Get Now

MedSync Technologies Private Limited — Privacy Policy

 

Effective Date: 21st July 2025

1. Introduction
1.1. This Privacy Policy (“Policy”) governs the collection, use, disclosure, storage, and protection of personal data by MedSync Technologies Private Limited, a company incorporated under the Companies Act, 2013 (“MedSync”, “we”, “us”, or “our”).
1.2. This Policy applies to all Services, including our website (https://medsync.life), mobile applications, APIs, telemedicine platforms, and related offerings (collectively, the “Platform”).
1.3. By accessing or using the Platform, you signify your assent to this Policy. If you do not agree, please discontinue use immediately.

2. Definitions
For purposes of this Policy, the following terms shall have the meanings set forth below, whether singular or plural:

  • “Personal Data”: Any information that relates to an identified or identifiable natural person, including but not limited to contact information, health records, demographic data, and identifiers (e.g., Aadhaar, Health ID).

  • “Sensitive Personal Data or Information” (“SPDI”): As defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, including health status, medical records, biometric data, and financial information.

  • “Process”: Any operation performed on Personal Data, whether automated or manual, including collection, recording, organization, storage, adaptation, retrieval, consultation, alteration, disclosure, erasure, or destruction.

  • “Controller”: MedSync, which determines the purposes and means of Processing Personal Data.

  • “Processor”: Any third party engaged by MedSync to Process Personal Data on our behalf under contract.

3. Legal Basis for Processing
3.1. MedSync will Process Personal Data only if at least one of the following applies:
   a) Consent: You have given clear, affirmative consent for Processing for one or more specific purposes.
   b) Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party.
   c) Legal Obligation: Processing is required to comply with a legal obligation (e.g., ABDM regulations, Insolvency and Bankruptcy Code).
   d) Vital Interests: Processing is necessary to protect your vital interests or those of another natural person.
   e) Public Interest: Processing is necessary for performing a task carried out in the public interest.
   f) Legitimate Interests: Processing is necessary for the legitimate interests of MedSync, provided such interests are not overridden by your rights and freedoms.

4. Categories of Data Collected
4.1. Healthcare Providers:
   – Identifiers (name, registration number, qualifications).
   – Professional contact details, clinic address, licensing information.
   – Scheduling, appointment, and billing records.

4.2. Patients:
   – Identifiers (name, date of birth, gender).
   – Health-related data (medical history, diagnostic reports, prescriptions).
   – Aadhaar-linked Health ID, consent records under ABDM.

4.3. Technical & Usage Data:
   – Device identifiers, IP addresses, geolocation data.
   – Log data (access times, pages viewed).
   – Cookies and similar technologies for analytics and preferences.

5. Purpose of Processing
We Process Personal Data for the following purposes (“Purposes”):

  • Provision of EMR, teleconsultation, appointment management, and related healthcare services.

  • Compliance with ABDM consent management and interoperability standards.

  • Customer support, service notifications, and Platform maintenance.

  • Research and development, quality assurance, and performance improvement.

  • Legal compliance, audit, and dispute resolution.

  • Fraud prevention, security monitoring, and incident management.

6. Data Sharing and Disclosure
6.1. We do not sell or lease Personal Data.
6.2. We may disclose Personal Data to:
   a) Healthcare Professionals: To enable treatment and continuity of care, subject to your explicit consent.
   b) Affiliated Entities: Subsidiaries or joint ventures for internal business purposes, under confidentiality obligations.
   c) Processors: Cloud service providers (e.g., AWS), payment gateways, analytics vendors, under written data-processing agreements.
   d) Regulatory Authorities: As required by law (e.g., National Digital Health Mission, Data Protection Board of India).
   e) Legal Proceedings: In connection with litigation, investigations, or enforcement of our Terms.

7. International and Cross-Border Transfers
7.1. Personal Data may be transferred to, and stored in, jurisdictions outside India.
7.2. We shall ensure such transfers are conducted in compliance with the Digital Personal Data Protection Act, 2023, and employ adequate safeguards (e.g., Standard Contractual Clauses, Binding Corporate Rules).

8. Data Retention
8.1. We retain Personal Data only as long as necessary for the Purposes and as required by applicable law.
8.2. Retention periods may include:
   – Medical Records: Minimum of seven (7) years, or as prescribed under the Indian Medical Council Regulations.
   – Transactional Data: Five (5) years for audit and tax compliance.
   – Cookies & Analytics Data: Up to two (2) years, subject to user controls.

9. Security Measures
We implement administrative, technical, and physical safeguards including:

  • Encryption in transit (TLS 1.2+), at rest (AES-256).

  • Role-based access controls, multi-factor authentication, IAM reviews.

  • Regular penetration testing, vulnerability assessments, and audits (SOC 2 Type II, ISO 27001 readiness).

  • Incident response plan, breach notification procedures in accordance with applicable law.

10. Your Rights and Choices
10.1. Subject to applicable law, you may:
   a) Access and obtain a copy of your Personal Data.
   b) Rectify inaccurate or incomplete data.
   c) Erase Personal Data, where legally permitted.
   d) Restrict or object to Processing.
   e) Withdraw consent at any time, without affecting prior Processing.

10.2. To exercise your rights, please contact our Data Protection Officer at contact@medsync.life.

11. Children and Minors
11.1. Our Services are not intended for individuals under 18 without parental or guardian consent.
11.2. Where we process minors’ data, we shall obtain verifiable parental consent and apply heightened protections.

12. Cookies and Tracking Technologies
12.1. We use cookies, web beacons, and similar technologies to:
   – Facilitate essential Platform functionality.
   – Analyze usage trends and improve user experience.
12.2. You may manage or disable cookies through your browser settings; however, this may impact certain features.

13. Breach Notification
In the event of a data breach compromising Personal Data, we will:

  • Notify affected individuals without undue delay.

  • Report to the Data Protection Board of India and other authorities as required.

  • Implement remediation measures to mitigate harm.

14. Amendments
We reserve the right to update this Policy. Any material changes will be notified via email or prominent notice on the Platform at least thirty (30) days prior to implementation.

15. Severability
If any provision of this Policy is held invalid or unenforceable, the remaining provisions shall remain in full force and effect.

16. Contact Information
MedSync Technologies Private Limited
Email: contact@medsync.life

End of Policy

MedSync – The EMR backbone for India’s outpatient care.

Product

Company

Newsletter

Email

© 2025 MedSync