Privacy Policy

Company: MediQX Healthcare Private Limited

Effective Date: 10/05/2025

Applies to: Website, CRM platform, and Mobile Application

Introduction

Welcome to MediQX Healthcare Private Limited (“we”, “our”, “us”). We are committed to protecting your personal and health-related information and being transparent about how we collect, use, and safeguard it. This Privacy Policy explains how we handle your data when you use our mobile application and associated services, whether you're a patient, caregiver, or visitor.

As a healthcare platform, we recognize the sensitivity of your data, especially health records and personal identifiers, and treat it with the highest standards of confidentiality and care. Whether it’s to manage appointments, store records, receive consultations, or access wellness features, this policy ensures you’re fully informed.

We understand your trust in us comes with the expectation of privacy. That’s why we’ve implemented strict data protection protocols and only collect information necessary to deliver our services effectively and in accordance with the law.

By using our app, you agree to the terms of this Privacy Policy. If you do not agree, you should discontinue use of the app. We encourage you to read this document carefully and contact us if you have any questions.

Applicability and Scope

This Privacy Policy applies to all users of the MediQX Healthcare Private Limited mobile application and any affiliated services provided through the app, including health assessments, appointment bookings, virtual consultations, fitness monitoring, and medical record management. It governs the collection, use, disclosure, storage, and security of all personal and sensitive information collected through the app.

This policy is applicable to users across India and is in compliance with the Information Technology Act, 2000, especially Section 43A, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These laws mandate that any organization handling sensitive personal data must implement proper security measures and disclose how such data is processed and protected.

This policy is binding on all users of the app, whether registered or browsing anonymously. It includes the data we collect through mobile platforms, APIs, partner integrations, and support channels. If any user is accessing the services from outside India, we still apply this policy, although additional local compliance may also be enforced as applicable.

By continuing to use our services, you accept the scope and limitations of this policy and consent to our practices concerning your personal and health-related data.

Information We Collect

We collect a range of information to provide, personalize, and improve your experience on our healthcare platform. This includes both personal data and sensitive personal data, as defined by Indian IT law.

Personal Information
This refers to data that can identify you directly or indirectly, such as:

• Full name
• User ID
• Email Address
• Age
• Gender
• Date of birth
• Contact information (phone number, email address, residential address)
• Location (with your consent)
• Identification details (e.g., government-issued ID, if required for verification)
• Other voluntary details

Sensitive Personal Data or Information (SPDI)

• In accordance with Rule 3 of the IT Rules 2011, this includes:
• Health records, prescriptions, symptoms, reports, diagnoses, and medical history
• Biometric information (if used for authentication)
• Financial data (such as payment or refund details)
• Health insurance information (if applicable)

We collect this information through forms you complete, interactions with our platform, integrations with wearable devices, or other apps, all with your consent. You have the right to refuse data collection where possible, but doing so may limit access to certain features.

Service-Specific Data Collection and Use

When users access and book specific healthcare services offered through the MediQX platform, such as nursing care, physiotherapy, medical attendants, elder care, or post-operative support, we collect and process certain additional personal and health-related information required to match, deliver, and monitor those services. This includes:

• Service type requested (e.g., nurse, physiotherapist, caregiver)
• Medical or health condition information voluntarily provided by the user
• Preferred timings, location, or gender of caregiver
• Communication logs and feedback between user and staff
• Skill requirements or specialization preferences (e.g., ICU-trained nurse, orthopedic physiotherapist)

This data is collected solely for the purpose of enabling service delivery, quality assurance, dispute resolution, and compliance with applicable laws and medical standards. We ensure such data is handled with the highest level of confidentiality and used strictly within the limits outlined in this policy.

We may also analyze anonymized service data to improve platform performance, staff training, and service customization. No personally identifiable data is shared with third parties for marketing or profiling purposes without explicit consent.

All service-related data is encrypted during storage and transmission, and retained only as long as necessary to fulfill our obligations.

Eligibility and User Account Policy

Access to and registration on the MediQX platform (hereinafter referred to as “the Website” or “the App”) is strictly limited to individuals who are legally competent to contract as defined under the Indian Contract Act, 1872. This means that individuals who are “incompetent to contract”, such as minors, undischarged insolvents, or persons of unsound mind, are not permitted to register or use the Website or App in their personal capacity.

By registering or accessing MediQX, you confirm and warrant that you are legally competent to contract and are acting within your legal rights and capacity. You agree to comply with these Terms of Use and confirm that you are eligible to use the services provided.

