Privacy Policy

Last updated: April 2026

1. Introduction

MedKyo ("we", "our", "us") is committed to protecting the privacy of your personal data. This policy explains how we collect, use, store, and share information when you use MedKyo ("Service").

We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act), Telemedicine Practice Guidelines 2020, and applicable Indian data protection laws.

2. Information We Collect

Account Information: Name, email, phone number, clinic name, clinic address, and professional qualifications.

Patient Data: Patient records, prescriptions, billing information, and appointment history entered by authorised clinic staff. This data is owned by the clinic.

Usage Data: Device type, browser, IP address, pages visited, and feature usage patterns.

Payment Information: Processed by Razorpay. We do not store full card numbers.

3. How We Use Your Information

  • Provide and maintain the MedKyo Service
  • Process prescriptions, billing, and patient management
  • Send WhatsApp messages on behalf of your clinic
  • Improve AI prescription suggestions and drug interaction warnings
  • Send service-related communications
  • Comply with ABDM/ABHA requirements

4. Data Security

All patient data is encrypted using AES-256 encryption in transit (TLS 1.3) and at rest. Data is stored on secure servers in India. Role-based access controls ensure only authorised staff can access patient records. Offline data on your device is also encrypted.

5. Data Sharing

We do not sell patient data. We share data only:

  • With your consent (e.g., sending prescriptions via WhatsApp)
  • With ABDM/ABHA networks when you link patient health IDs
  • With Razorpay for subscription billing
  • When required by law

6. Your Rights (DPDP Act 2023)

  • Access your personal data
  • Correct inaccurate data
  • Erase your data (subject to legal retention requirements)
  • Withdraw consent for data processing
  • File a grievance with us or the Data Protection Board of India

7. Data Retention

We retain data while your account is active. Medical records are retained as required by law. After account closure, data is deleted within 90 days unless legally required.

8. Changes to This Policy

We will notify you of material changes via email or in-app notification at least 30 days before they take effect.

9. Contact Us

Phone: +91 93343 84395

Email: admin@medkyo.com