Install MediGo on your device for faster access & offline use!
We use essential cookies to keep your session and cart working, and optional analytics to improve the platform. By clicking Accept you agree to our Privacy Policy.
Set Your Location
Quick Select
Legal & Privacy

Your Privacy,
Our Priority

We believe your health data is sacred. This policy explains in plain language exactly what we collect, why we collect it, and the rigorous measures we take to protect it.

Effective June 1, 2025 Last Updated June 1, 2025 Governed by Indian IT Act 2000 English (India)
Zero data selling — ever
AES-256 encryption
HIPAA-aligned practices
No ad tracking
Introduction 1. Information We Collect 2. How We Use Your Data 3. Sharing of Information 4. Data Security 5. Your Rights & Choices 6. Cookies & Tracking 7. Children's Privacy 8. Third-Party Links 9. Data Retention 10. Policy Changes 11. Contact Us
Plain-language commitment: We never sell, rent, or broker your personal health data. Your medical information is used solely to provide the services you request — nothing more.

Welcome to MediGo — a digital pharmacy platform connecting patients with licensed pharmacies for medicine discovery, prescription management, and secure pickup booking.

This Privacy Policy ("Policy") applies to all users of our website, mobile application, and related services (collectively, "Services"). It describes how we collect, process, store, disclose, and protect information about you. Please read it carefully. By continuing to use our Services, you acknowledge and agree to the practices described in this Policy.

If you are a pharmacy partner or healthcare provider using our partner portal, please refer to the Partner Data Processing Agreement available upon request.

Information We Collect

01

Information you provide directly:

  • Account data — full name, email address, mobile number, and hashed password upon registration
  • Profile data — date of birth, gender, delivery/pickup addresses, and health preferences
  • Prescription data — images and extracted text from medical prescriptions you upload for order processing
  • Booking data — medicines ordered, quantities, selected pharmacy, and preferred pickup window
  • Payment data — billing address only; card numbers are processed by PCI-DSS Level 1 certified payment gateways and never stored on our servers
  • Support communications — messages exchanged with our support team or through the in-app AI pharmacist

Information collected automatically:

Location Data
GPS coordinates (when permission granted) to surface nearby pharmacies and calculate real-time distances
Device & Browser
Browser type, OS, screen resolution, device model, and unique device identifiers for compatibility and security
Usage Analytics
Pages visited, search terms, feature interactions, click patterns, and session duration to improve the platform
Network Data
IP address, ISP, and connection type used exclusively for security, fraud detection, and rate limiting
We apply the principle of data minimisation — we only collect what is strictly necessary for a specific, defined purpose. We do not collect sensitive health data beyond what is required to fulfil your orders.

How We Use Your Data

02
  • Service delivery — processing bookings, matching you with licensed pharmacies, managing your account, and enabling prescription verification
  • Personalisation — surfacing relevant medicines, nearby stores, and health recommendations tailored to your preferences and location
  • AI Pharmacist — processing your queries through our in-app Meddy chatbot to provide medicine information; conversation context is anonymised after 90 days
  • Communications — sending booking confirmations, prescription alerts, order status updates, and responses to support requests
  • Safety & fraud prevention — detecting suspicious activity, enforcing Terms of Service, and maintaining platform security
  • Legal compliance — fulfilling obligations under the Indian IT Act 2000, pharmacy regulations, and responding to lawful orders
  • Platform improvement — analysing aggregated and anonymised usage patterns to improve features, fix bugs, and develop new services
  • Loyalty & rewards — tracking points accrued and redeemed through our loyalty programme to calculate benefits accurately
AI Pharmacist (Meddy): Conversations are stored to improve response quality. Logs are linked to your session only, are never sold or shared with third parties, and are automatically and permanently deleted after 90 days.

Sharing of Information

03

We do not sell, rent, trade, or monetise your personal information. We share data only in these limited, documented circumstances:

  • Partner pharmacies — when you confirm a booking, the fulfilling pharmacy receives only: your name, contact number, medicine details, and pickup time — the minimum necessary to serve your order
  • Service providers — vetted third-party vendors (cloud hosting, payment gateways, SMS delivery, analytics) bound by strict Data Processing Agreements (DPAs)
  • AI providers — anonymised, de-identified query text may be processed by Anthropic (Claude) or OpenAI solely for generating responses; no personally identifiable health records are ever transmitted
  • Legal obligations — when required by Indian law, a court order, or a government authority with lawful authority to compel disclosure
  • Safety emergencies — to protect the vital interests of a user or the public where there is an immediate threat to life
  • Business transfers — in the event of a merger, acquisition, or asset sale, your data will be transferred under the same privacy protections and you will be notified in advance
Never shared: Prescription images, medical history, health conditions, or diagnosis-related information are never shared with advertisers, data brokers, insurance companies, or any entity not directly involved in fulfilling your specific order.