A MediQX account is personal to the individual who registers it. Multiple users may not share a single registration ID. However, a registered user who is a parent or legal guardian may use their account to access services on behalf of dependents or individuals who are legally incompetent to contract, such as minors or persons with cognitive disabilities.

Organizations, companies, and commercial entities are not permitted to register individual accounts or access MediQX through personal user profiles.

By creating an account on MediQX, you acknowledge and agree that you will:

• Maintain only one individual account;
• Provide complete, accurate, and current information;
• Update your profile information promptly, as needed;
• Secure your account credentials and avoid sharing your password;
• Notify MediQX immediately of any unauthorized access or security breach;
• Accept full responsibility for all activity conducted through your account.

How We Use Your Information

We use the information we collect for specific, lawful, and transparent purposes to deliver a seamless and secure healthcare experience. Your data is only used as necessary to provide the services you've requested or consented to, and we never sell your personal or health-related information.

Primary Uses of Information

MediQX Healthcare Private Limited utilizes your information to deliver seamless and secure healthcare services. This includes facilitating appointment scheduling, consultations, medication tracking, diagnostics, and providing access to your medical records. Your data is also crucial for user authentication, verifying your identity when creating or logging into your account. For health monitoring, the platform uses your information to help track vitals, symptoms, and recovery progress, whether through connected devices or manual entries. Additionally, your data supports customer service by assisting you with technical or medical service-related queries via live chat, calls, or email.

Operational Uses

Operationally, your information helps MediQX improve app functionality through the analysis of usage patterns and errors, leading to enhanced app speed, security, and usability. With your consent, we use your data to send notifications and reminders, such as health alerts, appointment confirmations, medication schedules, and service updates. Furthermore, your information is essential for transaction handling, including processing payments, refunds, insurance claims, and maintaining accurate billing records.

Legal and Safety Obligations

MediQX processes your data to fulfill various legal and safety obligations. This includes ensuring compliance with relevant legal requirements, such as Indian data laws. Your information is also used for fraud prevention, helping to detect and prevent fraudulent, unauthorized, or illegal activity. Where permitted by law, your data may be used to assist government agencies during public health emergencies. We are committed to using your data ethically, collecting only the minimum amount necessary, and always respecting your privacy.

Legal Basis for Processing Information

We process your personal and health-related data based on specific legal grounds that ensure our use of information is justified, transparent, and within the bounds of law. Below are the legal bases we rely on, in accordance with Indian data protection laws and global standards:

Consent

The most common basis for data collection and use is your clear and informed consent. You provide this when you create an account, enter health information, enable location tracking, or agree to receive notifications. This consent is specific and freely given, allowing us to process your data for the purposes you've agreed to. You have the right to withdraw your consent at any time through the app settings or by contacting us, understanding that such withdrawal may affect your ability to use certain features or services. We will always make it clear what data we are requesting consent for and how it will be used.

Contractual Necessity

We process your data when it is necessary to fulfill our contractual obligations to you. This legal basis applies when you book an appointment, subscribe to a health plan, or seek medical advice through our platform. For example, we need to process your health information to connect you with a doctor for a consultation, or your payment details to process a subscription. Without this necessary information, we would be unable to provide the core app features and services you have requested and agreed to receive.

Legal Obligations

In certain situations, we are legally required to collect or retain specific types of data. This includes compliance with government mandates, court orders, or requests from law enforcement agencies, particularly during public health emergencies or investigations. For instance, we may need to retain billing records, user identity verification details, or provide public health reporting as mandated by applicable laws. Our processing under this basis is strictly limited to what is necessary to meet these legal requirements.

Legitimate Interests

We may process non-sensitive data based on our legitimate interests. This legal basis is applied to improve app performance, detect fraud, and enhance the overall user experience, provided that our interests do not override your fundamental rights and freedoms. Before processing data on this basis, we conduct a thorough assessment to ensure that the activity is lawful, proportionate, and fully aligned with your rights as a user. This includes analyzing usage patterns to identify bugs and improve functionality, which ultimately benefits all users

Cookies and Tracking Technologies

To enhance your experience and improve the performance of our healthcare app, we use cookies and similar tracking technologies. These small data files are stored on your device or browser and help us understand user behavior, preferences, and technical functionality.

Types of Cookies We Use

• Essential Cookies: These are necessary for the app to function properly. They enable core features such as user authentication, security, and navigation. Without these cookies, parts of the app may not work as intended.
• Performance and Analytics Cookies: These cookies collect anonymous information about how users interact with the app, such as pages visited, session duration, and error reports. This data helps us identify bugs and improve overall functionality.
• Functional Cookies: These remember your preferences, such as language settings, notification choices, or accessibility options, to provide a personalized experience.
• Advertising and Third-Party Cookies: We may use cookies from trusted partners to serve relevant ads based on your app usage or demographic profile. These cookies do not store personally identifiable health information.

