SaathiMed Pvt. Ltd. ("SaathiMed", "we", "our", or "us") is an Indian healthcare technology company committed to building AI clinical intelligence infrastructure for primary healthcare. We operate two interconnected platforms:
- 🧑⚕️ DoctorSaathi – For doctors and healthcare professionals (clinical decision support, patient management, teleconsultation, outcome tracking)
- 📱 SaathiMed Patient App – For patients and families (symptom checking, medicine reminders, health records, specialist connect, health social network)
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications, website (saathimed.com), and related services. We fully comply with Indian data protection laws including the Digital Personal Data Protection Act, 2023 (DPDP Act), and follow global best practices for healthcare data handling.
⚕️ Medical Disclaimer: SaathiMed provides AI-assisted health insights and clinical decision support for informational purposes only. This is not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider for medical concerns. In case of emergency, contact your local emergency services immediately.
1. Information We Collect
1.1 Personal Information
When you create an account, we collect the following basic personal information:
- Identity data: Full name, email address, phone number, date of birth, age, gender
- Profile data: Profile photo (optional), preferred language (English/Hindi)
- Contact data: Address (for emergency contact and nearby healthcare services)
1.2 Health Information (Sensitive Personal Data)
With your explicit consent, we collect the following sensitive health information. This data is governed by stricter protections under Indian law:
- Medical history: Past diagnoses, surgeries, hospitalizations, allergies, chronic conditions (diabetes, hypertension, heart disease, etc.)
- Symptoms data: Current symptoms, duration, severity, and associated factors you enter for AI analysis
- Health vitals: Blood pressure (systolic/diastolic), heart rate, blood sugar (fasting/postprandial), body temperature, weight, BMI, SpO2, respiratory rate
- Lifestyle data: Sleep patterns, physical activity (steps, exercise), water intake, diet preferences, stress levels
- Medical documents: Uploaded prescriptions, lab reports, radiology images (X-rays, CT scans, MRIs), discharge summaries, health records
- Medication data: Current and past medications, dosages, frequency, adherence tracking, pharmacy information
- Mental health data: Mood logs, anxiety/stress levels, wellness check-ins, sleep quality
- Family medical history: Genetic predisposition information, family history of chronic diseases
- Pregnancy data: Trimester, due date, fetal health records, prenatal care information
1.3 Doctor-Specific Information (DoctorSaathi only)
- Professional credentials: Medical registration number, state medical council details, NMC registration
- Qualifications: Medical degree (MBBS/MD/MS/DNB), specialization, fellowship, years of experience
- Practice details: Clinic/Hospital name, address, consultation timings, fees, areas of expertise
- Clinical data: Consultation notes, prescriptions, diagnostic orders, patient encounter records
- Verification documents: Professional license copies, identity proof (for KYC)
1.4 Device & Technical Information
- Device identifiers: Device model, manufacturer, operating system version, unique device ID
- Network information: IP address, mobile carrier, network type (WiFi/4G/5G)
- App usage data: Feature interactions, session duration, screen views, feature adoption patterns
- Performance data: App crashes, error logs, load times (for debugging and improvement)
- Push notification tokens: For medicine reminders, appointment alerts, health tips
1.5 Location Data
- Approximate location: Based on IP address (city/region level) for nearby hospital, doctor, pharmacy search
- Precise location: GPS coordinates (only with your explicit permission) for emergency services, ambulance location, and finding nearest healthcare facilities
2. App Permissions & Camera/Microphone Usage
SaathiMed and DoctorSaathi require certain permissions to provide comprehensive healthcare services. Here's why each permission is needed:
| Permission | Purpose | When Used |
|---|---|---|
| 📷 Camera | Scan medical reports, prescriptions, and lab reports; take photos of symptoms (rashes, wounds, swelling); video consultations with doctors; scan QR codes for health records; document injuries for telemedicine | Document upload, teleconsultation calls, profile photo, symptom documentation |
| 🎙️ Microphone | Voice notes for symptoms (especially for low-literacy users); audio/video teleconsultation; voice search for medicines and health topics; dictation for consultations | During teleconsultation calls, voice input features, voice search |
| 📁 Storage / Media | Upload medical reports, prescriptions, lab results, and images; download health records and reports; save consultation summaries and medicine schedules; store offline health data | Document management, report viewing, offline data access |
| 🔔 Notifications | Medicine reminders, appointment alerts, health tips, AI-generated health insights, teleconsultation reminders, follow-up alerts, family health alerts | Throughout app usage - essential for core health management features |
| 📍 Location | Find nearby doctors, hospitals, clinics, pharmacies, diagnostic labs, and gyms; emergency services; ambulance location; nearest healthcare facility finder | When using nearby search or emergency features |
| 🏃 Health Connect / Step Sensor | Track steps, physical activity, exercise minutes, calories burned, sleep patterns, and wellness metrics (with explicit consent) | Wellness tracking, fitness challenges, health score calculation |
| 📞 Phone / Call | Direct calling to doctors, hospitals, pharmacies, or emergency contacts; appointment confirmations via call | When user initiates call from within the app |
⚠️ Important Notice: Camera and microphone permissions are never accessed without your explicit action. You have full control. You can deny or revoke any permission anytime from your device settings. However, certain features (like scanning medical reports or video consultations) will not work without the required permissions. We never access your camera or microphone in the background.
