers

As your licensed agent of record, we share the following with the insurance carrier for enrollment and policy servicing:

  • Name, date of birth, mailing address, phone number, email address
  • Social Security Number (on enrollment applications only)
  • Medicare Beneficiary Identifier and Medicare ID
  • Plan elections and enrollment application forms
  • Scope of Appointment documentation
  • Health-related information (medications, physicians, pharmacy preferences) as needed to complete enrollment and servicing
  • Agency NPN and agency ID

By using the App, you consent to the sharing of this information with the applicable insurance carrier(s). Carriers are covered by HIPAA and their use of your information is governed by their own privacy practices.

8. Third-Party Service Providers

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We engage the following service providers to operate the App and website:

  • Anthropic (Claude AI) — AI interpretation of benefit documents and lab/AVS photos. Business Associate Agreement in place.
  • Google Gemini — secondary AI, used only as a fallback when the primary AI is unavailable.
  • Zoho CRM — agent-of-record CRM and source of record for your profile data (Section 2.1). Business Associate Agreement in place.
  • Twilio — SMS delivery for one-time passcodes, medication reminders, and agent follow-ups. Twilio is contractually prohibited from using your data for any other purpose.
  • Telnyx LLC — voice infrastructure for member↔agent calls, including call signaling, audio transport, and call recording. Business Associate Agreement in place. Telnyx is contractually prohibited from using call audio or metadata for any purpose other than delivering the service to Med Concierge. See Section 6.
  • Expo — push notification delivery.
  • Google Maps Platform — provider and pharmacy mapping from de-identified geographic data.
  • Google Fonts — web fonts on the website (may transmit IP address).
  • Sentry — error monitoring. Personal and health data are scrubbed before transmission.
  • Render — application hosting. Data at rest is encrypted.
  • Amazon Web Services S3 — encrypted database backups. Backup encryption keys are controlled by Med Concierge.

We may also disclose your information when required by law, regulation, subpoena, court order, or governmental request, or in connection with a merger, acquisition, sale of assets, or bankruptcy (in which case you will be notified by email and/or prominent notice on our website).

Transportation Providers

When you request transportation through the App, your request is sent to our licensed agent team as an administrative task. Your agent coordinates with the transit provider appropriate for your plan benefit (for example, your plan’s contracted non-emergency medical transportation vendor or a taxi/ride-share approved for reimbursement). We share only your pickup and dropoff addresses, ride date and time, and first name with the transit provider. We do not share your diagnosis, medications, or reason for the visit.

9. Assigned Agent Access

Licensed insurance agents appointed to your account may view:

  • Name, contact information, date of birth
  • Medicare plan name, plan ID, carrier
  • Assigned benefits and coverage details
  • Medication list, adherence activity, and refill status
  • Transportation bookings, appointment requests, and call-queue topics
  • Communications history with our team
  • Decoded lab or After-Visit Summary results you generated in the App

Agents are licensed insurance professionals bound by state and federal regulations governing the handling of consumer information, and are subject to internal role-based access controls.

10. Caregiver Access (HIPAA §164.502(g) Personal Representatives)

You may invite a family member or other personal representative to view a read-only subset of your Med Concierge account. Caregiver access:

  • Requires the caregiver to accept the invitation and authenticate; it cannot be established without your affirmative action
  • Provides read-only visibility into your medication reminders, benefit summary, and limited care-coordination activity
  • Does not allow the caregiver to modify your data, book services on your behalf, initiate outreach to you, or revoke your rights

You may revoke caregiver access at any time from the in-app Settings screen. Revocation takes effect immediately.

11. Cookies, Tracking, and Website Analytics

On our website (medconcierge.com), we use cookies, web beacons, and similar technologies to remember preferences, analyze traffic, and improve functionality.

Inside the mobile App we do not use cookies or tracking technologies for advertising or cross-site tracking. We do not support Do Not Track (DNT) browser signals at this time; however, the rights described in Section 20 apply regardless of your DNT setting.

12. Location-Based Services

We derive approximate geographic coordinates from the ZIP code stored in your profile (which your agent recorded during enrollment) and from any addresses you type for transportation bookings. Derived coordinates are used only for pharmacy and provider search relevance and to coordinate ride pickup and dropoff.

