Privacy Policy

Privacy Policy

Bring care to your home with one click

Medixcy – Privacy  Policy Questionnaire

Purpose:

This form is designed to collect all the operational, technical, and legal details required to draft a comprehensive, DPDP Act , IT Act, Telemedicine Guidelinescompliant Privacy Notice/Policy and other related documetns for Medixcy, covering telemedicine, pharmacy delivery, and diagnostics services.

Things to remember while filling out this form:

* Please provide your answer while keeping in mind future prospects.

* Try to be as detailed as you can be, we don’t want to miss out on anything.

* Consult with your tech team, marketing team, etc before filing out this form.

* You just have to fill out “Client’s response” column.

* In case you have any doubt feel free to reach out.

 

Question

Client’s Response

Next Action / Notes

SECTION A – COMPANY & OWNERSHIP DETAILS

What is the registered Full Registered Name, address, , and Grievance Officer’s details (name, designation, phone, email) of the company?

 

MEDIXCY Pvt Ltd

H.No 76, 2nd Floor, Noor Nagar, Near Govt. Sch, Jamia Nagar New Delhi ,SouthDelhi110025,Delhi


Ahmad Umar
Director
+91-9012727184
ahmad.umar@medixcy.com

 

Are you planning to expand globally or offer services to foreign users (e.g., GCC, UK, or US)?

Yes we are Planning to expand globally

 

SECTION B – PLATFORM SERVICES

Please confirm which services Medixcy provides directly and which are through partners: 

a) Online doctor consultations 

b) E-pharmacy

c) Lab/diagnostic booking 

d) Health information repository (EHR)

e) All of the above

All of the above and also tied up with local clinics and hospitals 

 

Does Medixcy merely facilitate or also store and process medical data (consultation notes, reports, prescriptions)? If yes, then please specify what sorts of data does it collect? Also state for what purpose are these date processed or stored?

Yes, Medixcy stores and processes medical data.

What data is collected:

• Patient details (name, age, gender, contact)

• Medical history & symptoms

• Consultation notes

• Prescriptions

• Lab reports & test details

• Appointment and billing information

• Uploaded medical documents

Purpose of processing/storage:

• To enable consultations & diagnosis

• To generate prescriptions and reports

• To maintain digital health records

• For appointment, billing, and service fulfillment

• To improve care quality and patient experience

• To comply with medical and legal record-keeping requirements

 

 

Will Medixcy offer subscription plans or loyalty programs that involve user profiling?

yes

 

Will there be AI-driven health recommendations (symptom checker, drug alternatives, etc.)? If yes, Then please explain briefly about the AI model being used? 

Yes, Medixcy will offer AI-driven health recommendations (symptom checker, drug alternatives, basic triage).

AI model used:
A medically-trained model built on large language model architecture, fine-tuned on clinical guidelines and anonymized datasets. It provides preliminary suggestions, not diagnoses, and supports doctors by improving accuracy, speed, and patient guidance.

 

 

SECTION C – DATA COLLECTION MAPPING

What categories of data are collected from users at registration or during usage? (Name, contact, DOB, gender, address, payment info, device ID, IP, location, etc.) If yes, will you be using these information fon social media? Please state the purpose of data collected?

ategories of data collected:

• Basic details: name, phone, email, DOB, gender, address

• Medical data: symptoms, history, prescriptions, reports

• Usage data: device ID, IP address, location (approx), app activity

• Payment info: transaction details (not full card data)

Used on social media?
No. Medixcy does not use or share user data on social media.

Purpose of data collection:

• To create user accounts and verify identity

• To provide medical services, consultations, and reports

• To process payments and bookings

• To maintain health records

• To improve platform performance, security, and personalization

 

 

What health-specific data are collected? (Symptoms, prescriptions, reports, doctor communications, vitals, lifestyle data, etc.) Please state the purpose of such data collection

Health-specific data collected:

• Symptoms & medical history

• Prescriptions

• Lab reports & diagnostic results

• Consultation notes & doctor communications

• Vitals (if shared)

• Uploaded medical documents

• Lifestyle-related inputs (if provided)

Purpose of collecting this data:

• To enable accurate consultations and clinical decision support

• To generate prescriptions, reports, and follow-up plans

• To maintain secure digital health records

• To personalize care and improve treatment quality

• To ensure continuity of care across doctors and services

• To comply with medical documentation requirements

 

 

Do users upload prescriptions manually or through image scan? 

