Privacy Policy
Last updated: April 8, 2026 · Effective date: January 1, 2025
MedHeal Pharmacy Pvt. Ltd. ("MedHeal", "we", "us") is committed to protecting your privacy. This policy explains how we collect, use, share and safeguard the personal information you provide when using our website, app or services.
Your Data is Safe
Industry-grade encryption on all data transmissions.
No Data Selling
We never sell your personal information to third parties.
You're in Control
Access, update or delete your data any time.
Transparent Usage
We tell you exactly what we collect and why.
1. Information We Collect
We collect information when you create an account, place an order, upload a prescription, contact us or browse our platform. The table below summarises each category:
| Data Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email, phone, password (hashed) | Login, order management, communication |
| Order Data | Shipping address, order history, invoices, prescription uploads | Fulfil and track your orders |
| Payment Data | Payment method type, transaction ID (card numbers handled by Razorpay — never stored by us) | Process payments securely |
| Usage Data | IP address, browser, pages visited, search queries, click patterns | Improve website performance and personalise experience |
| Communication Data | Chat history, support tickets, emails, WhatsApp messages | Customer support and order updates |
| Prescription Data | Uploaded prescription images/PDFs (for Rx-only medicines) | Regulatory compliance; dispensed as per Schedule H/H1 rules |
2. How We Use Your Information
- Process and fulfil your orders, including prescription verification for Rx medicines.
- Send order confirmations, shipping updates and delivery notifications via SMS, email and WhatsApp.
- Provide customer support and resolve complaints.
- Improve our catalogue, website performance and personalise recommendations.
- Send promotional emails and offers with your consent — you can opt out any time.
- Comply with Indian pharmaceutical regulations (Drugs Act 1940, Schedule H/H1, CDSCO guidelines).
- Detect and prevent fraud, unauthorised access and abuse.
3. Data Sharing & Disclosure
We never sell your personal data. We share data only with the following categories of trusted partners, under strict confidentiality agreements:
Payment Processors
Razorpay — for secure payment handling (PCI-DSS certified)
Logistics Partners
Shiprocket, Delhivery, DTDC — for order dispatch and tracking
Cloud Services
AWS (Mumbai region) — for secure data storage and hosting
Communication
Twilio / MSG91 — for SMS and WhatsApp order notifications
Analytics
Google Analytics (anonymised) — to improve website experience
Regulatory Authorities
CDSCO, State Drug Controllers — if legally required for Rx compliance
4. Data Security
Our security measures include:
- ✓ TLS 1.3 encryption for all data in transit
- ✓ AES-256 encryption for data at rest
- ✓ Payment data handled exclusively by Razorpay (PCI-DSS Level 1) — never stored on MedHeal servers
- ✓ Regular third-party security audits and penetration testing
- ✓ Role-based access controls — staff access data only on a need-to-know basis
- ✓ Prescription files stored in private, access-controlled cloud storage
5. Cookies & Tracking
We use cookies to keep you logged in, remember your cart and improve performance. You can disable non-essential cookies via your browser settings.
| Type | Purpose | Can be Disabled? |
|---|---|---|
| Essential | Session management, cart persistence, authentication | No — required for basic site functionality |
| Analytics | Google Analytics — understand how visitors use the site | Yes — via browser settings |
| Marketing | Retargeting pixels (opt-in only) | Yes — opt out at any time |
6. Your Rights (DPDP Act 2023)
Under India's Digital Personal Data Protection Act 2023, you have the following rights:
Right to Access
Request a copy of all personal data we hold about you.
Right to Correction
Ask us to correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your data (subject to legal obligations).
Right to Grievance
Raise a complaint with our Data Protection Officer within 30 days.
Right to Nominate
Nominate another individual to exercise rights on your behalf.
Right to Withdraw Consent
Opt out of marketing communications at any time.
7. Children's Privacy
Our services are intended for adults aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has provided us personal data, please contact us immediately and we will delete it promptly.
8. Data Retention
We retain your account and order data for 7 years as required under Indian tax and pharmaceutical laws. Prescription records are retained for a minimum of 5 years per CDSCO guidelines. You may request earlier deletion of non-essential data at any time.
9. Policy Changes
We may update this policy periodically. Significant changes will be notified via email or an in-app banner at least 14 days before they take effect. Continued use of our platform after changes constitute acceptance of the updated policy.
Contact Our Data Protection Officer
For privacy-related queries, data requests or complaints:
Email: medhealpharmacy@gmail.com
Address: MedHeal Pharmacy Pvt. Ltd., INSIGNIA, Kothapet, Hyderabad, Telangana 500102
Response time: We aim to respond within 30 working days.