MMediSaveTerms of Service

Privacy Policy

Last updated: April 17, 2026

MediSave ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the MediSave mobile application, website (medisaveapp.com), and related services (collectively, the "Service").

By using MediSave, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

a) Information You Provide

  • Account Information: Phone number, email address, and name when you register.
  • Health Information: Medicine names, dosages, and schedules you add to your medicine cabinet. Prescriptions you scan or receive from doctors.
  • Family Member Information: Names of family members you add to track medicines for.
  • Location Data: Your approximate location (city/area) when you search for nearby pharmacies. This is only collected when you grant permission.
  • Feedback & Support: Messages you send through our support chat.

b) Information Collected Automatically

  • Device Information: Device type, operating system, app version.
  • Usage Data: Screens visited, search queries, features used. This helps us improve the app.
  • Push Notification Tokens: To send you medicine reminders and prescription updates.

c) Information We Do NOT Collect

  • We do not collect payment card or banking information (all payments, if any, are handled by third-party processors).
  • We do not access your contacts, call logs, or SMS.
  • We do not track your location in the background.

2. How We Use Your Information

  • Provide the Service: Compare medicine prices, show alternatives, manage your cabinet, deliver prescriptions to pharmacies.
  • Medicine Reminders: Send push notifications for scheduled doses.
  • Prescription Routing: Deliver digital prescriptions from doctors to your chosen pharmacy.
  • Improve the Service: Analyze usage patterns to fix bugs and add features.
  • Customer Support: Respond to your queries and resolve issues.
  • Safety & Security: Detect fraud, abuse, and enforce our terms.

We never sell your personal information to third parties. We do not use your health data for advertising.

3. How We Share Your Information

We share your information only in these limited circumstances:

  • With Pharmacies: When you send a prescription to a pharmacy or request medicine availability, the pharmacy receives your prescription details and name.
  • With Doctors: When you book an appointment or receive a prescription, the doctor has access to your name, phone, and prescription history with them.
  • Service Providers: We use trusted third-party services for hosting (cloud infrastructure), notifications (push notification delivery), and analytics. These providers process data on our behalf under strict agreements.
  • Legal Requirements: If required by law, court order, or government authority.

4. Data Storage & Security

  • Your data is stored on secure cloud servers hosted in India.
  • We use encryption in transit (TLS/HTTPS) and at rest.
  • Access to personal data is restricted to authorized team members only.
  • We use JWT-based authentication with short-lived access tokens and refresh tokens.
  • Biometric authentication (fingerprint/face) is available for additional app security.

While we implement industry-standard security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

  • Account Data: Retained as long as your account is active.
  • Prescriptions: Retained for the validity period plus 3 years for medical record-keeping.
  • Medicine Cabinet: Retained as long as your account is active. You can delete individual entries at any time.
  • Usage Analytics: Aggregated and anonymized after 12 months.
  • Lab Reports: Retained for 5 years from upload date, in compliance with clinical record retention norms.
  • Blood Donation Requests: Active requests expire after 30 days. Historical records retained for 2 years.
  • Community Posts: Retained as long as your account is active. Deleted posts are permanently removed within 30 days.
  • Doctor Consultation Records: Retained for 7 years per Indian medical record-keeping requirements.

You can request deletion of your account and associated data at any time by contacting us. After account deletion, we retain anonymized/aggregated data that cannot identify you.

6. Data Breach Notification

In the event of a data breach that may affect your personal data, we will notify you within 72 hours of becoming aware of the breach, as required under the DPDPA 2023.

  • Notification will be sent via email, push notification, and/or in-app alert.
  • We will also notify the Data Protection Board of India as required by law.
  • The notification will include: nature of the breach, types of data affected, steps we are taking, and steps you can take to protect yourself.

7. Your Rights

Under India's Digital Personal Data Protection Act (DPDPA) 2023, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data. You can delete your account directly from the app under Profile > Delete Account, which will erase all personal data within 30 days.
  • Withdraw Consent: Withdraw your consent for data processing at any time.
  • Data Portability: Request your data in a structured, machine-readable format.
  • Right to Nominate: You may nominate another person to exercise your data rights in case of death or incapacity.
  • Grievance Redressal: File a complaint with us or the Data Protection Board of India.

To exercise any of these rights, contact us at privacy@medisaveapp.com.

8. Health Data Special Provisions

Health data (medicine cabinet, prescriptions, lab reports, consultation records) is treated as sensitive personal data. We implement the following special protections:

  • We process health data only with your explicit consent, which you provide when using these features.
  • Health data is encrypted at rest with AES-256 encryption.
  • Access to health data is restricted to role-based access controls.
  • We do not use health data for advertising, marketing, or profiling purposes.
  • Health data shared with doctors/pharmacies is limited to what is necessary for the specific service (prescription fulfillment, consultation, etc.).

9. Children's Privacy

MediSave is not intended for children under 18. We do not knowingly collect personal data from children under 18. The family member feature is designed for adult users to manage medicines for their dependents. If you believe a child has provided us personal data, contact us and we will delete it.

10. Third-Party Links

The Service may contain links to third-party websites (e.g., pharmacy websites, Google Maps). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us:

  • Email: privacy@medisaveapp.com
  • Website: medisaveapp.com
  • Grievance Officer: [Name to be appointed]
  • Grievance Email: grievance@medisaveapp.com
  • Response Time: We will acknowledge your grievance within 48 hours and resolve it within 30 days as required by DPDPA 2023.