Introduction & Commitment
MedEase ("Company," "we," "us," or "our") operates the MedEase platform (the "Service"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform.
This Privacy Policy explains:
- What information we collect from you
- How we use and share your information
- How we protect your data
- Your rights and choices regarding your information
- How to contact us about privacy matters
By accessing and using MedEase, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use the Service.
Information We Collect
We collect various types of information to provide, maintain, and improve our Service. This information includes:
1. Information You Provide Directly
When you create an account, book an appointment, or interact with MedEase, you provide:
Name, email address, phone number, date of birth, gender, and password
Medical history, allergies, current medications, symptoms, previous treatments, and health conditions shared during consultations
Address, city, state, postal code, and geographic data for appointment location matching
Credit card details, insurance information, billing address, and transaction history (processed securely by third-party providers)
Messages, emails, feedback, support requests, and any other correspondence with MedEase staff
2. Information Collected Automatically
When you use MedEase, we automatically collect:
- Device Information: Device type, operating system, device ID, and mobile network information
- Usage Data: Pages visited, features accessed, time spent on pages, clicks, and appointment booking patterns
- Cookies & Tracking: Cookies, web beacons, and similar technologies to track your activity and preferences
- IP Address: Your internet protocol address and internet service provider
- Location Data: General location information derived from IP address or GPS data (with permission)
3. Information from Third Parties
- Healthcare providers and clinics you authorize
- Insurance companies and billing entities
- Social media platforms (if you sign up via social login)
- Payment processors and financial institutions
- Referral partners and marketing platforms
How We Use Your Information
MedEase uses your information for specific, legitimate purposes to deliver healthcare services and improve our platform:
Primary Uses
- Service Delivery: Providing medical consultations, booking appointments, managing appointments, and delivering healthcare services
- Account Management: Creating and managing your account, authentication, and profile customization
- Communication: Sending appointment confirmations, reminders, medical records, test results, and prescription information
- Payment Processing: Processing payments, billing, insurance claims, and financial transactions
- Personalization: Tailoring recommendations, search results, and services based on your health profile and preferences
Secondary Uses
- Analytics & Improvements: Understanding how patients use MedEase, identifying patterns, and improving platform features
- Safety & Security: Detecting fraud, preventing unauthorized access, and protecting platforms integrity
- Legal Compliance: Complying with HIPAA, GDPR, CCPA, and other applicable laws and regulations
- Marketing (with consent): Delivering relevant content, service updates, and promotional offers based on your interests
- Research & Development: Using de-identified data to improve medical services and develop new features
- Customer Support: Responding to inquiries, resolving disputes, and providing technical support
How We Share Your Information
MedEase shares your information only when necessary and in accordance with privacy laws. We do NOT sell your personal data to third parties.
