1. Who We Are
MyMediLedger ("we", "us", "our") is a personal health record platform operated by [Your Company Name], [City], India. We provide longitudinal health record management, risk calculation tools, and clinician-sharable PDF report generation.
For the purposes of the Digital Personal Data Protection Act, 2023 (DPDP Act), MyMediLedger is the Data Fiduciary.
Contact: privacy@mymediledger.com ยท Grievance Officer contact below.
2. What Data We Collect
2.1 Data You Provide Directly
| Category | Examples | Purpose |
|---|---|---|
| Identity | Name, date of birth, sex, ABHA ID | Patient record creation |
| Contact | Mobile number, email, address | Account management, emergency contact |
| Health data | Diagnoses, medications, allergies, vitals, lab results, vaccinations | Core health record functionality |
| Risk data | ASCVD inputs, FINDRISC questionnaire answers | Risk score calculation |
| Uploaded files | Lab report images/PDFs for OCR extraction | Auto-populate lab results |
2.2 Data Collected Automatically
- Device type, browser, OS (for technical support)
- IP address (for security, rate limiting)
- Session tokens (for authentication)
- Error logs (for debugging โ no health data included)
2.3 Data We Do NOT Collect
- Payment or financial information (no payments processed)
- Location data (GPS)
- Contacts or calendar access
- Biometric data beyond what you manually enter
3. How We Use Your Data
We process your data only for the following purposes, each with a lawful basis under the DPDP Act 2023:
| Purpose | Lawful Basis |
|---|---|
| Creating and maintaining your health record | Consent (you register voluntarily) |
| Generating clinician PDF reports | Consent (you initiate report generation) |
| Calculating ASCVD, FINDRISC and other risk scores | Consent (you complete the questionnaires) |
| AI-powered lab report OCR extraction | Consent (you upload the document) |
| Authentication and security | Legitimate interest (securing your account) |
| Service improvement and bug fixing | Legitimate interest (anonymised/aggregated only) |
4. How We Store and Protect Your Data
Infrastructure
- Database: Google Cloud SQL (PostgreSQL 15), region: asia-south1 (Mumbai, India)
- Application: Google Cloud Run, region: asia-south1 (Mumbai)
- All data remains in India in compliance with data localisation recommendations
Security Measures
- Passwords hashed with bcrypt (cost factor 12)
- JWT access tokens expire in 15 minutes
- All data in transit encrypted with TLS 1.3
- All data at rest encrypted (Google Cloud default AES-256)
- Rate limiting on all API endpoints
- Security headers (HSTS, CSP, X-Frame-Options)
- No health data in error logs or analytics
Retention
Your data is retained for as long as your account is active. You may delete your account and all associated data at any time (see Section 6). Deleted data is permanently removed within 30 days.
6. Your Rights under the DPDP Act 2023
Under the Digital Personal Data Protection Act, 2023 (India), you have the following rights:
- Right to access โ Request a copy of all personal data we hold about you
- Right to correction โ Request correction of inaccurate personal data
- Right to erasure โ Request deletion of your account and all personal data
- Right to grievance redressal โ Lodge a complaint with our Grievance Officer (below)
- Right to nominate โ Nominate a person to exercise rights on your behalf in case of death or incapacity
- Right to withdraw consent โ Withdraw consent for processing at any time (this will require account deletion)
To exercise any right: email privacy@mymediledger.com with subject "Data Rights Request โ [your name]". We will respond within 72 hours and fulfil requests within 30 days.
Account Deletion
To permanently delete your account: Settings โ Account โ Delete Account, or email privacy@mymediledger.com. All health records, reports, and personal data will be permanently erased within 30 days.
7. AI Processing & Claude (Anthropic)
MyMediLedger uses Claude AI by Anthropic for the lab report OCR (image/PDF extraction) feature. When you upload a lab report image or PDF:
- The image/PDF is transmitted securely to Anthropic's API
- Anthropic processes it to extract lab values and returns structured data
- The image is not stored by Anthropic beyond the request lifecycle
- This feature is opt-in โ you upload the file manually
Anthropic's privacy policy applies to data processed through their API: anthropic.com/privacy
If you do not wish to use the AI OCR feature, you can manually enter all lab values without uploading any document.
8. Cookies and Session Storage
MyMediLedger uses sessionStorage (not cookies) to store authentication tokens during your active session. These are:
- Not persistent โ cleared when you close the browser tab
- Not accessible to third parties
- Not used for advertising tracking
We do not use third-party advertising cookies, tracking pixels, or analytics SDKs that collect personal data.
9. Children and Minors
MyMediLedger is designed for adults aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has created an account, please contact us at privacy@mymediledger.com and we will delete the account immediately.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. When we make significant changes, we will:
- Update the "Last updated" date at the top of this page
- Send a notification to your registered email address
- Show a banner in the app with a summary of changes
Continued use of MyMediLedger after the effective date of changes constitutes acceptance of the updated policy.
11. Contact & Grievance Officer
For any privacy concerns, data requests, or grievances, contact:
Grievance Officer โ MyMediLedger
If your grievance is not resolved within 30 days, you may approach the Data Protection Board of India once established under the DPDP Act 2023.