Your privacy, our duty
Last updated: 1/7/2026
MedSafe is a personal health record service operated by DeRiskBio. This policy describes what data we collect, why, and the rights you have under India's Digital Personal Data Protection Act, 2023 (the "DPDP Act").
What we collect
- Account information — email, full name and the family profiles you create.
- Medical records — prescriptions, lab reports and images you upload.
- Structured clinical data — diagnoses, medicines, lab values extracted from your uploads.
- Chat history — questions you ask the assistant and its responses.
- Technical logs — minimal logs needed to operate the service.
How we use it
- To organize your records into a clinical timeline.
- To answer your questions through the in-app assistant, grounded in your own records.
- To remind you of follow-ups and flag out-of-range values.
- We do not sell your data, share it with insurers, or use it to train public AI models.
Where it lives
Records are stored in encrypted Supabase databases and object storage. AI processing is performed via the Lovable AI gateway under a data processing agreement. Service providers act as data processors on our instructions.
Your rights under the DPDP Act
- Access — see what we hold, anytime.
- Correction — fix anything inaccurate.
- Portability — export your data in JSON. Do it now.
- Erasure — delete your account and all records. Do it now.
- Withdraw consent — for AI processing or analytics at any time.
- Grievance — write to our Grievance Officer (below).
Retention
We retain your records until you delete your account. On deletion, records and stored files are removed within 30 days from primary systems and 90 days from encrypted backups.
Children's data
Profiles for minors (MedSafe Kids) may be created and managed only by a parent or verifiable guardian. We do not market to children.
Grievance Officer
MedSafe / DeRiskBioEmail: grievance@medsafe.in
Address: Kolkata, India
See also: DPDP Notice.