Privacy Policy

This Privacy Policy applies to:

• Doctors (Data Fiduciary): Registered medical practitioners who create a UnMedIQ account.
• Patients (Data Principal): Individuals whose health information is entered by their treating doctor during a consultation.

UnMedIQ acts as a Data Processor under the Digital Personal Data Protection Act, 2023 (“DPDP Act”). The treating doctor is the Data Fiduciary responsible for obtaining patient consent before entering data into this platform.

From Doctors

• Name, email address, password (hashed — never stored in plain text)
• Clinic name, address, qualification, MCI/NMC registration number
• Phone number (optional)

From Patients (entered by their doctor)

• Name, age, gender
• Mobile/WhatsApp number (optional, for follow-up reminders)
• Prescription details: medicines, dosage, investigations, clinical notes, advice
• Follow-up dates

We do not collect Aadhaar numbers, PAN, financial information, or biometric data. We do not collect data from patients directly — all patient data is entered by the doctor during the consultation.

• To provide the prescription management service to the treating doctor
• To generate and print prescriptions
• To send follow-up reminder messages to patients (only when explicitly enabled by the doctor and consented to by the patient)
• To generate anonymised usage analytics for improving the platform
• To respond to support requests

We do not sell, rent, or share your data with any third party for advertising or marketing purposes.

We process personal data under the following grounds:

• Contract: Processing necessary to deliver the service you signed up for.
• Consent: Patient data is collected only after the treating doctor confirms that the patient has given their consent (recorded with each prescription).
• Legitimate Interest: Security monitoring, fraud prevention, and service improvement.
• Legal Obligation: Medical records must be retained for a minimum period under applicable Indian law (NMC guidelines require 3 years minimum).

• Location: All data is stored in India on servers located in the AWS ap-south-1 (Mumbai) region via Supabase.
• Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
• Access control: Row-Level Security (RLS) is enforced at the database level. Each doctor can only access their own patients and prescriptions. No doctor can access another doctor’s data.
• Authentication: Passwords are hashed using bcrypt. We support Google OAuth for secure sign-in.
• No third-party data sharing: Data is not shared with pharmaceutical companies, insurers, or any third party without your explicit consent.

• Active accounts: Data is retained for as long as the account is active.
• Deleted accounts: Doctor account and personal data are deleted within 30 days of a deletion request. Patient prescription records may be retained for up to 3 years to comply with NMC medical record retention guidelines, after which they are permanently deleted.
• Export before deletion: Doctors can download all their data before requesting account deletion.

As a Data Principal (patient) or Data Fiduciary (doctor), you have the right to:

• Access: Request a copy of your personal data held by us.
• Correction: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (subject to legal retention obligations).
• Grievance Redressal: Raise a complaint if you believe your rights have been violated.
• Nomination: Nominate a representative to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, email us at support@unmediq.com with the subject line “Data Rights Request”. We will respond within 15 business days.

UnMedIQ uses only essential session cookies required to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

UnMedIQ is a tool for registered doctors. Patient records for minors are entered by the treating doctor, who is responsible for obtaining appropriate parental/guardian consent before entering data for patients under 18 years of age.

We will notify you of material changes to this policy by email and by a notice on the UnMedIQ login page at least 15 days before the change takes effect. Continued use of UnMedIQ after that date constitutes acceptance of the revised policy.

For any privacy-related queries or data rights requests:

• Email: support@unmediq.com
• Response time: 15 business days

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India once it is constituted under the DPDP Act, 2023.