User will upload the prescription by image scan but can find medicine and lab test by searching too

 

Do you take user data in physical form and then convert it into digital form? If yes, please state the purpose of such collection?

Yes, Medixcy may take user data in physical form (prescriptions, reports, documents) and convert it into digital form.

Purpose:

• To maintain complete digital health records

• To enable doctors to review documents remotely

• To improve accuracy, accessibility, and continuity of care

• To store records securely for future consultations and follow-ups

 

 

Will the platform record audio/video consultations? If yes, then for what purpose?

Yes, Medixcy may record audio/video consultations only with user consent.

Purpose:

• For medical documentation and quality assurance

• To review consultations for accuracy and patient safety

• To maintain records required for follow-up care and compliance

 

 

If yes, who stores and accesses these recordings, ?

Recordings are securely stored by Medixcy on encrypted servers.

Who can access them:

• Authorized doctorsinvolved in the patient’s care

• Medixcy’s medical quality team, only when required for safety or compliance

No one else can access them, and they are never shared externally without legal or patient consent.

 

 

Do doctors input treatment notes, e-prescriptions, or follow-up details?

Yes. Doctors input treatment notes, e-prescriptions, and follow-up details directly into the Medixcy platform

 

If yes, where and how is this stored?

These records are stored securely on Medixcy’sencrypted cloud servers.

They are protected with access controls, and only authorized doctors and the patient can view them

 

 

Do you collect geolocation for medicine delivery or lab booking? If yes, then for what purpose?

Yes, Medixcy collects geolocation.

Purpose:

• To deliver medicines accurately

• To assign the nearest delivery partner

• To book labs/technicians at the correct address

• To improve service coverage and reduce delays

 

 

Do you collect data from wearablesor integrated health devices (smartwatches, BP monitors, etc.)?

No, Medixcy currently does not collect data from wearables or integrated health devices.
onreview……………………………………………

 

Do you collect any data indirectly (from third-party sources, hospitals, diagnostic labs, etc.)? If yes, then for what purpose?

Yes, Medixcy may collect data indirectly from partner clinics, hospitals, and diagnostic labs.

Purpose:

• To fetch lab reports, prescriptions, or test details

• To complete patient records for accurate care

• To provide seamless services without asking users to upload everything manually

 

 

What automated tracking tools are used? (Google Analytics, Meta Pixel, Firebase, UXCam, etc.)

Medixcy uses basic analytics tools like:

• Google Analytics – to track app/website performance

• Firebase Analytics – for app usage and crash monitoring

No Meta Pixel or UXCamis used.
onreview………………………………………..

 

 

SECTION D – DATA USE, PURPOSE & CONSENT

For what specific purposes do you use each type of data collected? (Eg. Order fulfillment, doctor matching, analytics, personalization, regulatory reporting.)

 

(Fill out this question only if you have not mentioned it in reply to abovementioned questions.)

Specific purposes for each type of data collected:

• Basic details (name, contact, DOB, gender, address):
Account creation, identity verification, communication, order fulfillment.

• Geolocation:
Accurate medicine delivery, lab technician visits, service availability checks.

• Medical data (symptoms, history, reports, prescriptions):
Doctor matching, diagnosis support, treatment planning, follow-up care.

• Consultation notes & doctor communications:
Clinical documentation, continuity of care, prescription generation.

• Payment data:
Processing transactions, receipts, and billing records.

• Device ID, IP, app usage:
Security, fraud prevention, analytics, performance improvement.

• Uploaded physical documents:
Creating complete digital health records and enabling remote medical review.

• Indirect data (labs/clinics):
Automatic report sync, accurate health records, reducing manual uploads.

• Analytics tools data (Google Analytics, Firebase):
App performance tracking, crash reports, user flow improvement.