Third-Party Tracking

Our app integrates with third-party analytics and marketing platforms, such as Google Analytics or Firebase, which may use their own cookies to collect data about your interaction with the app. We ensure that these partners adhere to strict privacy and security standards.

Managing Cookies

You have control over cookies through your device or browser settings, where you can delete or block cookies. However, disabling essential cookies may limit app functionality or prevent access to certain services.

Your Consent

By using the app, you consent to the use of cookies as described in this policy. We encourage you to review your cookie settings regularly to maintain control over your data.

Data Sharing and Disclosure

At MediQX Healthcare Private Limited, protecting your privacy is paramount, and we strictly limit the sharing of your personal and health information. We do not sell or trade your data to third parties. However, to provide you with high-quality healthcare services, there are specific circumstances where we may share your data, always under strict confidentiality and legal compliance.

Healthcare Providers and Service Partners

We may share your personal and medical information with healthcare professionals, hospitals, laboratories, pharmacies, or insurance companies involved in delivering your care. This sharing is essential for appointment scheduling, diagnosis, treatment, and claims processing. Such partners are bound by confidentiality agreements and relevant privacy laws.

Third-Party Service Providers

We engage trusted vendors to help operate the app, including cloud hosting, payment processors, analytics, and customer support services. These providers access only the information necessary to perform their services and must follow our strict data security and privacy requirements.

Legal and Regulatory Authorities

We may disclose your information when required by law, regulation, or legal process. This includes compliance with government health agencies during public health emergencies or investigations, court orders, or requests from law enforcement agencies.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you of any such changes to our ownership or control of your personal data.

Anonymized or Aggregated Data

We may use anonymized or aggregated data for research, statistical analysis, or marketing insights. Such data cannot be traced back to you individually and poses no risk to your privacy.

Data Retention and Deletion

We understand that your personal and health information is sensitive, and we are committed to retaining it only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, or enforce agreements.

Data Retention Periods

• Active Account Data: We retain your personal and health data as long as you maintain an active account with us or use our services. This allows us to provide uninterrupted care, track your medical history, and support ongoing treatments.
• Inactive Accounts: If you choose to deactivate or stop using the app, we will retain your data for a reasonable period to comply with legal requirements or to resolve any pending issues. After this period, your data will be securely deleted or anonymized.
• Legal and Compliance Needs: Certain information, such as billing records, consent forms, or transaction histories, may be retained longer if required by applicable laws, regulations, or health authorities.

Data Deletion and User Rights

You have the right to request deletion of your personal data, subject to legal and contractual obligations. Upon receiving such a request, we will promptly delete or anonymize your data unless retention is required by law. Please note that deletion of certain data may limit your ability to use the app’s features or access your health history. Requests for data deletion or account closure can be made through the app or by contacting our support team at mediqxhealthcare@gmail.com

Secure Disposal

When data is no longer needed, we ensure it is securely destroyed using industry-standard methods to prevent unauthorized access or recovery.

User Rights and Controls

We believe in empowering you with control over your personal and health information. As a user of MediQX Healthcare Private Limited, you have several rights regarding your data, which we are committed to respecting and facilitating.

Access and Correction

You have the right to access the personal data we hold about you. You can view, download, or obtain a copy of your information directly through the app or by contacting our support team. If you find any inaccuracies, you may request corrections or updates to ensure your data is accurate and up-to-date.

Data Portability

Upon request, we can provide your data in a structured, commonly used, and machine-readable format. This allows you to transfer your health information to other healthcare providers or platforms seamlessly.

Withdrawal of Consent

You may withdraw your consent for data processing at any time, subject to certain legal or contractual restrictions. Withdrawal of consent may limit your ability to use specific features or services within the app.

Objection and Restriction

You have the right to object to the processing of your data for purposes such as direct marketing or profiling. You can also request restrictions on processing certain types of data. We will evaluate such requests and comply where applicable.

Account Deactivation and Deletion

You can deactivate or delete your account at any time through the app settings or by contacting us. Deactivation suspends your account, while deletion permanently removes your data, subject to the data retention policy.

Complaints and Enforcement

If you believe your data privacy rights have been violated, you have the right to lodge a complaint with the relevant data protection authority or contact us directly for resolution.

Children’s Privacy

Protecting the privacy and safety of children is a priority for us. MediQX Healthcare Private Limited is not intended for use by children under the age of 18. We do not knowingly collect personal information from children without parental consent.

