Privacy Policy

Effective Date: March 29, 2026

1. Overview

RxRadar ("we", "us", "our") operates an MCP server that provides semantic search over a subset of publicly available US government healthcare data. We index public data from government APIs and websites — we do not create, curate, or independently verify this data. This Privacy Policy describes what information we collect about you as a user, how we use it, and your rights regarding that information.

2. Information We Collect

What We Do NOT Collect

• We do not store your search queries beyond what appears in standard server logs
• We do not collect or store payment card numbers, bank details, or billing addresses — Stripe handles all payment processing directly
• We do not use cookies or tracking pixels
• We do not collect personal health information about you

3. Payment Processing

All payment processing is handled by Stripe, Inc. When you subscribe, you interact directly with Stripe's checkout system. We receive only your Stripe customer ID, subscription ID, and selected tier — never your payment card details. Stripe's handling of your payment data is governed by their own privacy policy.

4. How We Use Your Information

• Subscription management: To activate, maintain, and cancel your subscription
• Rate limiting: To enforce the API call limits associated with your tier
• Security: To detect and prevent abuse, unauthorized access, and attacks
• Service improvement: To monitor aggregate usage patterns and improve the Service

We do NOT use your information for advertising, profiling, or sale to third parties.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties, except:

• Stripe: For payment processing (as described above)
• Legal requirements: If required by law, court order, or governmental authority
• Service protection: To enforce our Terms of Service or protect the security of the Service

6. Data Retention

• Subscription records: Retained for the duration of your subscription plus 12 months after cancellation, for billing dispute resolution
• API usage logs: Retained for 90 days, then deleted
• Server access logs: Retained for 90 days with automatic rotation

7. Data Security

We protect your data with:

• TLS/HTTPS encryption for all data in transit
• SSH key-only authentication on our infrastructure
• Firewall rules restricting access to essential ports only
• fail2ban intrusion prevention
• Automatic security updates
• Internal-only database access (not exposed to the internet)

8. Your Rights

You have the right to:

• Access: Request a copy of the data we hold about you
• Deletion: Request deletion of your data (we will delete subscription and usage records; we cannot retroactively delete server logs that have already rotated)
• Cancellation: Cancel your subscription at any time through Stripe

To exercise these rights, contact us at privacy@ratbyte.dev.

9. Healthcare Data Clarification

The healthcare data searchable through RxRadar (provider registries, published research, adverse event reports, clinical trials, drug labels) is publicly available US government data. This data is about healthcare providers, drugs, and studies — not about you as a user. We are not a covered entity under HIPAA, and the Service does not process protected health information (PHI).

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect information from minors.

11. International Users

The Service is hosted in Germany (Hetzner) and operates under US law. If you access the Service from outside the United States, you consent to the transfer and processing of your data as described in this policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to subscribers via the email associated with their Stripe account. The effective date at the top of this page indicates the most recent revision.

13. Contact

For privacy-related questions or requests, contact us at privacy@ratbyte.dev.