We do not request device location permissions, and the App does not declare iOS or Android location permissions. We do not track your device location, and your device location is never transmitted to our servers. Transportation addresses are retained as part of your transportation record (see Section 18).

13. Push Notifications

We use push notifications to send:

  • Medication reminders
  • Refill and adherence follow-ups
  • Ride and appointment confirmations
  • Plan service announcements
  • A one-time first-month Plan Extras reminder (approximately one month after enrollment, highlighting supplemental benefits your plan includes)
  • A day-before Visit Prep reminder (the day before a scheduled doctor appointment, offering AI-generated questions to bring)

We do not send marketing or promotional push notifications without your separate, explicit consent.

You can disable these nudges independently from the Communication Preferences section of the in-app Settings screen, or disable device-level notifications in your phone’s Settings app.

Delivery is best-effort. Push notifications are delivered through Apple, Google, and Expo push services. We cannot guarantee that a reminder will appear on time or at all. Device settings (Do Not Disturb, battery optimization, silent mode, app force-quit), operating-system behavior, and network outages can all suppress or delay a notification. See Section 17 for specific limitations of the medication features.

14. SMS and Text Messaging (TCPA Compliance)

By providing your phone number and opting in to text messaging, you consent to receive SMS messages from Med Concierge related to your account, including:

  • Account verification codes
  • Appointment and medication reminders
  • Ride confirmations
  • Plan notifications
  • Agent follow-ups

To opt out of text messages, reply STOP to any message. You can also turn off SMS follow-ups from the Communication Preferences section of the in-app Settings screen.

Medication SMS reminders do not include your medication name by default — the message is worded as a generic nudge to open the App.

Text-messaging opt-in data and consent records will not be shared with any third parties. Twilio, our SMS provider, processes your phone number and message content solely for delivery purposes and is contractually prohibited from using your data for any other purpose.

15. Outbound Campaigns

Our care team may send follow-up messages to members based on objective activity signals stored in your account — for example, a reminder to members who have not logged a dose of a high-risk medication in several days, or a reminder to members who have not completed a preventive health screening for which they are eligible.

These messages are operational, not promotional. We do not send, and never will send, marketing messages for products outside Med Concierge.

You can opt out of each channel of outbound outreach independently (SMS follow-ups, medication check-ins, Plan Extras reminder, Visit Prep reminder) from the Communication Preferences section of the in-app Settings screen. Opt-outs are honored automatically by our campaign system — opted-out members are excluded before a campaign sends.

16. Health Information (HIPAA)

Med Concierge maintains HIPAA compliance for the Protected Health Information (PHI) we hold. Our safeguards include:

  • Administrative — role-based access controls, staff training, and internal data handling policies
  • Technical — TLS/SSL encryption in transit, AES-256 encryption at rest (via AES-GCM), token-based authentication, and continuous security monitoring
  • Physical — secure hosting infrastructure with access controls at the cloud provider

We maintain an audit log of access to PHI. Every read and write is logged with the actor, action, resource, and timestamp; audit-log entries are retained for six (6) years (see Section 18).

We do not use your health-related information for marketing purposes unrelated to your plan benefits.

17. Medication Reminders and Adherence Tracking — Limitations

Med Concierge offers optional medication reminder, dose logging, refill alert, and drug-interaction reference features. These features are convenience and reminder tools, not a clinical system.

  • Reminders are best-effort, not guaranteed. Delivery depends on Apple, Google, Expo, your carrier, and your device state. We cannot guarantee that a reminder will appear on time or at all. You should not rely on Med Concierge as your only method for remembering your medications.
  • Dose logs reflect what you tell us. The adherence history we show is based on what you log in the App. It is not pulled from your pharmacy and does not verify that a medication was actually taken.
  • Refill alerts are estimates. We calculate refill timing from the days-supply you enter and from your plan’s formulary data. Actual refill eligibility is controlled by your pharmacy and insurer. Confirm before you run out.
  • Drug-interaction warnings are informational. Any interaction alerts the App shows are general references, not a clinical drug-interaction screen. Always consult your pharmacist before starting, stopping, or changing a medication.
  • You remain responsible for your medication management. By using these features you acknowledge that Med Concierge is a reminder and tracking convenience, not a clinical tool, and that you will continue to follow the instructions on your prescription label and from your licensed healthcare providers.
  • Members with medications that require strict timing (for example, insulin, anti-rejection drugs, anticoagulants) should use multiple independent methods to ensure doses are taken on time and should consult their doctor or pharmacist about any adherence tool.

