Privacy Policy

Last updated: 2026-05-03

What HEORAgent is

HEORAgent is an AI-powered research assistant for Health Economics and Outcomes Research (HEOR). It is delivered as (a) a web chat at web-michael-ns-projects.vercel.app, (b) a Model Context Protocol (MCP) server distributed via npm and the official MCP Registry, and (c) a ChatGPT Custom GPT Action.

Data we receive

• Tool inputs. When you call a tool (e.g.,literature_search, cost_effectiveness_model), your query text and tool parameters are sent to the HEORAgent MCP server hosted on Railway.
• Tool outputs. The MCP server returns markdown text and structured data computed from public sources or your inputs.
• Anthropic API key (web chat only). The web UI uses a Bring-Your-Own-Key model: you paste your Anthropic API key into the browser. It is stored in localStorage on your device and sent directly to the Anthropic API for chat completions. We never see, log, or store your key on our servers.

Data we do NOT collect

• We do not store your queries or tool outputs persistently.
• We do not collect names, email addresses, or contact details.
• We do not sell or share data with advertisers.

Analytics

We use PostHog to record anonymous usage events: which tool was called, how long it took, success/error status, and the surface (web UI, ChatGPT adapter, MCP client). Events do not include the contents of your queries or tool inputs. Analytics are used solely to improve the product. Set POSTHOG_API_KEY to empty in self-hosted deployments to opt out.

Third-party data sources

Tool calls fetch from public APIs (PubMed, ClinicalTrials.gov, NICE, CADTH, ICER, etc.) and may invoke enterprise APIs you have configured via API key. Each provider has its own privacy policy. We pass through results without retention.

Hosting & retention

• Web UI is hosted on Vercel (US region). HTTP request logs are kept for diagnostic purposes for up to 7 days, then deleted.
• MCP server is hosted on Railway. Same 7-day diagnostic log retention.
• Anonymous PostHog events: retained per PostHog default (currently 7 years, configurable).

Your rights

Because we do not collect identifiable data, there is nothing personal to retrieve, correct, or delete on your behalf. If you used your Anthropic API key in the web UI, you can clear local storage in your browser to remove it.

Source code

HEORAgent is open source under the MIT license. The code is at github.com/neptun2000/heor-agent-mcp.

Contact

Questions or concerns: open an issue at github.com/neptun2000/heor-agent-mcp/issues.

Disclaimer

HEORAgent generates research support outputs (literature audits, draft cost-effectiveness models, GRADE evidence summaries). These are intended for HEOR professionals to review and validate. Outputs are not medical advice, regulatory submissions, or HTA decisions in themselves.