Google User Data Policy Addendum

Last Updated: January 01, 2025

This Google User Data Addendum supplements the main MedMarshal Privacy Policy available at https://www.medmarshal.com/privacy-policy/ and applies specifically to features that integrate with Google APIs (Google Calendar and Google OAuth services).

By connecting your Google Account through our platform, you consent to the practices described in this addendum.

General Data Retention

We retain personal and account-related data (such as user profile information, clinic data, and usage data) for as long as the user account remains active.

If a user deletes their account, we will delete or anonymize their personal data within a reasonable period, unless retention is required for legal, regulatory, or operational purposes.

Certain data may be retained for a longer duration where required by applicable laws, dispute resolution, or enforcement of agreements.

1. What Google User Data We Access

MedMarshal requests access only to the minimum Google scopes required to provide teleconsultation features:

Google API Scope Used:

• https://www.googleapis.com/auth/calendar.events
  Used solely to create and manage Google Calendar events for teleconsultations, and to generate Google Meet links.

We Do NOT:

• Access or modify calendar events we did not create.
• Access Gmail, Drive, Contacts, or any other Google service.
• Store or use unnecessary Google data.

2. How We Use Google User Data

We use Google user data for the following purposes:

• Creating Google Calendar events on behalf of the doctor
• Generating Google Meet links required for teleconsultations
• Displaying the created event details within your MedMarshal account
• Sending the Meet link to the doctor so it may be shared with patients

We do not use Google user data for analytics, advertising, or any unrelated functionality.

3. Sharing & Disclosure of Google User Data

MedMarshal does not share, sell, or transfer Google user data to any third party.

The only exception is when:

• The doctor chooses to share the generated Google Meet link with the patient. (This is a voluntary action by the doctor, not by MedMarshal.)

No other Google data is disclosed to any external party.

4. How We Store & Protect Google User Data

MedMarshal follows industry-standard security measures:

Data Storage

• Access and refresh tokens are stored securely in an encrypted format
• Tokens are used only by server-side services to access Google Calendar on behalf of the authenticated user
• Tokens are never exposed in the browser or client-side code

Security Measures

• Encryption in transit (HTTPS)
• Encryption at rest
• Strict access controls
• Regular token rotation following Google’s OAuth guidance
• No long-term logging of sensitive Google data

5. Data Retention & Deletion

• Google Calendar tokens are retained only for as long as the Google integration remains active
• When a doctor disconnects their Google account:
  • All stored Google tokens are permanently deleted
  • No further access is possible
• Users can revoke access at any time from: https://medmarshal.com/delete-account

6. No Use of Google Data for AI/ML

MedMarshal does not use Google user data for:

• Training AI/ML models
• Automated decision systems
• Profiling or secondary use

This is required by Google’s “Additional User Data Policy”.

7. Contact Information

For questions regarding this Google User Data Addendum, contact us at:
https://medmarshal.com/
[email protected]