Med Concierge is not a medical device and is not FDA-cleared. Nothing in the App constitutes medical advice. If you believe you are experiencing a medical emergency, call 911 or go to the nearest emergency room. For medication overdose or poisoning concerns, call Poison Control at 1-800-222-1222.

18. Data Retention

We retain personal information for as long as needed to provide the services and as required by applicable laws, including HIPAA record-keeping requirements.

  • Account profile — retained while your account is active; deleted within 30 days of a verified deletion request, except where a longer retention is required by law (see below).
  • HIPAA PHI records — medication reminders, dose logs, adherence history, decoded lab or After-Visit Summary results, appointment requests, transportation records, voice questions (with direct identifiers scrubbed), visit-preparation sessions, call notes, provider search history, and related audit-log entries are retained for a minimum of six (6) years as required by HIPAA §164.530(j).
  • Voice call recordings and call metadata — audio recordings of calls between members and concierge agents, along with call start/end timestamps, duration, member and agent identifiers, and connection-quality metadata, are retained for a minimum of six (6) years from the date of the call per HIPAA §164.530(j). Recordings are encrypted at rest with AES-256 and processed by Telnyx under a Business Associate Agreement (see Section 6).
  • Photos captured for the Decode Results feature — the original image is discarded after processing. A one-way cryptographic hash of the image is retained to recognize duplicate uploads; the decoded output is retained under the six-year HIPAA schedule.
  • Authentication records — one-time passcodes are deleted after expiration or use; session tokens are deleted on sign-out or expiry.
  • Audit logs — six (6) years, encrypted at rest.
  • Plan benefit data — refreshed annually during the plan year cycle.
  • SMS and email communication logs — twelve (12) months, extended to six (6) years if the communication relates to PHI.

When you request account deletion, we will tell you which records are retained beyond the deletion date and which regulatory requirement governs the retention.

Disposal is performed using industry-standard data destruction methods.

19. Data Security and Breach Notification

We protect your information with:

  • TLS/SSL encryption for all data in transit
  • AES-256-GCM encryption at rest for sensitive fields
  • HMAC-SHA256 keyed hashing for indexed PHI identifiers
  • Token-based authentication for API access
  • Device biometric unlock (Face ID or fingerprint) where supported; biometric data is processed entirely on your device and never transmitted to our servers
  • Regular security assessments, continuous monitoring, and need-to-know access controls

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Breach notification. If a breach of unsecured Protected Health Information occurs, we will notify affected members within the timeframes required by applicable law, including HIPAA §164.404 (within 60 days of discovery) and the Florida Information Protection Act, Fla. Stat. §501.171 (within 30 days of discovery for breaches affecting Florida residents). Notice will include a description of what happened, the types of information involved, steps we are taking, and steps you can take to protect yourself.

20. Your Privacy Rights

20.1 HIPAA Rights (§164.500 series)

  • Right of Access (§164.524) — request a copy of your PHI. You can export your full record from the in-app Settings screen, or email support@medconcierge.com for a mailed or emailed copy.
  • Right to Amendment (§164.526) — request correction of inaccurate PHI. Because your profile data is the record of your licensed agent, amendment requests are routed to your agent; email support@medconcierge.com or call (844) 463-2931.
  • Right to an Accounting of Disclosures (§164.528) — request a log of disclosures we have made of your PHI for purposes other than treatment, payment, operations, or disclosures you authorized.
  • Right to Restrict Disclosures (§164.522) — request limits on how we use or disclose your PHI.

You may also file a HIPAA complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr/filing-a-complaint. You will not be retaliated against for filing a complaint.