• No social media use.

 

 

Do you use personal data for marketing, product recommendation, or retargeted ads?

No.
Medixcy does NOT use personal or medical data for marketing, product recommendations, or retargeted ads.

All data is used only for healthcare services and platform improvement, never for advertising.
onreview…………………………………….

 

 

Will data be used for research, AI training, or anonymized health trend analysis (as Practo does)?

Yes, but only in anonymized form.

Medixcy may use fully anonymized and aggregated data for:

• Health trend analysis

• Improving AI models

• Service quality improvement

• Non-identifiable research insights

No personal or identifiable data is ever used.

 

 

Will you aggregate or anonymizedata for business insights or third-party sharing?

Yes, Medixcy may use aggregated and anonymized data for business insights.

But:

• No identifiable information is ever shared.

• Third-party sharing happens only in anonymized, non-personal form and only for analytics or service improvement.

 

 

SECTION E – DATA SHARING AND DISCLOSURE

Who do you share data with? ☐Doctors ☐ Pharmacies ☐ Diagnostic labs ☐ Payment gateways ☐ Cloud or hosting providers ☐ Analytics partners ☐ Government/insurers (if empaneled)

Data is shared only with essential service partners:

• Doctors – for consultations and treatment

• Pharmacies – for medicine delivery

• Diagnostic labs – for test booking and report upload

• Payment gateways – for secure payment processing

• Cloud/hosting providers – for secure data storage

• Analytics partners – only anonymizedusage data

• Government/insurers – only if legally required or if empaneled
on review

 

 

How do you verify that partner entities (pharmacies, labs) comply with data protection standards?

Medixcy verifies partner compliance through:

• Signed data-protection agreements (DPAs)

• KYC & license verification (drug license, lab certifications)

• Periodic audits or compliance checks

• Access control limits(only required data is shared)

• Secure data-transfer protocols(encrypted channels)

Only partners meeting these standards are onboarded.

 

 

Is there a Data Processing Agreement (DPA) or confidentiality clause with each partner?

Yes.
Medixcy signs a Data Processing Agreement (DPA) or includes a confidentiality clause with every partner—doctors, pharmacies, labs, and service providers.

On reviewww…………………………………

 

Do partners have direct access to user data via API/integration?

No.
Partners do not get direct API access to user data.

They only see the limited information necessary for fulfilling their service (e.g., prescription for pharmacy, test details for labs), and all access is controlled through the Medixcy platform—not open APIs.

 

 

Is user data shared with affiliates or investors (as seen in 1mg & PharmEasy)?

No.
Medixcy does NOT share user data with affiliates or investors.

Investors and business partners never receive any personal or medical data—only high-level, anonymized metrics (like total users, growth, or revenue).

 

 

Do you share anonymized or aggregated data for commercial insights or medical research?

Yes, but only anonymizedor aggregated data.

It may be used for:

• Health trend analysis

• Service improvement

• Non-identifiable medical research

• Business insights

No personal or identifiable data is ever shared.

On review…………………………….

 

SECTION F – CROSS-BORDER DATA TRANSFER

Where are your servers hosted (AWS India, Google Cloud, etc.)? Also state if they are in India or aborad?

By shak

 

Is any user data transferred or backed up outside India (e.g., Singapore, US)?

By shak

 

Do you have contractual assurances that overseas recipients provide DPDP-compliant protection?

By shak

 

Will you engage foreign doctors or specialists on the platform? (This could trigger GDPR/HIPAA overlap.)

By shak

 

SECTION G – PAYMENT & TRANSACTION DATA

Which payment gateways are used? (Razorpay, PayU, Cashfree, etc.)

Razorpay as of now

 

Does Medixcy store payment card or wallet details, or are they tokenized via the gateway?

By shak

 

How is transaction data stored and linked to medical data (if at all)?

By shak

 

Do you send invoices or medical bills containing identifiable details electronically?

Yes we send

 

SECTION H – DOCTOR & PARTNER DATA

What data do you collect from doctors? (Name, degree, registration number, specialization, clinic address, signature, KYC docs, etc.)

