Independent reference site — Not affiliated with the U.S. Food and Drug Administration. All data sourced from public FDA databases.

Privacy Policy

This page explains what information MedivaScan collects, how we use it, and who we share it with. Last updated: May 31, 2026.

Scope

This policy covers the MedivaScan website at https://medivascan.com and any subdomain operated by The Consistent Co LLC.MedivaScan is a public directory of FDA drug-safety data. We do not offer user accounts, and we do not collect health information from visitors.

Information we collect

Information you give us

We have three public forms: a contact form, a correction form, and a drug suggestion form. When you submit one of them, we receive the fields you fill in:

  • Contact form: your name, your email address, a topic, and your message.
  • Correction form: the page URL or description, the type of correction, the details you provide, and your email address if you choose to include one. Email is optional on this form.
  • Suggestion form: the drug name, an optional brand name, your reason for suggesting it, and your email address if you choose to include one. Email is optional on this form.

If you email us directly at contact@medivascan.com, we receive whatever you send in that message.

Information we collect automatically

When you submit a form, our server records the User-Agent string sent by your browser. We also derive a one-way hash of your IP address. The raw IP is read from the request headers, combined with a server-side secret salt, and run through SHA-256. Only the resulting hash is written to our database. The raw IP address is never stored. We use the hash for spam triage and abuse investigation; we cannot reverse it back to your IP.

Our hosting provider (Cloudflare) sees the standard request metadata (IP address, User-Agent, requested URL, timestamp) at the network edge for every visit, as is typical for any web host.

What we do not collect

MedivaScan does not have user accounts, logins, or profiles. We do not ask visitors about their medications, conditions, prescriptions, or any other health information. The drug data on this site comes from public FDA datasets; it is not about you.

How we use information

  • To respond to your message, correction, or suggestion.
  • To triage spam and abuse, including evaluating Cloudflare Turnstile results and IP-hash patterns.
  • To keep the site available and secure.
  • To comply with applicable law and respond to lawful requests.

We do not use form submissions for advertising, profiling, or any automated decision-making.

Third-party services

We rely on a small number of vendors to run the site. Each one receives only the data it needs for its specific role.

  • Cloudflare provides hosting, DNS, the CDN, Email Routing for inbound mail to our domain, and the Turnstile bot-verification widget on our forms. Cloudflare necessarily sees request metadata for every page load.
  • Cloudflare Turnstile is a privacy-friendly CAPTCHA alternative used on the three forms. In its standard configuration it does not require cookies and does not persistently track users across sites. When you submit a form, our server sends the challenge token and your IP address to Cloudflare for verification.
  • Supabase hosts the Postgres database where form submissions are stored. The database key used by the public site can only insert new rows; it cannot read existing submissions.
  • Resend delivers the notification email we receive when a form is submitted. The notification includes your name (if provided), email (if provided), and message body so we can read and reply.
  • openFDA is the public FDA API and dataset source we read from to build the drug directory. Data flow is one-way: we read from openFDA. We do not send any visitor or form data to openFDA or to the FDA.

Planned services. If we add display advertising in the future (for example, Google AdSense), that vendor will set its own cookies and may collect data for ad personalization under its own privacy policy. We will update this page before turning advertising on. Similarly, should we introduce affiliate links to prescription-discount cards or telehealth services, clicking such a link would send standard referral data to the linked partner; we will disclose those partners here when and if they are added.

Cookies and similar technologies

MedivaScan itself does not set cookies for analytics, personalization, or advertising. Today, the only cookies you may encounter come from infrastructure:

  • Cloudflare may set standard security cookies (for example, bot-management cookies) at the network edge.
  • Cloudflare Turnstile may set a short-lived cookie or use temporary browser storage on the form pages while solving a challenge.

If we add Google AdSense in the future, that integration will introduce additional cookies for ad serving and measurement. We will update this section at that time.

Sharing of information

We do not sell personal information. We do not rent or trade it. We share submissions only with the third-party processors listed above, and only to the extent each one needs to do its job (for example, Resend needs the email body to deliver the notification).

We may disclose information if we are required to by law, subpoena, or court order, or if we believe disclosure is necessary to protect our rights, the safety of users, or the integrity of the site.

Data retention

  • Form submissions are retained indefinitely so that we can find and respond to your message, follow up on corrections, and maintain a record of suggestions.
  • User-Agent strings attached to submissions are rotated out after 90 days.
  • IP hashes attached to submissions are rotated out after 90 days.

You can ask us to delete a submission you sent. Email contact@medivascan.com from the address you submitted with, or describe the submission clearly enough that we can find it.

Children's privacy

MedivaScan is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has submitted information through one of our forms, contact us and we will delete it. This section reflects our obligations under the U.S. Children's Online Privacy Protection Act (COPPA).

California privacy rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, gives you the right to:

  • Know what personal information we have collected about you.
  • Request deletion of personal information we hold about you.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information.
  • Not be discriminated against for exercising these rights.

We do not sell personal information, and we do not share it for cross-context behavioral advertising. To make a request, email contact@medivascan.com. We may ask for information to verify that the request comes from you.

Other U.S. state privacy rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and other states with comprehensive privacy laws have similar rights to access, correct, delete, and opt out of certain processing of their personal information. To exercise any of these rights, email contact@medivascan.com and tell us which state you reside in and what you would like us to do.

International users

MedivaScan is operated from the United States, and the data we hold is stored with U.S.-based processors. If you access the site from outside the United States, you understand that your information will be transferred to and processed in the United States.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR (or UK GDPR), including rights of access, rectification, erasure, restriction, objection, and portability. Contact contact@medivascan.com to exercise them.

Security

Traffic to MedivaScan is served over TLS. Data at rest is held by our processors (Cloudflare, Supabase, Resend) under their own security programs. The database key used by the public site can only insert new form rows, not read them.

No system is perfectly secure. If you discover a vulnerability or have a security concern, report it through the contact form or email contact@medivascan.com.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of the page. Material changes will be described in the policy itself. Continued use of the site after a change means you accept the updated policy.

Contact

Questions about this policy, or requests related to your information, should go to:

Operator

MedivaScan is a brand of The Consistent Co LLC, a Wyoming limited liability company. This Privacy Policy is governed by the laws of the State of Wyoming, without regard to its conflict-of-laws principles.