🔒 Privacy Policy

1. Who We Are and What This Policy Covers

MediNITS (“MediNITS,” “we,” “us,” or “our”) operates an AI-powered clinic management platform, accessible via www.medinits.com and related applications (the “Platform”). This Privacy Policy explains what information we collect, how we use it, how we share it, and the choices and rights available to you.

This Policy complies with India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws, and is primarily structured around DPDP concepts such as Data Fiduciary, Data Processor, consent, and legitimate uses.

This Policy applies to:

• Providers / Customers: Doctors, clinics, hospitals, and their authorized staff who create accounts and use the Platform.
• Patients: Individuals whose data is entered into the Platform by Providers.

2. Our Roles

• For Provider account and billing data, MediNITS generally acts as a Data Fiduciary.
• For patient personal data and health records uploaded by a Provider, MediNITS generally acts as a Data Processor, and the Provider is the Data Fiduciary for that patient data.

3. What Information We Collect

3.1 Provider / Account Data

• Identity & contact: name, email, phone number
• Clinic/business details: clinic name, GSTIN, billing address, invoice details
• Professional details: medical registration number, specialization, credentials
• Login data: hashed password, session tokens, device identifiers, security logs
• Support communications: messages sent to support, email correspondence

3.2 Patient Data (entered by Providers)

• Patient demographics: name, age/date of birth, gender, phone number, address
• Clinical/health information: symptoms, diagnosis, prescriptions (including AI-generated drafts), allergies, medical history, lab reports
• Appointments & communications: appointment details, reminders, follow-up schedules
• ABHA-related data where the Provider uses ABHA features, including HL7 FHIR R4 export

3.3 Payment and Transaction Data

When you subscribe or make payments, we and/or our payment partners may process subscription plan, payment status, transaction IDs, invoice details. We do not store full card details. Payments are handled by Cashfree, Razorpay, or Instamojo.

3.4 Technical and Usage Data

• IP address, browser type, device model, OS, app version
• Log data: access times, pages visited, feature usage, error logs
• Approximate location (derived from IP) for security

4. How We Use Your Information

• Provide and operate the Platform (scheduling, billing, patient portal)
• AI-powered prescription drafting and clinical assistance (output is advisory only)
• WhatsApp automation for appointment and follow-up communications
• Process subscriptions and payments; generate GST-compliant invoices
• Security, fraud prevention, and access control
• Customer support and service communications
• Compliance with applicable laws and ABHA/HL7 FHIR workflows
• Platform improvement using aggregated/de-identified data

5. Legal Basis for Processing

Consent: We rely on consent where required, including where Providers collect and input patient data.

Legitimate Uses (DPDP): We process data for performance of requested services, compliance with law, security and fraud prevention, and other legitimate uses recognized under DPDP.

6. How We Share Information

We do not sell your personal data or patient health data.

6.1 Service Providers / Sub-processors

• AI providers: Google Gemini and/or Groq (for AI-assisted drafting)
• WhatsApp automation: Meta WhatsApp Cloud API
• Payment processors: Cashfree, Razorpay, Instamojo
• Infrastructure: Cloud hosting, monitoring, and backup providers

6.2 Legal Compliance

We may disclose information if required by law, regulation, legal process, or to protect rights and safety.

6.3 Business Transfers

If MediNITS is involved in a merger or acquisition, information may be transferred with appropriate confidentiality safeguards.

7. International Data Transfers

MediNITS serves users in India, UAE, UK, USA, Singapore, Australia, Canada, and Kenya. Your data may be processed in countries where we or our service providers operate. We use contractual protections, access controls, and encryption for all cross-border transfers and comply with India-specific DPDP transfer restrictions.

8. Data Retention

• Provider account data: Retained while your account is active and for a reasonable period thereafter
• Patient records: Retained according to the Provider’s configuration and applicable medical record retention requirements
• Billing/invoice records: As required by GST and tax laws
• Backups: May persist in encrypted backups until rotation

9. Security Measures

• Encryption: AES-256 for stored data; TLS for data in transit
• Password protection: Passwords stored using secure hashing (SHA-256); never in plain text
• Access controls: Role-based access and least-privilege principles
• Audit logs: Activity logs to track access and important actions
• Login protections: Rate-limited login attempts, session expiry
• Backups: Multi-layer backup strategy

No system is 100% secure. If you believe your account has been compromised, contact [email protected] immediately.

10. Your Rights

• Access: Request information about the data we hold about you
• Correction: Request correction of inaccurate data
• Erasure: Request deletion of data no longer necessary
• Data Portability: Request export in a structured format (including HL7 FHIR R4)
• Withdraw Consent: Where we rely on consent, you may withdraw it
• Grievance Redressal: Contact our Grievance Officer (see Section 14)

11. Cookies

We use strictly necessary cookies (login sessions, security), preference cookies (settings), and analytics/performance cookies (platform improvement). You can disable cookies in your browser; however, the Platform may not work properly without necessary cookies.

12. Children’s Data

The Platform is intended for healthcare Providers, not children directly. Patient records may include data about minors where the Provider is providing care. Providers are responsible for obtaining any guardian/parent consent required under applicable laws.

13. Third-Party Links and Services

The Platform may integrate with third-party services. Their privacy practices may differ from ours. We recommend reviewing the privacy policies of those third parties including Google, Meta, and payment processors.

14. Contact Us

For privacy questions, requests, or complaints:

• Email: [email protected]
• Phone: +91 9663769576
• WhatsApp: +91 9663769576
• Website: www.medinits.com

We will make reasonable efforts to respond within timelines required under applicable law.

Last Updated: June 24, 2026. We may update this Privacy Policy from time to time. Continued use of the Platform after an update means you accept the updated Policy.