Age Restrictions

If you are under 18, please do not use or register for the app. We encourage parents and guardians to supervise their children's online activities and help ensure compliance with age requirements.

Parental Consent

If we become aware that personal information has been collected from a child under 18 without parental consent, we will take immediate steps to delete such information from our records. Parents or guardians who believe that we may have collected information from their child without consent can contact us at mediqxhealthcare@gmail.com   to request data removal.

Educational and Safety Measures

In cases where the app may provide educational content or health advice targeted at adolescents, such content is designed to be age-appropriate and comply with applicable regulations.

Data Security Measures

At MediQX Healthcare Private Limited, safeguarding your personal and sensitive health information is a top priority. We employ comprehensive technical, organizational, and administrative security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

Technical Safeguards

• Encryption: All sensitive data, including health records and personal identifiers, are encrypted using industry-standard encryption algorithms.
• Secure Authentication: We use multi-factor authentication (MFA) and strong password policies to verify user identity and prevent unauthorized account access.
• Regular Security Audits: Our systems undergo periodic vulnerability assessments, penetration testing, and code reviews to identify and mitigate potential security threats.
• Access Controls: Strict role-based access controls ensure that only authorized personnel can access sensitive data, and all access is logged and monitored. Organizational Measures

Organizational Measures

• Employee Training: All employees and contractors receive regular training on data privacy, security protocols, and breach response procedures.
• Data Minimization: We collect only the minimum data necessary to provide our services and retain it only as long as needed.
• Incident Response Plan: We maintain a documented incident response plan to promptly address any data breaches or security incidents.

User Responsibilities

We encourage users to maintain their own security by using strong passwords, updating their devices, and not sharing account credentials.

Data Breach Notification Policy

At MediQX Healthcare Private Limited, we take the protection of your personal and health information very seriously. Despite our best efforts, no system is completely immune to security incidents. In the event of a data breach, where your information is accessed, disclosed, or compromised without authorization, we are committed to acting swiftly and transparently to protect your rights

Incident Detection and Assessment

We have continuous monitoring systems in place to detect any unauthorized access or suspicious activity. Once a potential breach is identified, our security team immediately assesses the scope, severity, and impact on affected data and users.

Notification to Affected Users

If a breach is confirmed that poses a significant risk to your privacy or security, we will notify you without undue delay. This notification will include:

• A description of the nature of the breach
• The types of information affected
• Potential risks or consequences
• The steps we are taking to contain and mitigate the breach
• Recommended actions you should take to protect yourself (e.g., password changes, monitoring accounts)
• Contact information for further assistance

Notifications will be sent via email, in-app alerts, or other appropriate communication channels.

Regulatory Reporting

In compliance with the Indian IT Act, 2000, and related regulations, we will also notify the relevant data protection authorities and cooperate fully with investigations.

Preventive Measures

Following any incident, we review our security practices, implement enhanced safeguards, and provide additional staff training to prevent future breaches.

Data Localization

In compliance with Indian laws and regulations, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, MediQX Healthcare Private Limited ensures that all personal and sensitive health data collected from users within India is stored and processed primarily on servers located within the territorial boundaries of India.

Local Storage of Data

By storing your data locally, we enhance data security, reduce latency for app services, and comply with Indian government mandates that safeguard user privacy and sovereignty over sensitive personal information.

Cross-Border Data Transfers

If it becomes necessary to transfer any of your information outside India, for example, to cloud service providers or partner platforms, we ensure that:

• The recipient complies with equivalent or stricter data protection laws.
• Data transfers are subject to legally binding agreements that enforce confidentiality, data security, and user rights.
• You are informed in advance, and your explicit consent is obtained where required.

Compliance and Audits

We regularly audit our data storage and processing infrastructure to ensure adherence to data localization laws. Our commitment extends to protecting your data against unauthorized access, misuse, or breaches at every stage.

Refund and Cancellation Policy

At MediQX Healthcare Private Limited, we strive to provide clear and fair refund and cancellation terms to ensure a positive experience for our users. Please read the following policies carefully regarding any payments, subscriptions, or service cancellations.

Refund Eligibility

Refunds are applicable only for prepaid services such as consultation fees, subscription plans, or health packages when cancellations are made within the specified timeframe.

Services that have already been rendered (e.g., completed consultations or tests) are generally non-refundable.

Refund requests must be submitted through the app or via email to our support team at mediqxhealthcare@gmail.com within 7 business days of payment or service purchase.

Cancellation Terms

Users may cancel appointments, subscriptions, or other services in accordance with the timelines specified at the time of booking. Cancellations made after the permitted timeframe may incur partial or full charges as per the service terms. Certain subscription plans may be automatically renewed unless cancelled prior to the renewal date. Users will receive advance notifications for such renewals.

