Privacy Policy

MedMitra AI ("we", "our", or "us") operates the MedMitra mobile application and web services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare platform.

By using MedMitra, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your personal health information in compliance with Indian data protection laws including the Digital Personal Data Protection Act, 2023 (DPDPA).

Personal Information

• Name, phone number, email address
• Date of birth, gender, blood group
• Profile photo
• Location data (for finding nearby facilities)

Health Information

• Medical history (allergies, past conditions, medications, family history)
• Consultation records and transcripts
• Prescriptions issued through the platform
• Lab reports and diagnostic results
• Vital signs data
• Voice recordings during voice consultations

Financial Information

• Payment transaction details (processed via Razorpay)
• Wallet balance and transaction history

Device & Usage Information

• Device type, OS version, app version
• Push notification tokens
• App usage patterns and session data

• To provide AI-assisted healthcare consultations
• To enable licensed doctors to review and approve prescriptions
• To facilitate appointment bookings, lab tests, and medicine orders
• To process payments and maintain billing records
• To send appointment reminders and medicine reminders
• To improve our AI models and service quality
• To comply with legal and regulatory obligations

We share your information only in the following circumstances:

• Licensed Doctors: Consultation data is shared with assigned doctors for prescription approval
• Partner Facilities: Relevant booking information is shared with clinics, labs, and pharmacies you book with
• Payment Processors: Financial data is shared with Razorpay for payment processing
• AI Providers: De-identified consultation text is processed by our AI partners (OpenAI) for generating medical responses
• SMS Provider: Phone numbers are shared with Twilio for OTP delivery and notifications
• Legal Requirements: When required by law, court order, or government authority

We do not sell your personal or health data to third parties for marketing or advertising purposes.

• All data is stored on encrypted servers hosted on AWS (Mumbai region, ap-south-1)
• All data in transit is encrypted using TLS 1.2+
• Passwords are hashed using bcrypt with salt
• Access to patient data is role-restricted and audited
• Payment card details are never stored on our servers (handled by Razorpay PCI-DSS)

• Medical records: Retained for 7 years as required by Indian Medical Council regulations
• Financial records: Retained for 8 years as required by tax regulations
• Account data: Retained until account deletion is requested
• Voice recordings: Processed and deleted within 30 days after consultation completion
• OTP records: Automatically purged after 24 hours

Under the DPDPA 2023, you have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and personal data (subject to legal retention periods)
• Portability: Export your health records
• Withdraw Consent: Opt out of non-essential data processing

To exercise these rights, use the in-app settings or contact us at support@medmitra-ai.com

MedMitra is not intended for use by individuals under 18 without parental consent. For minors, a parent or guardian must create and manage the account.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the app after changes constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or our data practices:

• Email: support@medmitra-ai.com
• App: Profile → Support