20.2 Your In-App Controls

  • Export your data — from the in-app Settings screen, export your full record (profile, medication reminders and adherence logs, transportation history, appointment requests, decoded results, visit-preparation sessions, voice-query history, screening answers, caregiver relationships, and communication preferences) as a portable JSON file.
  • Delete your account — from the in-app Settings screen. Records subject to HIPAA, CMS, or state insurance record-keeping rules (see Section 18) will be retained for the required period; we will tell you which records are retained and why.
  • Opt out of outreach — disable notifications in your device settings, or from the Communication Preferences section of the in-app Settings screen turn off SMS follow-ups, medication check-ins, the Plan Extras reminder, and the Visit Prep reminder independently.
  • Revoke caregiver access — immediate, from the in-app Settings screen.
  • Sign out — removes all cached data from your current device immediately.

20.3 State-Specific Rights

Residents of the following U.S. states have additional rights under their state’s comprehensive consumer privacy law, including rights of access, correction, deletion, portability, and opt-out of targeted advertising, sale, and profiling:

California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Tennessee (TIPA), Delaware (DPDPA), Iowa (ICDPA), and Florida (FDBR).

To exercise any of these rights, contact us at support@medconcierge.com or (844) 463-2931. We will respond within the timeframe required by your state’s law (typically 30–45 days). We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

20.4 Outside the United States

If you believe the General Data Protection Regulation (GDPR) or another non-U.S. data-protection law applies to your use of our Services, contact support@medconcierge.com.

21. Children’s Privacy

Our Services are intended for individuals 18 years of age and older. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

22. Biometric Data

If you use biometric authentication (Face ID or fingerprint) to unlock the App, this data is processed and stored entirely on your device by your operating system. Med Concierge does not collect, store, receive, or have access to your biometric data. Our servers only receive a confirmation that authentication succeeded.

Biometric unlock supports our HIPAA §164.312(a)(2)(iv) access-control safeguards for PHI stored on your device.

23. International Transfers

Your information may be transferred to, stored, and processed in the United States, where data-protection laws may differ from those of your country. By using our Services from outside the United States, you consent to the transfer of your information to the United States.

Our Services are intended for U.S. Medicare-eligible members. We advise users outside the United States not to provide personal information through our Services.

24. Insurance Carrier Trademarks

Med Concierge is not endorsed by, sponsored by, or affiliated with any insurance carrier. The display of carrier information does not imply any partnership or endorsement beyond our standard agent-appointment relationship with the carrier.

Plan benefit data is derived from public CMS Medicare databases. Use of CMS data is governed by CMS data-use terms. Med Concierge is not affiliated with or endorsed by the United States government or the federal Medicare program. Medicare has neither reviewed nor endorsed this information.

25. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Material changes — for example, adding a new category of data we collect, adding a new sub-processor who receives PHI, changing retention schedules, or expanding how we use or disclose your data — will require affirmative re-acceptance through the in-app consent screen before you can continue using the App.

Non-material or clarifying changes will be posted with a new “Last Updated” date on this page; continued use after the update constitutes acceptance.

For material changes, we will additionally notify you by email at the address associated with your account.

26. How to Contact Us

Mailing Address

Med Concierge
800 Corporate Dr, Suite 610
Fort Lauderdale, FL 33334

Email: support@medconcierge.com

Phone: (844) 463-2931

For HIPAA-specific requests (access, amendment, accounting of disclosures, restriction), note “HIPAA Request” in the subject line.

27. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict-of-law principles. Any disputes arising from this Privacy Policy shall be resolved in the courts of Broward County, Florida, subject to any mandatory arbitration or class-action-waiver provisions in our Terms of Service.

Additional Disclosures

Company: 1 World Insurance LLC, d/b/a Med Concierge. Licensed insurance agency. NPN: 20116201.

Medicare disclaimer: Not affiliated with or endorsed by the United States government or the federal Medicare program. Medicare has neither reviewed nor endorsed this information.

HIPAA Privacy Officer contact: Email support@medconcierge.com with “HIPAA Privacy Officer” in the subject line.

End of Privacy Policy. Version aligned with in-app consent @app_consent_accepted_v4, effective [TBD].