Legal
Privacy Policy
Effective: 2026-05-06 · Last updated: 2026-05-06
This Privacy Policy describes how Myto Intelligence ("we," "our," or "the platform") collects, uses, stores, and protects information about clinicians who use the platform. By accessing the platform you agree to the practices described here.
1. Who operates this platform
Myto Intelligence is a product of The Myto Corp (the "Company"), a venture under formation. The platform is operated on the Company's behalf by Honistee LLC (Wyoming), a service provider that builds, hosts, and maintains the application. The Company is the controller of all user data; Honistee LLC is a processor acting under the Company's direction. All data, brand assets, and user relationships are owned by the Company. Operational ownership of accounts and infrastructure transfers from Honistee LLC to The Myto Corp upon formal incorporation of the entity.
2. Information we collect
2.1 Account information
When you apply for access we collect: full name, email address, National Provider Identifier (NPI), state of practice, medical specialty, and a free-text "intended use" description. We use this to verify clinician status, manage your account, and communicate about the platform.
2.2 AI conversation history
When you use the AI agent (when available), conversations are stored privately to your account so you can reference them later. Before any storage or external API call, the input is scanned for patterns that resemble Protected Health Information (PHI) — such as names, dates of birth, addresses, and Medical Record Number (MRN) patterns — and any detected patterns are redacted. This is a technical backstop, not a substitute for your obligation not to submit PHI in the first place.
2.3 Audit metadata
We log which clinician accessed which page or made which lookup, and when. This is metadata only — no content, no patient information. We use this for security forensics, abuse detection, and to identify patterns of platform use that inform dataset improvements.
2.4 Standard server logs
Like every web application, our hosting providers log standard request metadata (IP address, user agent, request timestamps). These are operational logs, retained for short periods (typically 7–28 days depending on the provider tier).
2.5 What we do not collect
We do not collect Protected Health Information (PHI) about any patient. We do not collect biometric, genetic, or health data about you as a user. We do not use third-party advertising networks, tracking pixels, or marketing analytics services. We do not sell, rent, or share user information with marketers.
3. How we use information
We use the information described in Section 2 to: (a) verify your eligibility as a licensed clinician; (b) provide access to the platform; (c) maintain your AI conversation history for your own reference; (d) generate aggregated, de-identified analytics about platform usage to improve coverage and performance; (e) communicate with you about platform updates, security issues, or your account; and (f) comply with legal obligations.
4. Sub-processors
We engage the following third-party service providers ("sub-processors") to operate the platform. Each is bound by its own published privacy and security commitments.
| Vendor | Service | Region |
|---|---|---|
| Honistee LLC | Operations + engineering on behalf of The Myto Corp | United States |
| Vercel Inc. | Application hosting | United States |
| Supabase Inc. | Database, authentication | United States |
| Anthropic PBC | AI inference (Claude API) | United States |
| Resend Inc. | Transactional email | United States |
| GoDaddy Inc. | Domain registrar | United States |
5. PHI and HIPAA posture
Myto Intelligence is a clinician reference tool — it is not a HIPAA-covered entity, and we do not act as a HIPAA business associate. We have no Business Associate Agreement (BAA) in place with users or with sub-processors because the platform is designed to operate without exchanging Protected Health Information.
Submitting PHI to the platform is a violation of the Terms of Service and may also violate your obligations under HIPAA, state privacy laws, and institutional policies. Use abstract clinical scenarios only.
6. Data retention
Account information is retained while your account is active and for a reasonable period thereafter (typically 90 days) to handle re-activation requests and operational matters. AI conversation history is retained until you delete it or close your account. Audit metadata is retained for up to 2 years for security forensics. Standard server logs are retained per the providers' published retention policies (typically 7–28 days).
7. Your rights
You may at any time: (a) access the data we hold about your account; (b) request correction of inaccurate information; (c) delete any AI conversation in your history (one click); (d) close your account, in which case we delete or anonymize your data consistent with Section 6 retention; (e) request export of your conversation history. Submit requests to mytointel@mytointelligence.com.
8. Security
We use HTTPS for all traffic, encryption at rest for all stored data, and least-privilege access controls. We do not implement security theater (we don't claim certifications we don't have); our security inheritance flows from our sub-processors' published posture (Vercel, Supabase, Anthropic, etc., each maintain SOC 2 and other certifications applicable to their layer).
9. Changes to this policy
We may update this Privacy Policy as the platform evolves. We will revise the "Last updated" date at the top of this page and, for material changes, notify users via email.
10. Contact
Questions about this Privacy Policy or our data practices: mytointel@mytointelligence.com