DPDP Notice

Notice to Data Principals

Issued under Section 5, DPDP Act, 2023.

1. Data Fiduciary

MedSafe (operated by DeRiskBio), Kolkata, India.

2. Personal data processed

  • Identifiers: email, full name, family member names and relationships.
  • Health data: prescriptions, lab reports, diagnoses, medicines, lab values, clinical notes, images.
  • Interaction data: chat history with the in-app assistant.

3. Purposes

  • Maintaining your personal health record.
  • Generating clinical summaries, trends and reminders.
  • Powering the AI assistant strictly grounded in your records.

4. Legal basis

Consent — granted at sign-up and at the consent banner; granular toggles in Privacy & account.

5. Sharing

We do not share personal data with third parties for marketing. Processors: Supabase (storage), Lovable AI gateway (AI inference).

6. Rights of the Data Principal

  • Right to access and correction.
  • Right to portability — export as JSON from Privacy & account.
  • Right to erasure — delete account from Privacy & account.
  • Right to withdraw consent at any time.
  • Right to nominate another individual on your incapacity or death.
  • Right of grievance redressal.

7. Grievance redressal

Email grievance@medsafe.in. We respond within 7 working days.

8. Cross-border transfers

Storage and processing primarily in India and other jurisdictions notified by the Government of India.

9. Children

Health profiles for minors may be created and managed only by a parent or verifiable guardian.