1. Purpose of this privacy policy

SecureMitra (“we”, “our”, or “the company”) values your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, process, store, and secure your personal data when you use our mobile application (“app”) or related services.

It applies to all users, including adults, minors (with guardian consent), and connected members whose data is entered in the app. This document serves as an informational statement and does not constitute a contract or legal agreement.

2. Consent for mobile application

By logging in or creating an account, you give explicit consent for us to collect, store, and process your personal and health-related information to operate and improve the app, in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) and our Privacy Policy.

You consent to the collection and processing of your personal and health data as described in the Privacy Policy.
You confirm that if you upload or manage another person’s health information (such as a family member), you have their valid consent or lawful authority to do so.
You confirm that you have reviewed the Terms and Conditions and have no concerns.

3. Definitions

Data principal: The individual using the app who shares personal data. You control your personal data and determine how it is collected, stored, and shared.
Data fiduciary: Refers to both the user and the company. You act as a data fiduciary for your data, while SecureMitra acts as a supporting data fiduciary that provides infrastructure, technical safeguards, and compliance controls.
Personal data: Information that identifies an individual directly or indirectly, such as name, contact information, medical records, or unique device identifiers.
Sensitive personal data: Data related to health, biometrics, children, or any other data classified as sensitive under law.
Processing: Any action performed on personal data, including collection, use, storage, sharing, or deletion.
Data Protection Officer (DPO): The officer appointed to oversee privacy compliance, handle data subject requests, and manage grievance redressal.
Data protection laws: Any applicable law for the time being in force relating to the processing of data.

4. Principles of data processing

The app processes personal data in accordance with these core principles:

Lawfulness and transparency: All data processing is based on consent and lawful purpose.
Purpose limitation: Data is used only for specified and legitimate purposes.
Data minimization: Only data strictly necessary for intended use is collected.
Accuracy: You may review and correct your data at any time.
Storage limitation: Data is retained only for as long as required or until deletion by you.
Integrity and confidentiality: We apply industry-standard safeguards and encryption to protect your data.
Accountability: We continuously monitor and audit compliance with privacy obligations.

5. Personal information we collect

We may collect and store the following types of personal data when you use our app:

Identity information: Name, gender, date of birth, relationship details.
Contact information: Phone number, email address, and postal address (if provided).
Health and medical information: Prescriptions, reports, allergies, vitals, medical notes, and reminders.
Device and technical information: Crash logs, and session data.
Usage information: App activity, in-app preferences, and performance statistics.
Children’s data: Information about minors processed only with verified parental/guardian consent.

Voluntary Data: Our app allows users to store and manage medical records of their family members. These family members may or may not be registered users of the app and may or may not be aware that their information has been added by the primary user. In this scenario, primary users become responsible for the data they are uploading on the application including any other details voluntarily provided.

6. Purpose of processing

Personal data is processed for the following purposes:

Managing health and medical records
Sending notifications, alerts, and reminders for medications or check-ups
Enabling health analytics and summary views
Improving app performance, usability, and user experience
Facilitating user support and troubleshooting
Enabling secure authentication and verification
Complying with legal obligations or government requests

We do not process personal data for marketing or advertising without explicit consent.

7. Lawful basis for processing

Consent: You grant explicit consent when uploading or providing data.
Contractual necessity: Required to deliver requested services and maintain app functionality.
Legal obligation: Required by Indian law or lawful authority.

8. Data sharing

We may share personal data under controlled and lawful conditions:

Service providers: For hosting, OCR, analytics, notifications, and infrastructure support.
AI Service Providers: To enable features such as document scanning, OCR, or intelligent data processing. (These providers process data solely on our behalf under strict confidentiality).
Healthcare partners: When you explicitly choose to share data with physicians, clinics, or labs.
Legal authorities: When mandated by law or court order.
Cross-border transfers: If processing occurs outside India, equivalent safeguards and contractual protections will be ensured.

9. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, or destruction. Your data is stored on secure servers and safeguarded through access controls, encryption, and monitoring systems.

If you believe that your personal data has been misused, lost, or accessed without authorization, please contact us immediately at dataprotectionofficer@securemeters.com.

10. Data retention

We retain your personal data only for as long as necessary to:

Provide you with access to our products, services, and app features,
Fulfil the purposes outlined in this privacy policy,
Comply with our legal and regulatory obligations,
Resolve disputes, and enforce our agreements.

Once the retention period expires, we securely delete or anonymise your data in accordance with applicable law. Please note that even after deletion, copies may remain on backup systems for audit, legal, or regulatory purposes.

11. User rights

As a data principal, you have the following rights:

Right to withdraw Consent: You have the right to withdraw your consent at any time, but that would affect the services we provide to you.
Right to Correction and Erasure: If you find that any of your personal data is inaccurate or no longer necessary, you can request its correction or deletion.
Right to Grievance Redressal: If you have any grievances related to the handling of your personal data, you can file a complaint with the data fiduciary. SecureMitra will address your grievance promptly.
Right to Access: You have the right to access your personal data that the data fiduciary holds and obtain a copy of it.
Right to Nominate: You have the right to nominate another individual to exercise your data protection rights on your behalf in case of death or incapacity.

12. Children’s privacy

We do not knowingly allow children to independently create accounts or access the features of this application. In some cases, parents or legal guardians may upload or manage medical records of their children through the app. The responsibility for ensuring the accuracy and lawful sharing of such data lies solely with the parent or guardian providing the information.

13. Use of Tokens

Our app uses secure tokens, logs, and analytics tools to maintain performance and fix issues. These do not track you across other apps or serve ads. Some features may be limited if analytics are disabled.

14. Data breach and notification

In the event of a personal data breach likely to result in harm, we will notify affected users and the data protection board of India promptly, describing the nature of the breach, data involved, potential risks, and remedial measures undertaken.

15. Cross-border data transfer

If data is transferred outside India, such transfers will be made only to entities that ensure data protection standards equivalent to those under Indian law. Contracts with such processors include binding clauses to maintain confidentiality and adequate safeguards.

16. Changes to this policy

We may update this privacy policy periodically to reflect regulatory or operational changes. Updated versions will carry a new effective date, and continued use of the app after changes constitutes acceptance of the revised policy.

17. Contact and grievance redressal

For privacy-related concerns and complaints, contact:

Data Protection Officer (DPO)
Email: dataprotectionofficer@securemeters.com

For access rights: Fill the form - link: personal information access request (external)

If you wish to receive this Privacy Policy in any other language recognized under the Constitution of India, you may contact us at the above email address, and we will provide the same where reasonably practicable.