Refund Process

Once a refund request is approved, we process refunds within 7-14 business days using the original payment method. In cases of payment disputes or suspected fraud, refunds may be delayed pending investigation. Refunds do not include third-party transaction fees, taxes, or currency conversion charges, which are non-refundable.

Disputes and Support

If you experience issues with payments, cancellations, or refunds, please contact our customer support team promptly at mediqxhealthcare@gmail.com for resolution. We are committed to resolving disputes fairly and transparently.

Booking Costs, Cancellations, and Misuse Prevention

To ensure the efficient operation of the MediQX platform and the delivery of healthcare services, certain costs are incurred by the company each time a user initiates a booking. These costs cover system usage, secure OTP-based communication, data routing, staff assignment, and administrative handling. Regardless of whether a booking is completed, accepted, or later cancelled, the company incurs backend operational expenses.

To address this, MediQX maintains a policy whereby repeated or non-genuine booking attempts that are not fulfilled, either due to user cancellation or rejection by the service provider, may lead to applicable cancellation charges. These charges may be recovered through the user’s next transaction on the platform or through other billing mechanisms. This approach ensures fair usage and discourages deliberate or frequent disruptions that result in financial loss or inefficiency in resource allocation.

MediQX also monitors patterns of system misuse, including but not limited to:

• Repeated cancellations without a valid reason.
• Manipulative behaviour from users or staff aimed at evading service or triggering backend costs.
• Coordinated actions that interfere with legitimate operations or service delivery.
  In such cases, MediQX reserves the right to take appropriate corrective actions, including but not limited to:
• Suspension or restriction of platform access.
• Application of penalty fees.
• Recovery of damages through civil proceedings.
• Initiation of legal proceedings under applicable Indian laws, including provisions of the Information Technology Act, 2000, and the Indian Contract Act, 1872.

MediQX urges all users and staff to act responsibly when making or responding to bookings. By using the platform, you acknowledge and consent to this fair usage policy and agree to bear the consequences of any intentional disruption or misuse of platform services.

Disclaimer

The MediQX Privacy Policy is intended to inform users of the practices and procedures we follow to ensure the confidentiality, integrity, and lawful handling of personal data in accordance with applicable Indian laws, including the Information Technology Act, 2000, and related rules. However, this policy does not constitute a legal contract or guarantee of rights beyond what is mandated by law.

While every effort has been made to provide accurate and up-to-date information, MediQX makes no warranties or representations regarding the completeness or accuracy of this policy in every circumstance. The contents of this policy are subject to change based on updates to legal requirements, business practices, or technological advancements, and users are encouraged to periodically review the document.

This Privacy Policy applies solely to information collected by the MediQX mobile application and related services. By accessing or using our app, users acknowledge and agree to the terms laid out herein. Continued use of the app following any updates signifies acceptance of those changes.

For any legal concerns or clarification, users are encouraged to seek independent legal counsel or contact us via the grievance redressal mechanism outlined in this policy.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. When we do, we will update the “Last Updated” date and notify you via the app or email if the changes are material. Continued use of our app after changes constitutes your acceptance.

Grievance Redressal Mechanism

We take your concerns seriously and are committed to resolving any grievances regarding your privacy or data security efficiently and fairly. If you believe your rights under this Privacy Policy or applicable laws have been violated, please follow the steps below to submit your complaint.

How to Submit a Grievance

Contact Us: Reach out to our dedicated Grievance Officer at [grievance email] or through the app’s ‘Contact Us’ section. Please provide detailed information about your complaint, including the nature of the issue, relevant dates, and any supporting evidence.

Acknowledgment: We will acknowledge receipt of your grievance within 3 business days and provide you with an estimated timeline for resolution.

Resolution Process

• Our team will thoroughly investigate the matter, which may involve reviewing logs, data access records, and interviewing relevant personnel.
• We aim to provide a clear and detailed response within 30 days, outlining the findings and any corrective actions taken or planned.
• If you are unsatisfied with the response or resolution, you may escalate the issue to the designated Data Protection Authority or relevant legal body as per Indian IT laws.

User Cooperation

To facilitate a speedy resolution, we may request additional information or clarification from you. Your cooperation is appreciated and helps us protect your rights effectively.

Contact Us

If you have any questions, comments, or requests about this Privacy Policy or your data privacy, please get in touch with us:

MediQX Healthcare Private Limited

Address:

Email: mediqxhealthcare@gmail.com

We are committed to protecting your privacy and welcome your feedback.