Privacy Policy

01. Who We Are

GDM Technoworld Private Limited ("GDM", "we", "us", or "our") is a technology company incorporated in India, with operations in India and the United States. We build AI-powered products and services, including MediSaathi — India's AI-powered health assistant application.

02. Information We Collect

We collect information to provide better services to our users. The types of information we collect depend on how you use our services.

2.1 Information You Provide Directly

• Account Information: Name, email address, phone number, and password when you create an account.
• Profile Information: Age, gender, blood group, address, and profile photo.
• Health Information: Medical history, current medications, allergies, chronic conditions, doctor details, and body vitals (blood pressure, sugar levels, weight).
• Emergency Contact: Name and phone number of your emergency contact or guardian.
• Family Information: Names, ages, and health details of family members you choose to add.
• Communication: Messages you send to us through contact forms or support channels.

2.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers.
• Usage Data: Features used, time spent, app interactions, and error logs.
• Location Data: General location (city/state) based on IP address. We do not track precise GPS location unless explicitly permitted.
• Call Data: Logs of AI voice reminder calls made through our MediSaathi service (call time, duration, response).

2.3 Information from Third Parties

• Authentication data when you sign in via Google or other providers.
• Payment confirmation data from Razorpay (we do not store card or bank details).

03. How We Use Your Information

We use the information we collect for the following purposes:

• Provide our services: To operate MediSaathi, send medicine reminders, generate health cards, and manage family health profiles.
• AI Voice Calls: To make personalised Hindi voice reminder calls through our AI assistant (Meera) using your name and medicine details.
• Emergency Alerts: To contact your designated emergency contact if you miss critical medication doses.
• Personalisation: To customise your experience and provide health insights relevant to your profile.
• Communication: To send important service updates, notifications, and respond to your queries.
• Security: To protect accounts, detect fraud, and ensure platform safety.
• Improvement: To understand how our services are used and improve features and performance.
• Legal Compliance: To comply with applicable Indian laws and regulations, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.

04. How We Share Your Information

We do not sell, trade, or rent your personal information. We may share your information only in these limited circumstances:

• Service Providers: Trusted technology partners who help us operate our services — including Supabase (database), VAPI.ai (AI voice calls), OpenAI (AI features), and Razorpay (payments). These partners are contractually bound to protect your data.
• Emergency Contacts: When you miss critical medication, we contact your designated emergency contact as you have authorised in the app.
• Legal Requirements: If required by law, court order, or government authority under applicable Indian law.
• Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before this happens.
• With Your Consent: In any other case, only with your explicit consent.

05. Data Storage & Security

We take data security seriously and implement industry-standard measures to protect your information.

• Storage: Your data is stored on Supabase's secure cloud infrastructure with encryption at rest and in transit (SSL/TLS).
• Access Control: Only authorised team members with a legitimate need can access user data. Access is logged and monitored.
• Passwords: Passwords are hashed and never stored in plain text.
• Health Data: Medical and health information is stored with additional encryption layers.
• Retention: We retain your data for as long as your account is active. You may request deletion at any time.

06. Health & Medical Data

MediSaathi handles sensitive health information. We treat this data with the highest level of care and responsibility.

• Health data is used solely to provide the MediSaathi service to you.
• We do not use your health data for advertising or marketing purposes.
• Your health data is never sold to pharmaceutical companies, insurance companies, or any third party.
• Medicine scan data processed through AI is used only to identify the medicine in that session and is not permanently stored beyond what you choose to save.
• You can delete your health data at any time from the app settings.
• Family health data is only accessible to the account holder who created those profiles.

07. Cookies & Tracking

Our website (gdmtechnoworld.in) uses cookies and similar technologies to enhance your browsing experience.

• Essential Cookies: Required for the website to function properly. Cannot be disabled.
• Analytics Cookies: Help us understand how visitors use our website. We use privacy-respecting analytics.
• Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. For detailed information, see our Cookie Policy.

The MediSaathi mobile application does not use browser cookies. It uses device storage (AsyncStorage) to save your preferences and session data locally on your device.

08. Your Rights

Under the Digital Personal Data Protection Act, 2023 (India) and applicable laws, you have the following rights:

• Right to Access: Request a copy of all personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Withdraw Consent: Withdraw consent for processing your data at any time.
• Right to Grievance Redressal: Lodge a complaint if you believe your data rights have been violated.
• Right to Nominate: Nominate another person to exercise your rights in case of death or incapacity.

To exercise any of these rights, contact us at gdmtechnoworld@gmail.com. We will respond within 30 days of receiving your request.

09. Children's Privacy

Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.

For users between 13 and 18 years of age, we recommend using MediSaathi under parental supervision. Parents or guardians may manage a child's health profile within the Family Health feature.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately and we will delete such information promptly.

10. Third-Party Services

Our services integrate with the following third-party providers. Each has their own privacy policy:

• Supabase — Database and authentication (supabase.com/privacy)
• VAPI.ai — AI voice call infrastructure (vapi.ai/privacy)
• OpenAI — AI features and medicine scanner (openai.com/privacy)
• Razorpay — Payment processing (razorpay.com/privacy)
• Expo / React Native — Mobile app platform

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make significant changes, we will:

• Update the "Last Updated" date at the top of this page.
• Notify you via email or in-app notification for material changes.
• Provide a summary of what changed.

Your continued use of our services after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: