M
MyMedicalCertificate

Privacy Policy

Last updated: 1 April 2025

1. Introduction

MyMedicalCertificate ("we", "our", or "us") operates an online teleconsultation platform for the issuance of medical certificates in India. This Privacy Policy describes how we collect, use, disclose, and protect your personal and medical information when you use our website and services.

By using our services, you consent to the data practices described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Personal Information

  • Full name, date of birth, gender
  • Phone number and email address
  • Residential address, city, state
  • Government ID number (Aadhaar, PAN, Passport, etc.) — collected only when required for the certificate

2.2 Medical Information

  • Symptoms, onset date, past medical history
  • Current medications and allergies
  • Vitals (if shared during consultation)
  • Documents uploaded (reports, previous certificates)
  • Doctor's consultation notes and clinical findings (stored as EMR)

2.3 Payment Information

Payment is processed by Razorpay. We do not store card numbers or UPI VPAs. We store the Razorpay Order ID, Payment ID, and payment status for record-keeping.

2.4 Technical Information

  • IP address, browser type, device type
  • Pages visited and session duration
  • Referral source

3. How We Use Your Information

  • To provide teleconsultation services and issue medical certificates
  • To match you with an available, verified doctor
  • To send booking confirmations, certificate PDFs, and reminders via WhatsApp and email
  • To process payments and handle refunds
  • To enable certificate verification by third parties (using Reference ID only)
  • To comply with legal obligations (Telemedicine Practice Guidelines 2020, IT Act)
  • To improve our services and prevent fraud

4. Medical Data — Special Protection

Your medical information is treated as sensitive personal data under the IT (Reasonable Security Practices) Rules, 2011 and the Digital Personal Data Protection Act (DPDPA) 2023. We apply the following protections:

  • All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Medical records accessible only to the assigned doctor and authorised admins
  • Audit log maintained for every access to medical records
  • Medical data never used for advertising or sold to third parties
  • Data retained for 3 years as required under Telemedicine Guidelines, then securely deleted

5. Data Sharing

We share your data only with:

  • Assigned Doctor — name, medical intake, uploaded documents (for consultation)
  • Razorpay — for payment processing (governed by Razorpay's Privacy Policy)
  • Twilio / 360dialog — phone number and certificate PDF link for WhatsApp delivery
  • Google — email for Meet invite (consultation scheduling)
  • Law enforcement — only when legally compelled by a valid court order

We never sell your data to advertisers, data brokers, or third-party marketers.

6. Your Rights

  • Access: Request a copy of your personal and medical data
  • Correction: Request corrections to inaccurate data
  • Deletion: Request deletion of your account and data (subject to legal retention requirements)
  • Portability: Request your data in machine-readable format
  • Objection: Object to specific processing activities

To exercise any right, email us at privacy@mymedicalcertificate.in. We respond within 30 days.

7. Cookies

We use essential cookies only (session authentication). We do not use advertising or tracking cookies. Analytics is privacy-preserving (no PII sent to analytics provider).

8. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or a prominent notice on our website. Continued use after changes constitutes acceptance.

9. Contact

For privacy concerns: privacy@mymedicalcertificate.in
Address: MyMedicalCertificate, India

Related policies:

Terms of ServiceRefund PolicyConsent Policy