← Back to Med Caddy · Privacy & Data Practices

Privacy & Data Practices

How Med Caddy handles your information — built for trust, designed for medical students.

What is Med Caddy?

Med Caddy is an AI-powered academic assistant built specifically for Brown Medical School students. It connects to your Google account (Calendar, Gmail, Drive) to give you personalized answers about your schedule, academic policies, deadlines, and resources — all in one place.

Authentication

Med Caddy uses Google OAuth 2.0 for sign-in. We never see or store your Google password. Access is restricted to @brown.edu email addresses, plus individually approved accounts.

What Data We Access

IntegrationAccessWhat & Where
Gmail Read-only (enforced by Google) Your recent mail — subject, sender, body text, and attachment text — is synced into your own private, per-student store on our servers so answers are fast and searchable. Class-list mail is kept longer as shared institutional knowledge.
Calendar Read + create Your events are synced for schedule answers. Med Caddy only creates events when you explicitly ask ("add to my calendar") — it never edits or deletes existing events.
Drive Read-only (enforced by Google) File text is read to answer your questions (e.g., a syllabus you ask about). Journal entries are written to a doc in your own Drive if you use that feature.
Tasks Read + create/complete Your to-do list is read so it can appear in answers. Med Caddy adds to-dos when you ask, and can automatically track deadlines and commitments it finds in your email — each one links back to the source email and can be dismissed with one click.
Key principles: your synced data lives in a private, per-student store that only your account can query — verified with database row-level security. Mail and files are read-only at the OAuth level, so Med Caddy cannot send or delete anything even if it wanted to. Writes are additive only (a calendar event or a to-do) and happen on your own account.

What We Store

What We Do NOT Do

FERPA Compliance

Med Caddy is designed with FERPA (Family Educational Rights and Privacy Act) considerations in mind:

FERPA note: Because Med Caddy reads data directly from the student's own Google Workspace account (provided by Brown University) at the student's request, it operates under the student's own consent. The application does not access institutional education records systems.

Third-Party Services

Data Retention & Deletion

Security Measures

Contact

Questions about privacy or data practices? Reach out to the Med Caddy team at Brown University. See also our Terms of Service.