Data Security

04

We implement defence-in-depth security architecture across all layers of our platform:

Encryption in Transit
TLS 1.3 with 256-bit encryption on all client-server communication; HSTS enforced
Encryption at Rest
AES-256 for sensitive fields; passwords hashed with bcrypt + per-user salt (never stored in plain text)
Access Control
Role-based access with least-privilege principles; MFA for all administrative accounts
Monitoring
24/7 automated anomaly detection, intrusion prevention systems, and security audit logs
No system is impenetrable. While we implement rigorous controls, we cannot guarantee absolute security. Please use a strong, unique password and notify us immediately at security@medigo.in if you suspect any unauthorised access to your account.

Your Rights & Choices

05

You have meaningful rights over your personal data. Exercise any of these by contacting privacy@medigo.in — we respond within 30 days.

Access
Request a complete copy of all personal data we hold about you
Correction
Update or correct inaccurate information directly from Account Settings
Deletion
Request permanent deletion of your account and associated data
Portability
Export your data in a structured, machine-readable JSON format
Restriction
Request limitation of processing while a dispute is resolved
Opt-Out
Manage marketing, location, and notification preferences from Settings

Cookies & Tracking

06
Cookie Type Purpose Retention Can be disabled?
Essential Login sessions, CSRF security tokens, cart state Session / 30 days No — required for core function
Preference Location, language, notification, and UI settings 1 year Yes
Analytics Understanding navigation patterns to improve UX 12 months Yes
Performance Page load time measurement, CDN optimisation 30 days Yes
We do not use advertising, retargeting, or cross-site tracking cookies. You will never see MediGo ads following you around the internet based on your health searches.

Children's Privacy

07

Our Services are designed for adults and are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has created an account or provided personal data, please contact us immediately at privacy@medigo.in and we will promptly delete the information and close the account.

Users aged 13–18 may use the platform under parental supervision, particularly when uploading prescriptions, completing bookings, or interacting with the AI Pharmacist for medication guidance.

Third-Party Links

08

Our platform may contain links to third-party websites, partner pharmacy portals, or external health resources. Once you leave our platform, this Policy no longer applies. We encourage you to review the privacy policies of any external sites before providing them with personal information.

Drug information displayed in our AI Pharmacist may be sourced from the OpenFDA public database — a US government open-data resource. Only de-identified medicine query terms are transmitted to external AI providers (Anthropic / OpenAI) — no personal details, health history, or prescription data are included in those requests.

Data Retention

09
Data Type Retention Period Reason
Account & profile data Until account deletion + 30 days anonymisation window Service continuity; fraud prevention
Booking records 7 years post-transaction Indian Pharmacy Act compliance
Prescription images 3 years Regulatory audit trail; patient safety
AI chat logs 90 days (auto-purged) Quality improvement; minimal retention
Analytics data 12 months (then anonymised) Platform improvement
Financial records 8 years Indian Income Tax Act, GST compliance

Policy Changes

10

We may update this Policy periodically to reflect changes in our practices, technology stack, legal requirements, or regulatory guidance. When material changes occur, we will:

  • Publish the revised Policy on this page with an updated "Last Updated" date
  • Send a prominent in-app notification and/or email to all active users at least 14 days before the change takes effect
  • Maintain a version archive for your reference (available on request)

Your continued use of the Services after the effective date of a revised Policy constitutes your acceptance. If you do not agree with material changes, you may delete your account before they take effect.

Contact Us

11

For any privacy-related questions, data subject requests, or to report a concern about how your data is handled, please reach out to our dedicated Privacy team:

MediGo Privacy & Data Protection Officer
We are committed to responding to all privacy enquiries within 30 business days. For urgent security incidents, please mark your email URGENT — Security.
privacy@medigo.in support@medigo.in Help Center
By using MediGo, you confirm that you have read, understood, and agree to this Privacy Policy.
© 2026 MediGo. All rights reserved.  ·  Home  ·  Help Center  ·  privacy@medigo.in
My Cart
0 items
⚕️
Meddy
AI Pharmacist
Hello! I'm Meddy, your MediGo pharmacist assistant.
I can help you understand medicines, side effects, dosage guidance, and check what's available nearby. AI Pharmacist