Privacy Policy

1. INTRODUCTION

Medic24 AI ("we", "our", "us") is operated by AM24 Labs. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website (medic24.io) and mobile application.

We are committed to protecting your privacy and complying with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

By using Medic24 AI, you agree to the collection and use of information as described in this policy.

2. INFORMATION WE COLLECT

2.1 Information You Provide:

• Account information: name, email address, password (encrypted)
• Google account details (if using Google Sign-In): name, email, profile picture
• Health queries: text messages you send to the AI chatbot
• Voice input: speech converted to text on your device (audio is NOT recorded or stored on our servers)
• Medical images: photos you upload for AI analysis
• Lab reports: PDF or image files you upload for analysis
• Payment information: processed by Razorpay (we do not store your credit/debit card numbers)

2.2 Information Collected Automatically:

• Device type and operating system
• IP address (anonymized)
• Usage patterns (pages visited, features used)
• App crash reports

2.3 Information We Do NOT Collect:

• Aadhaar number or government ID numbers
• Precise GPS location
• Contact list or phone data
• Audio recordings (voice is processed on-device only)

3. HOW WE USE YOUR INFORMATION

We use your information solely to:

• Provide AI-powered medical information and analysis
• Create and manage your account
• Process subscription payments via Razorpay
• Improve our AI models and services
• Send important service notifications
• Comply with legal obligations

We do NOT:

• Sell your personal data to third parties
• Use your health data for advertising
• Share your medical queries with insurance companies
• Send marketing emails without your consent

4. DATA STORAGE AND SECURITY

• Your data is stored on encrypted servers:
  • Database: Neon PostgreSQL (Singapore region)
  • File storage: Google Cloud Storage (Mumbai, India region)
  • Backend: Google Cloud Run (encrypted in transit and at rest)
• Passwords are hashed using bcrypt (industry standard)
• All data transmitted via HTTPS/TLS encryption
• JWT tokens expire after 72 hours
• We do not store your data on local devices except your authentication token

5. THIRD-PARTY SERVICES

We use the following third-party services:

• HuggingFace (AI model inference) — processes your queries to generate responses. See: huggingface.co/privacy
• Google Cloud Platform (hosting and storage) — stores your uploaded files. See: cloud.google.com/privacy
• Neon (database hosting) — stores your account and chat data. See: neon.tech/privacy
• Razorpay (payment processing) — processes your payments. See: razorpay.com/privacy
• Google OAuth (authentication) — handles Google Sign-In. See: policies.google.com/privacy
• Vercel (website hosting) — serves the web application. See: vercel.com/legal/privacy-policy

These services have their own privacy policies. We recommend reviewing them.

6. YOUR RIGHTS (Under DPDPA 2023)

As a user in India, you have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and all associated data
• Portability: Request your data in a portable format
• Withdraw Consent: Withdraw consent for data processing at any time
• Grievance: File a complaint with our Grievance Officer

To exercise any of these rights, email: am24@medic24.io

7. DATA RETENTION

• Active accounts: Data retained as long as account is active
• Deleted accounts: All personal data deleted within 30 days of account deletion request
• Chat history: Retained for 12 months, then automatically deleted
• Lab reports: Retained for 6 months after upload
• Payment records: Retained for 7 years as required by Indian tax law

8. CHILDREN'S PRIVACY

Medic24 AI is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent and believe your child has provided us with personal data, please contact us at am24@medic24.io.

9. COOKIES AND TRACKING

Our website uses essential cookies only:

• Authentication token (to keep you logged in)
• Session preferences (language, theme)

We do NOT use:

• Advertising cookies
• Third-party tracking cookies
• Analytics cookies that track you across websites

10. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of Medic24 AI after changes constitutes acceptance of the updated policy.

11. GRIEVANCE OFFICER

Name: Monil Lalwani
Designation: Founder, AM24 Labs
Email: am24@medic24.io
Address: Parul University, Vadodara, Gujarat 391760, India

Response time: Within 48 hours of receiving your query.

12. CONTACT US

For any privacy-related questions or concerns:

• Email: am24@medic24.io
• General: am24@medic24.io
• Address: AM24 Labs, Parul University, Vadodara, Gujarat 391760