Data collected from doctors:

• Name, phone, email

• Degrees & specialization

• Medical registration number

• Clinic address

• Digital signature (for e-prescriptions)

• KYC documents (ID proof, registration proof)

 

 

Are doctors independent contractors or Medixcy employees?

Employment status:
Doctors are independent contractors, not Medixcyemployees.  as of now

 

Will doctors have backend dashboards or data access to their patient records?


Yes, doctors get a secure backend dashboard to view and manage their own patient records only.

 

How is data shared between doctors and patients (encrypted chat, video, file upload)?

Data sharing between doctor & patient:
Via encrypted chat, secure video, and file upload/download channels.

 

Do you plan to onboard government doctors or medical officers?

Onboarding government doctors:
Not currently planned.
If done in future, Medixcy will comply with government service conduct rules, including:

•  

 

If yes, how will you comply with their service conduct rules?

• Prior permission/NOC

• No conflict of interest

• Limiting to allowed teleconsultation hours outside duty time

 

 

SECTION I – DATA STORAGE, RETENTION, AND DELETION

For how long do you retain: Consultation data? Lab reports? Prescription copies? Account and payment records?

Retention timelines:

• Consultation data: 3–5 years (as per medical record norms)

• Lab reports: 3–5 years

• Prescriptions: Minimum 3 years

• Account & payment records: 5–7 years (for accounting/legal compliance)

On review…………………………..

 

Do you have a data deletion mechanism (on request or automatically)?

Data deletion mechanism:
Yes. Users can request deletion, and data is securely erased except where law requires mandatory retention

 

Are backup and archival copies retained — if yes, for how long?

Backups/archival:
Yes, encrypted backups are kept ………………………………………………on review

 

Do you maintain data retention logs as required under Telemedicine Guidelines?


Yes, Medixcy maintains data retention and access logs as required under Telemedicine Guidelines & DPDP norms.

 

SECTION J – SECURITY PRACTICES

What encryption standards are used for stored and transmitted data (e.g., AES-256, SSL/TLS)?

By shak

 

Do you maintain access control logs (who accessed what data and when)?

By shak

 

SECTION K – USER RIGHTS & GRIEVANCE REDRESSAL

How will grievances be handled — via email, ticketing, Google forms or chatbot?

By shak

 

What is the response time for grievance resolution?

By shak

 

Do you have an escalation mechanism or “Data Protection Officer” (DPDP compliance)?

By shak

 

SECTION L – COMMUNICATIONS, MARKETING & COOKIES

Will you send promotional emails, SMS, or notifications (like Practo’scart reminders)?

Yes we will send

 

Will users have the option to unsubscribe or manage preferences?

Yes

 

Do you use cookies, pixels, or SDKs for behavior tracking and analytics?

Medixcy uses basic cookies and SDKs (Google Analytics, Firebase) only for performance and usage analytics.

 

Will non-essential cookies be opt-in or opt-out?

They will be opt-in, not automati

 

Do you share cookie data with third-party advertisers?

No. Cookie or tracking data is never shared with third-party advertisers.

 

SECTION M – SPECIAL DATA CATEGORIES

Do you collect data from children (below 18) — e.g., pediatric consultations?

Yes, Medixcy may collect data for patients below 18, but only through a parent/guardian account.

All pediatric consultations are handled with guardian consent and supervisio

 

 

SECTION P – MISCELLANEOUS

Will users’ testimonials or reviews be published (and moderated)?

Yes, user testimonials or reviews may be published — only with user consent.

They will be moderated to remove:

• Personal/medical details

• Abusive or misleading content

• Any privacy-sensitive information

 

 

 

 

Privacy Policy of Medixcy
Last updated: October, 2025

1. Introduction

Medixcy (“we”, “us”, “our”) provides a digital healthcare platform to users in India, offering online consultations, lab-test bookings, and medicine-delivery services (the “Services”). This Privacy Policy explains how we collect, use, process, store, disclose, and protect your personal or sensitive personal data when you use our Services or interact with us. By using our Services or providing any information, you agree to this Privacy Policy. If you do not agree, please do not use the Services or provide us your information.