3. How We Use Your Information
- 🤖 AI-Powered Clinical Intelligence: Analyze symptoms to generate differential diagnoses (expanding from 2-3 to 7-8 possibilities), provide health insights, and identify risk factors. Our AI is doctor-in-the-loop, designed to support, not replace clinical judgment.
- 🩺 Doctor-Patient Connection: Facilitate secure teleconsultations, share relevant medical history with your chosen doctors, enable e-prescriptions, and coordinate care across providers.
- 📊 Outcome-Based Learning: Improve our AI models through anonymized, de-identified patient outcomes. This closed feedback loop is our core defensibility — every patient outcome makes the system smarter, but no personal identifiers are used in training.
- 💊 Medication Management: Send timely medicine reminders, track adherence history, alert for potential drug interactions, notify for prescription refills, and coordinate with family caregivers.
- 📈 Health Monitoring & Trends: Track vitals over time, identify concerning patterns, generate health scores, and provide personalized wellness recommendations based on your data.
- 🔔 Notifications & Reminders: Send appointment alerts, health tips, follow-up reminders, family health alerts, and AI-generated health insights.
- 📱 App Improvement & Analytics: Analyze crash logs, usage patterns, and feature adoption to enhance user experience, fix bugs, and prioritize new features.
- ⚖️ Legal Compliance & Record-Keeping: Maintain medical records as required by Indian healthcare regulations (Clinical Establishments Act, NMC guidelines) for the prescribed retention period.
- 🛡️ Fraud Prevention & Security: Detect and prevent unauthorized access, fraudulent activities, and security breaches.
4. Artificial Intelligence & Automated Processing
SaathiMed uses advanced AI/ML technologies to provide clinical intelligence. Here's how it works:
- AI Triage System: Our differential diagnosis engine analyzes symptoms against our comprehensive medical database (5000+ medicines, 1000+ diseases, 200+ diagnostic tests) and suggests possible conditions ranked by probability and urgency.
- Pattern Recognition: Identifies health patterns and early risk indicators from anonymized, aggregated data — helping detect conditions like diabetes, hypertension, and heart disease earlier.
- Predictive Insights: Forecasts potential health deterioration based on vitals trends, medication adherence, and symptom progression — enabling early intervention.
- Data Anonymization: All AI training uses de-identified, aggregated data only. No personal identifiers (name, phone number, email, address) are ever used in model training.
- Transparency: When AI is involved in generating recommendations, we clearly indicate it. Users can always request human review of AI-generated outputs.
🤝 Doctor-in-the-Loop: Our AI is designed to augment, not replace doctors. Final clinical decisions — including diagnosis, treatment plans, and prescriptions — are always made by qualified healthcare professionals. AI serves as a cognitive aid, not an autonomous decision-maker.
5. Data Sharing & Disclosure
We NEVER sell your personal or health data. Period. This is non-negotiable.
Data is shared only in these strictly limited scenarios:
- With your explicit consent: Sharing medical records with doctors you consult, family members you add to your Family Circle, or other healthcare providers you authorize
- Service providers (data processors): Google Cloud (Firebase, Cloud Storage, AI/ML services), Twilio/Agora (video call infrastructure), Google Analytics (usage analytics — no health data). All providers sign strict Data Processing Agreements (DPAs) compliant with Indian law and are contractually prohibited from using your data for any other purpose.
- Legal requirements: When required by Indian courts, law enforcement, or regulatory bodies (NMC, ICMR, NITI Aayog) through lawful process (court order, subpoena). We will notify you before complying unless legally prohibited.
- Emergency situations: To respond to life-threatening medical emergencies (e.g., sharing your medical history with emergency responders)
- Business transfers: In the event of merger, acquisition, or asset sale, your data would be transferred with appropriate protections and notification.
6. Data Security & Encryption
We implement enterprise-grade security measures to protect your health data:
- End-to-end encryption: All health data encrypted during transmission using TLS 1.3 and at rest using AES-256 encryption
- Secure infrastructure: Hosted on Google Cloud Platform (GCP) with HIPAA-eligible configurations and industry-best security practices
- Access controls: Role-based access control (RBAC) with multi-factor authentication for all staff and administrators
- Regular audits: Quarterly security assessments, vulnerability scanning, and penetration testing by independent security firms
- Data backup: Encrypted automated backups with 30-day retention and geographic redundancy
- Employee training: Mandatory data privacy and security training for all employees annually
- Incident response: Documented breach response protocol with 72-hour notification to affected users and authorities as required by law
While we implement industry-leading security measures, no digital platform can guarantee 100% absolute security. We recommend using strong, unique passwords and keeping your app updated to the latest version.