Authorized Sharing
- With Healthcare Providers: Your medical information is shared with doctors and clinics you select for consultations and treatment
- With Hospitals & Clinics: Medical records and appointment data are shared with healthcare facilities for referrals and in-person care
- With Insurance Providers: Claim information and medical data for coverage verification and billing
- With Payment Processors: Payment and billing information with PCI-compliant third-party processors (Stripe, PayPal)
- With Service Providers: We share data with vendors who support our operations (analytics, email, hosting) under strict confidentiality agreements
- With Business Associates: Partners who assist with telehealth, prescriptions, lab services, and pharmacy fulfillment
Required Legal Disclosures
We may disclose your information when required by law, including in response to:
- Subpoenas, court orders, or legal investigations
- Government regulatory agencies and health authorities
- Law enforcement to prevent fraud or illegal activities
- Public health & safety emergencies
Data We DO NOT Share
- Your data is NOT sold to advertisers, data brokers, or marketing companies
- Your health information is NOT shared with employers or insurance companies for underwriting without consent
- Your credit card details are NOT stored or shared (handled by secure payment processors)
Data Security & Protection
MedEase implements comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:
Technical Security Measures
- Encryption: AES-256 encryption for data at rest; TLS 1.3 for data in transit
- Firewalls & Intrusion Detection: Multi-layered network protection against unauthorized access
- Multi-Factor Authentication (MFA): Requiring password + second factor verification for account access
- Secure Servers: HIPAA-compliant cloud infrastructure with redundant backups and disaster recovery
- Access Controls: Role-based access limits what data employees can view
- DDoS Protection: Advanced protection against distributed denial-of-service attacks
Organizational Security Measures
- Staff Training: All employees receive mandatory HIPAA and privacy training
- Background Checks: Security clearance for employees with access to patient data
- Data Minimization: We collect only the information necessary for healthcare delivery
- Audit Logs: All data access is logged and monitored for suspicious activity
- Incident Response Plan: Dedicated protocols for responding to potential data breaches
- Regular Audits: Quarterly security assessments and annual third-party penetration testing
Data Retention
- Medical records are retained for the period required by law (typically 7-10 years)
- Deleted data is securely destroyed and cannot be recovered
- You can request data deletion, subject to legal retention requirements
Your Privacy Rights
Under HIPAA, GDPR, CCPA, and other data protection laws, you have the following rights regarding your personal information:
Right to Access
You can request and receive a copy of all your personal data in a readable format within 30 days.
Right to Correct
If your information is inaccurate, you can request corrections or amendments to your records.
Right to Deletion
You can request deletion of your data, subject to legal and medical record retention requirements.
Right to Portability
You can request your data in a portable format to transfer to another healthcare provider.
Right to Restriction
You can limit how your data is used, though we may not be obligated to agree to all restrictions.
Right to Opt-Out
You can opt out of marketing communications, data sharing, and certain types of processing.
How to Exercise Your Rights
To exercise any of these rights, please contact our Privacy Officer at:
- Email: privacy@medease.in
- Mail: 12th Floor, Prestige Tower, Bangalore, Karnataka 560001
- Phone: +91 80 1234 5678
We will respond to your request within 10 business days or provide a reason for the delay. Requests may require identity verification to process securely.
Right to Complain
If you believe your privacy rights have been violated, you can:
- File a complaint with MedEase's Privacy Officer
- Contact your country's data protection authority
- File a HIPAA complaint with the U.S. Department of Health and Human Services Office for Civil Rights (OCR)
Children's Privacy
MedEase is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
If you believe a child has provided information to MedEase, please contact us immediately at privacy@medease.in so we can remove the data.
For children 13-18, parental consent is required for account creation and data collection.
Third-Party Links & Services
MedEase may contain links to third-party websites and services (social media, payment processors, partner clinics). We are not responsible for:
- The privacy practices of third-party websites
- The information they collect or how they use it
- Their content, ads, or services
Please review the privacy policies of any third-party services before providing them with your information. MedEase's Privacy Policy applies only to information collected through MedEase.
Changes to This Policy
MedEase may update this Privacy Policy periodically to reflect changes in laws, technology, and our practices. We will notify you of significant changes by:
- Email notification at least 30 days before the change takes effect
- Prominent notice on the MedEase website or app
- Requiring your consent for material changes that increase data sharing or reduce privacy protections
Your continued use of MedEase after updates constitutes your acceptance of the new Privacy Policy.
Last Updated: March 2026
Contact Us About Privacy
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Data Protection Officer
- Email: dpo@medease.in
- Phone: +91 80 1234 5678
- Address: 12th Floor, Prestige Tower, Bangalore, Karnataka 560001
Privacy Officer
- Email: privacy@medease.in
- Office Hours: Monday to Friday, 9am-6pm IST
- Response Time: We respond within 10 business days
For HIPAA Complaints
- U.S. Department of Health & Human Services
- Office for Civil Rights (OCR)
- Website: www.hhs.gov/ocr/privacy/hipaa/complaints