Privacy Policy

• Account details — your name, email, and phone number, used to sign you in.
• Family health profiles — the profiles you create for yourself and family members, including vitals (such as height, weight, and blood pressure), allergies, and medical conditions.
• Medicines & inventory — medicines you add or scan, their dosages and expiry dates, and the photos you take when scanning a medicine.
• Care activity — medication courses, dose logs, prescriptions, and the connections you make with doctors and pharmacies.
• Technical data — the minimal logs needed to operate, secure, and debug the service.

• To provide and operate MedTo — reminders, expiry tracking, medicine scanning, and doctor/pharmacy connections.
• To keep your account secure and prevent abuse.
• To improve the reliability and features of the service.

A core mission of MedTo is to improve health outcomes for everyone in India. To do that, we use the health data in MedTo for research and population-health analysis — for example, understanding medicine usage, treatment patterns, and health trends across regions — so that care can be made better, safer, and more accessible for all.

This research is carried out only on aggregated and de-identified data. Your identity is never part of a research dataset.

How your identity is protected: every record that can identify you is protected by row-level security (RLS), enforced at the database. Only you — and the household members, doctors, or pharmacies you explicitly choose to connect with — can access records that identify you. Researchers and analysts work solely with combined, de-identified data that cannot be traced back to an individual.

• Row-level security on all personal and health records, enforced at the database so data stays scoped to its owner.
• Data is hosted in India (Mumbai / ap-south-1) to support data residency under India’s Digital Personal Data Protection (DPDP) Act, 2023.
• Data is encrypted in transit, and access to identifiable data is restricted to authorised processes.

• We do not sell your personal data.
• Identifiable data is shared only with the people you connect with in the app — for example, a doctor you grant a consent code to, or a pharmacy you interact with.
• We use trusted service providers to run MedTo (such as cloud hosting); they act under confidentiality obligations.
• We may disclose information where required by law.

• Access and update your profiles at any time within the app.
• Delete your account whenever you wish, from Account → Danger zone. This permanently removes the data you own. (De-identified data already incorporated into past aggregate research cannot be re-identified or individually withdrawn.)
• Contact us to exercise the rights available to you under applicable law, including the DPDP Act, 2023.

You may create profiles for family members, including children, for whom you are responsible. You are responsible for the accuracy of the information you add about others and for having the authority to add it.

We keep your data while your account is active and remove the data you own when you delete your account, except where we are required to retain it by law.

We may update this policy from time to time. We will revise the “Last updated” date above and, for material changes, notify you within the app.

Questions about your privacy? Email us at mhb@bamboatgroup.com.