DPDP Notice
Notice to Data Principals
Issued under Section 5, DPDP Act, 2023.
1. Data Fiduciary
MedSafe (operated by DeRiskBio), Kolkata, India.
2. Personal data processed
- Identifiers: email, full name, family member names and relationships.
- Health data: prescriptions, lab reports, diagnoses, medicines, lab values, clinical notes, images.
- Interaction data: chat history with the in-app assistant.
3. Purposes
- Maintaining your personal health record.
- Generating clinical summaries, trends and reminders.
- Powering the AI assistant strictly grounded in your records.
4. Legal basis
Consent — granted at sign-up and at the consent banner; granular toggles in Privacy & account.
5. Sharing
We do not share personal data with third parties for marketing. Processors: Supabase (storage), Lovable AI gateway (AI inference).
6. Rights of the Data Principal
- Right to access and correction.
- Right to portability — export as JSON from Privacy & account.
- Right to erasure — delete account from Privacy & account.
- Right to withdraw consent at any time.
- Right to nominate another individual on your incapacity or death.
- Right of grievance redressal.
7. Grievance redressal
Email grievance@medsafe.in. We respond within 7 working days.
8. Cross-border transfers
Storage and processing primarily in India and other jurisdictions notified by the Government of India.
9. Children
Health profiles for minors may be created and managed only by a parent or verifiable guardian.