We have framed this policy to comply with, inter alia:

  • Section 43A of the Information Technology Act, 2000; and

  • Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the “SPI Rules”).

2. Definitions

“Personal Information” means information that relates to a natural person, which alone or in combination with other information can identify the person.
“Sensitive Personal Data or Information (SPDI)” includes information about medical records and history, health conditions, biometric data, financial information, etc., as defined under the SPI Rules.
“You / User” refers to any person using our Services, including patients, customers, doctors, lab-partners, and others interacting with the platform.

3. Information We Collect

3.1 Information You Provide

When you register or use the Services, we may collect: your name, age/date of birth, gender, contact number, email address, address, medical history, health condition details, prescriptions, lab test reports, payment details, etc.

3.2 Information Automatically Collected

We may collect device identifiers, IP address, cookies and usage data (pages visited, time, features used) to enhance service, analytics, and security.

3.3 Information from Third Parties

We may obtain information from our service providers (labs, pharmacies), partners, or through publicly available sources to fulfil the Services.

4. Use of Information

We use the collected data for the following purposes:

  • To provide, operate and improve our Services (e.g., schedule consultations, book lab tests, deliver medicines).

  • To verify identity and eligibility, process payments, send confirmations and status updates (appointment booking, order status, delivery updates).

  • To send you transactional communications (via SMS, email, push-notification) related to your usage of the Services.

  • For customer support, feedback, surveys, analytics and product enhancement.

  • To comply with legal obligations, enforce our terms, prevent fraud and abuse.

5. Disclosure of Information

We will not sell your personal information. We may disclose your information to:

  • Our affiliates, service providers, labs, pharmacies, doctors, delivery partners — strictly on a “need-to-know” basis and with appropriate confidentiality controls.

  • Law enforcement or regulatory authorities if required by law or to protect rights, safety or security.

  • In aggregated or anonymised form (so you cannot be identified) for research, statistical purposes or business intelligence.
    Any transfer of SPDI outside India will only occur where required for performing the Services or where the recipient gives the same level of data protection as we do.

6. Data Security & Retention

We implement industry-standard security practices (encryption in transit & at rest, access controls, audits) to protect your data. However, no transmission over the Internet is 100% secure; we cannot guarantee absolute security.
We retain your personal and sensitive data only as long as necessary to fulfil the purposes outlined (providing Services, legal obligations, dispute resolution) and for a reasonable period thereafter. When data is no longer needed, we will securely destroy or anonymise it.

7. Your Rights & Choices

You may:

  • Access, correct, update or delete your personal information in our records (subject to legal / service requirements).

  • Opt-out of receiving promotional communications (though you may still receive transactional messages).

  • Manage your cookie-preferences and device identifiers (via app settings or browser settings).

  • Withdraw your consent for certain processing, but this may affect our ability to provide the Services to you.

8. Cookies & Tracking Technologies

We use cookies, web beacons, device identifiers and similar technologies to personalise your experience, remember preferences, analyse usage and for security. You may disable cookies in your browser, but certain features of the Services may not work properly.

9. Third-Party Links & Services

Our Services may contain links to third-party websites or integrations. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies.

10. Changes to this Privacy Policy

We may update this policy at any time by posting the revised version on our website or app with the “Last updated” date. When we make material changes, we will provide notice (e.g., via email or notification). Your continued use of the Services after such changes constitutes your acceptance of the new policy.

Appointment With

Specialist

Process

Appointment Process

Search Best Online Doctors

View Doctor Profile

Get Instant Doctor Appoinment

Faq’s

Frequently Asked Questions.

  • How do I contact customer service?

    You can reach our support team via in-app chat, email at support@medixcy.com or call our helpline for quick help with bookings or technical issues.

  • Do doctors pay for good reviews?

    No, doctors cannot pay for positive reviews. All feedback is genuine and shared by patients based on their real experiences.

  • Why didn't my review get posted?

    Your review may still be under moderation to ensure it meets our content guidelines. Approved reviews are usually posted within 24–48 hours.

>

Emergency call

Telephone

+919211497846

Sign up for Newsletter today.