MedVoyage

Privacy Policy

Last updated: May 26, 2026

Who we are

MedVoyage is a medical-tourism facilitator based in the United Arab Emirates. We arrange travel and treatment packages with partner clinics in Türkiye. We are not a healthcare provider. Medical care is delivered by the licensed Turkish clinic you book with.

What we collect

Account details: name, email, password, phone number, nationality, date of birth, and marketing-consent preference.
Booking details: chosen procedure, package and tier, preferred dates, companion details, and the messages you exchange with your coordinator.
Documents you upload for medical screening (e.g. ID, blood-test results, photos requested by the clinic).
Payment metadata returned by Stripe (last four digits of the card, billing country, payment status). We do not store full card numbers — Stripe handles that directly.
Technical data when you use the site: IP address, browser, pages visited, and security signals from Cloudflare Turnstile and our rate limiter.

Why we use it

Create and manage your account.
Coordinate your booking with the chosen Turkish clinic, including forwarding medical screening documents the clinic requires.
Take and reconcile deposit payments via Stripe; issue receipts and process refunds when applicable.
Send transactional messages (booking confirmation, deposit receipt, trip reminders, document requests).
Send marketing messages only if you have opted in. You can opt out at any time from your account or by replying to any marketing email.
Detect and prevent fraud or abuse of the platform.

Who we share it with

Partner clinic in Türkiye — the clinic you book with receives the documents and details needed to review your suitability and provide care. Your data leaves the UAE for this purpose.
Service providers — Supabase (account database and file storage), Stripe (payment processing), Resend (email delivery), Cloudflare (security and Turnstile bot protection), Upstash (rate limiting), and Inngest (scheduled reminders).
Authorities — only when we are legally required to (e.g. court order, regulatory investigation).

We do not sell your personal data. We do not share it with third parties for their own marketing.

How long we keep it

Account and booking records are kept for as long as your account is open, and for up to 7 years after closure to satisfy financial, audit, and dispute obligations. You can delete your account at any time from your profile page; doing so removes your account, your documents, and your bookings. Payment records held by Stripe and accounting records we are legally required to retain may persist in anonymised form.

Your rights

Under the UAE Personal Data Protection Law you can ask us to:

Tell you what data we hold about you.
Correct anything that is wrong or out of date.
Delete your account and the data attached to it.
Withdraw marketing consent at any time.
Object to or restrict specific uses of your data.

Email privacy@medvoyage.example or contact us through the contact page. We respond within 30 days.

Security

We use TLS in transit, encrypted storage at rest through our providers, and role-based access controls inside the platform. We cannot guarantee absolute security; report any suspected breach to security@medvoyage.example.

Changes

We may update this policy as the service evolves. We will note the update date at the top of this page and, where the change is material, contact you by email.

What we collect

Account details: name, email, password, phone number, nationality, date of birth, and marketing-consent preference.

Booking details: chosen procedure, package and tier, preferred dates, companion details, and the messages you exchange with your coordinator.

Documents you upload for medical screening (e.g. ID, blood-test results, photos requested by the clinic).

Payment metadata returned by Stripe (last four digits of the card, billing country, payment status). We do not store full card numbers — Stripe handles that directly.

Technical data when you use the site: IP address, browser, pages visited, and security signals from Cloudflare Turnstile and our rate limiter.

Why we use it

Create and manage your account.

Coordinate your booking with the chosen Turkish clinic, including forwarding medical screening documents the clinic requires.

Take and reconcile deposit payments via Stripe; issue receipts and process refunds when applicable.

Send transactional messages (booking confirmation, deposit receipt, trip reminders, document requests).

Send marketing messages only if you have opted in. You can opt out at any time from your account or by replying to any marketing email.

Detect and prevent fraud or abuse of the platform.

Who we share it with

Partner clinic in Türkiye — the clinic you book with receives the documents and details needed to review your suitability and provide care. Your data leaves the UAE for this purpose.

Service providers — Supabase (account database and file storage), Stripe (payment processing), Resend (email delivery), Cloudflare (security and Turnstile bot protection), Upstash (rate limiting), and Inngest (scheduled reminders).

Authorities — only when we are legally required to (e.g. court order, regulatory investigation).

We do not sell your personal data. We do not share it with third parties for their own marketing.

How long we keep it

Your rights

Under the UAE Personal Data Protection Law you can ask us to:

Tell you what data we hold about you.

Correct anything that is wrong or out of date.

Delete your account and the data attached to it.

Withdraw marketing consent at any time.

Object to or restrict specific uses of your data.

Email privacy@medvoyage.example or contact us through the contact page. We respond within 30 days.