Antidote | Instant Antidote Finder for Common Poisons and Overdoses Privacy Policy

1. Introduction

Medical Toxicology LLC (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your data in compliance with the General Data Protection Regulation (GDPR) and applicable U.S. privacy laws. By accessing or using our services, you agree to the data practices described in this policy.

2. Data We Collect

We may collect the following categories of personal data: Required Information (at registration): • Full name • Email address • Username • Password (securely hashed) Optional Profile Information (provided voluntarily by the user): • Address • City • State • Country • Biography (Bio) • Social media handles or links Metadata: • User ID • Registration and login timestamps Local Browser Data (not sent to our servers): • Search history • Recently viewed items • Local preferences (stored in LocalStorage/SessionStorage)

3. How We Use Your Data

We process your data only for the following legitimate purposes: • To register and authenticate user accounts • To provide secure login (via email/password or Google account) • To maintain your account profile • To improve platform security and user experience • To prevent unauthorized access and abuse Legal Basis for Processing (GDPR): • Article 6(1)(b) – Necessary for the performance of a contract • Article 6(1)(f) – Legitimate interest in maintaining a secure and functional service • Article 6(1)(a) – Consent (for optional data and cookies, where applicable)

4. Cookies and Tracking Technologies

We use cookies and similar technologies to support core functionality and improve your experience. Types of Cookies: • Essential Cookies: Required for login and session management (e.g., JWT in HttpOnly cookie) • Functional Cookies: Used to store local preferences • Third-party Cookies: Only used if analytics tools are integrated (see below) EU/EEA users are asked to provide explicit consent before we use any non-essential cookies. You can control cookies via your browser settings.

5. Authentication and Security

We use a custom authentication system with these security features: • Passwords are hashed using secure cryptographic algorithms • Login supported via email/password or Google Sign-In • Upon login, a JWT token is issued and stored in a secure HttpOnly cookie • Tokens are never exposed to JavaScript, reducing risk of XSS attacks

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy or as required by law: • Account data: retained until account deletion or user request • Optional profile data: retained only while the user maintains a profile • Metadata: may be retained for up to 12 months for audit, legal, or security purposes after account deletion

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your data in these limited circumstances: • With authorized staff or contractors for technical support and platform maintenance • With third-party service providers (e.g., Google for OAuth login) under strict data protection agreements • If legally required to comply with a lawful request or protect our rights

8. International Data Transfers

We are based in the United States, and your data may be transferred outside the European Economic Area (EEA). To ensure GDPR-compliant data protection, we rely on: • Standard Contractual Clauses (SCCs) approved by the European Commission • Other recognized safeguards for lawful international transfers

9. Data Security

We implement appropriate technical and organizational measures to safeguard your data: • TLS encryption (HTTPS) for all data in transit • Secure password hashing and salting • JWT-based authentication via HttpOnly cookies • Access controls and audit logging • Regular vulnerability assessments Only authorized personnel can access systems containing personal data.

10. Your Rights Under GDPR

If you are located in the EEA, you have the right to: • Access – Request a copy of your personal data • Rectification – Correct inaccurate or incomplete data • Erasure – Request deletion of your account and personal data • Restriction – Limit processing in specific cases • Objection – Object to processing based on our legitimate interests • Data Portability – Obtain your data in a structured, machine-readable format To exercise any of these rights, contact us at info@medicaltoxic.com. We may ask for identity verification. We respond within 7 business days, or within 30 days as required under GDPR. Please note: We may retain minimal metadata after deletion to fulfill legal or security obligations.

11. Children’s Privacy

Our services are not intended for children under 16 years of age (or under 13 in the U.S.). We do not knowingly collect data from minors. If you believe a child has provided personal data, please contact us and we will delete it promptly.

12. Policy Updates

We may update this Privacy Policy from time to time. When significant changes are made, we will notify you via email or service notifications. We encourage users to regularly review this page for the latest information about our privacy practices.

13. Contact Information

For any questions or to exercise your data rights, please contact us: Medical Toxicology LLC 📧 Email: [info@medicaltoxic.com] 📍 United States 🌐 Website: [medicaltoxic.com]

Antidote Privacy Policy