7. Your Privacy Rights (Under DPDP Act, 2023)
Under the Digital Personal Data Protection Act, 2023, you have the following rights regarding your personal data:
- Right to Access (Section 12): Request a complete copy of all personal data we hold about you, including health records and usage history
- Right to Correction (Section 13): Correct inaccurate or incomplete information in your profile or health records
- Right to Erasure (Right to be Forgotten): Request permanent deletion of your account and all associated personal data (subject to legal retention requirements)
- Right to Withdraw Consent: Stop any data processing you previously consented to (e.g., withdrawing permission for health data collection may limit app functionality)
- Right to Data Portability: Download your health records and personal data in a structured, machine-readable format (JSON/PDF)
- Right to Restrict Processing: Limit how we use your data while maintaining account functionality
- Right to Object: Object to processing based on legitimate interests (e.g., direct marketing)
- Right to Nominate: Nominate a representative to exercise these rights on your behalf (e.g., family member, legal guardian)
- Right to File Complaint: Lodge a complaint with the Data Protection Board of India if you believe your rights have been violated
To exercise any of these rights, email us at support@saathimed.com with the subject line "Privacy Request - [Your Name]". We will verify your identity and respond within 30 days as required by law.
8. Data Retention Policy
- Active accounts: Your data is retained as long as your account remains active and in good standing
- Deleted accounts: Upon deletion request, personal data is permanently deleted within 90 days (exception: anonymized data may be retained for AI training)
- Legal retention (medical records): Certain medical records may be retained for up to 3 years as required by the Clinical Establishments Act and NMC guidelines — even after account deletion
- Anonymized data: De-identified, aggregated data (no personal identifiers) may be retained indefinitely for AI model improvement, clinical research, and healthcare analytics
- Transaction logs: Consultation records and payment histories retained for 7 years for tax and legal compliance
9. Children's Privacy (Under 18)
SaathiMed and DoctorSaathi are not intended for children under 13 years of age. For children between 13-18 years:
- Accounts must be created and managed by a parent or legal guardian
- Verifiable parental consent is required before any data collection
- Parents have full access to and control over their child's health data
- We do not knowingly collect data from children under 13 without verified parental consent
- If we discover unauthorized data collection from a child under 13, we will delete it immediately
Parents may request deletion of a child's data by contacting support@saathimed.com with proof of guardianship.
10. Data Localization & Cross-Border Transfer
In compliance with Indian data protection laws:
- Primary storage: Your health data is primarily stored on servers located in India (Mumbai, Google Cloud Asia-South1 region)
- Backup locations: Encrypted backups may be stored in other geographic regions for disaster recovery, but remain subject to Indian law
- Processing partners: Some data processing may occur through global infrastructure partners; however, all partners sign DPAs ensuring data is processed only on our instructions and with adequate protection
- No unauthorized transfers: We do not transfer health data to countries with inadequate data protection standards as determined by Indian law
11. Third-Party Services We Use
We rely on carefully vetted third-party services to deliver our platform. Each has signed strict Data Processing Agreements:
- Google Cloud Platform (GCP): Primary cloud infrastructure, database, storage, AI/ML services (Vertex AI, Cloud Functions)
- Google Firebase: Authentication, real-time database, cloud storage, push notifications, crash reporting
- Agora.io: Video and audio teleconsultation infrastructure (encrypted streams, not stored)
- Twilio: SMS notifications, WhatsApp Business API for patient follow-ups
- Google Analytics / Firebase Analytics: Anonymized usage statistics (no personal health data, no medical information)
- DeepSeek API: AI-powered symptom analysis and differential diagnosis (anonymized symptom data only)
We do not use any third-party advertising networks or data brokers. Your data is never sold to advertisers.
12. Changes to This Privacy Policy
We may update this privacy policy periodically to reflect:
- Changes in laws or regulations (e.g., DPDP Act rules, NMC guidelines)
- New features or services that affect data processing
- Changes in our data handling practices
- Security incidents or breach responses (material changes only)
For significant changes, we will notify you through:
- In-app notifications with a summary of changes
- Email to registered users (for material changes affecting your rights)
- Prominent notice on our website
The "Last Updated" date at the top of this policy indicates when it was last revised. Continued use of our services after changes constitutes acceptance. We encourage you to review this policy periodically.
13. Grievance Officer (As per IT Rules, 2021 & DPDP Act)
In compliance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023:
- Name: Amrendra Kumar (Founder & Data Protection Officer)
- Email: grievance@saathimed.com (for formal complaints)
- Alternative Email: dpo@saathimed.com (for data protection matters)
- Phone: +91 70793 34495
- Response Time: Acknowledgment within 24 hours; resolution within 7 business days
- Address: East Champaran, Bihar, India - 845401
If you are not satisfied with our response, you have the right to appeal to the Data Protection Board of India as provided under the DPDP Act, 2023.
📞 Need Help or Have Privacy Concerns?
For privacy-related questions, data access requests, or reporting a suspected breach:
Office Hours: Monday-Saturday, 9:00 AM - 6:00 PM IST