Privacy & Data Practices
How Med Caddy handles your information — built for trust, designed for medical students.
What is Med Caddy?
Med Caddy is an AI-powered academic assistant built specifically for Brown Medical School students. It connects to your Google account (Calendar, Gmail, Drive) to give you personalized answers about your schedule, academic policies, deadlines, and resources — all in one place.
Authentication
Med Caddy uses Google OAuth 2.0 for sign-in. We never see or store your Google password. Access is restricted to @brown.edu email addresses, plus individually approved accounts.
What Data We Access
| Integration | Access | What & Where |
| Gmail |
Read-only (enforced by Google) |
Your recent mail — subject, sender, body text, and attachment text — is synced into your own private, per-student store on our servers so answers are fast and searchable. Class-list mail is kept longer as shared institutional knowledge. |
| Calendar |
Read + create |
Your events are synced for schedule answers. Med Caddy only creates events when you explicitly ask ("add to my calendar") — it never edits or deletes existing events. |
| Drive |
Read-only (enforced by Google) |
File text is read to answer your questions (e.g., a syllabus you ask about). Journal entries are written to a doc in your own Drive if you use that feature. |
| Tasks |
Read + create/complete |
Your to-do list is read so it can appear in answers. Med Caddy adds to-dos when you ask, and can automatically track deadlines and commitments it finds in your email — each one links back to the source email and can be dismissed with one click. |
Key principles: your synced data lives in a private, per-student store that only your account can query — verified with database row-level security. Mail and files are read-only at the OAuth level, so Med Caddy cannot send or delete anything even if it wanted to. Writes are additive only (a calendar event or a to-do) and happen on your own account.
What We Store
- Account info: Name, Brown email, OAuth tokens — tokens are field-encrypted at rest with a key held in a managed secret store
- Your synced mail & calendar: recent email content (including attachment text) and calendar events, in your private per-student store, so questions are answered in seconds instead of minutes
- Search index: encrypted vector embeddings of your synced mail, so "did anyone email about scholarships?" works by meaning, not keywords — also strictly per-student
- Extracted events & deadlines: dates mentioned in your email, resolved to exact calendar dates, so schedule answers are accurate
- Conversation history: Your questions and AI responses, so you can return to past conversations
- Feedback reports: When you flag an answer, we save the question and response for quality review
- Request logs: per-question records (sources used, tokens, cost) for quality and security auditing
What We Do NOT Do
- We do not train AI models on your data — and neither do our AI providers (API data is excluded from training)
- We do not sell, share, or transfer your data to third parties
- We do not send emails on your behalf — the permission to do so is never even requested
- We do not edit or delete your calendar events, mail, or files — mail and Drive scopes are read-only at Google's level
- We do not let any student see another student's data — every record is partitioned per user
- We do not access grades, transcripts, or other protected education records
FERPA Compliance
Med Caddy is designed with FERPA (Family Educational Rights and Privacy Act) considerations in mind:
- No education records stored: We do not access or store grades, transcripts, or disciplinary records from Brown's systems
- Student-initiated: All data access is initiated by the student themselves through their own Google account
- Minimal data retention: Personal data from Google integrations is used at query time and not persisted
- Access control: Only authenticated students can access their own data; admin access is restricted to authorized Brown personnel
- No directory information disclosure: Student information is not shared between users or exposed publicly
FERPA note: Because Med Caddy reads data directly from the student's own Google Workspace account (provided by Brown University) at the student's request, it operates under the student's own consent. The application does not access institutional education records systems.
Third-Party Services
- OpenAI API: Your questions and retrieved context are sent to OpenAI's models for response generation. OpenAI's API does not use inputs for training.
- Supabase: Managed PostgreSQL (US-hosted, encrypted at rest) holding the shared knowledge base and your private per-student data (synced mail, search index, conversations) — protected by row-level security so only the application backend can read student data
- AWS (ECS/Fargate): Application hosting and secret storage, US-East-1 region
- Google OAuth: Authentication only; tokens are field-encrypted at rest and refreshed automatically
Data Retention & Deletion
- Conversations: deleted automatically after 12 months
- Request logs & search embeddings: deleted automatically after ~4 months
- Leaving: revoke Med Caddy's access anytime from your Google Account permissions, and use the in-app delete-my-data option (or contact us) to permanently purge everything we've stored — synced mail, search index, conversations, tokens, all of it.
Security Measures
- All traffic encrypted via HTTPS/TLS; data encrypted at rest
- OAuth tokens field-encrypted with a key held in a managed secret store (AWS SSM)
- Strict per-student data partitioning, verified with database row-level security
- Role-based access control (user, admin, host) with an admin audit log
- Rate limiting on all API endpoints; no credentials or secrets in client-side code
- Guardrails tested continuously — including privacy probes and prompt-injection attempts in a 1,000-question test bank
Contact
Questions about privacy or data practices? Reach out to the Med Caddy team at Brown University. See also our Terms of Service.