Privacy Policy

1. Who We Are

MediFamily is a free, open-source, offline-first family health record management application developed by Sandeep Pandey, operating under the name 2XG, based in Bangalore, Karnataka, India.

For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDPA") and the Information Technology Act, 2000 ("IT Act"), we act as the Data Fiduciary — meaning we determine the purpose and means of processing your personal data.

This Privacy Policy explains how we collect, use, store, share, and protect your personal and health information. Because MediFamily handles sensitive health data, we take your privacy extremely seriously.

2. Legal Basis for Processing

We process your personal data based on:

• Your consent — provided when you create an account and agree to these terms. Under the DPDPA, consent must be free, specific, informed, unconditional, and given through a clear affirmative action.
• Legitimate uses — for performing the service you have requested (storing health records, sending reminders, processing AI queries).
• Legal obligations — where required by applicable Indian law.

You may withdraw your consent at any time. Withdrawal of consent is as simple as granting it — you can delete your account from within the app or contact us. Upon withdrawal, we will delete your data unless we are required by law to retain it.

3. Personal Data We Collect

A. Data You Provide Directly

B. Health Records You Create

• Prescription records (doctor name, hospital, diagnosis, notes, images)
• Lab reports, vaccination records, bills, discharge summaries
• Medicine list (name, dosage, frequency, duration, timing)
• Health vitals (blood pressure, blood sugar, weight, temperature, SpO2)
• Symptom/mood tracking entries (stored locally only, never synced to cloud)
• Medicine reminder schedules

C. Data Generated Automatically

• Reminder adherence logs (taken/missed/skipped status)
• Share access logs (timestamp when someone views your shared link)
• AI usage logs (feature calls for cost tracking and error debugging)
• Sync timestamps (last sync time with cloud)

D. Data We Do NOT Collect

We explicitly do not collect:

• Location or GPS data
• Contacts, address book, call logs, or SMS
• Advertising identifiers
• Browsing history
• Financial or payment information
• Biometric data (fingerprint, face ID)
• Aadhaar number (only ABHA ID is stored, never raw Aadhaar)

We do not use Google Analytics, Mixpanel, or any third-party analytics or advertising platform.

4. Purpose of Data Processing

We process your personal data solely for the following purposes:

• Account management: Creating your account, authenticating logins, managing sessions
• Health record storage: Storing, organizing, and retrieving your family's health records
• AI-powered features: Processing prescriptions, analyzing lab reports, identifying medicines, answering health queries using Google Gemini AI
• Medicine reminders: Sending push notifications at scheduled times
• Doctor sharing: Generating time-limited links to share records with healthcare providers
• Data synchronization: Syncing local data to cloud for backup and cross-device access
• Service improvement: Debugging errors and monitoring AI feature costs

We do not use your data for advertising, profiling, behavioral targeting, or any purpose beyond delivering the MediFamily service.

5. How and Where We Store Your Data

A. Local Storage (Your Device)

MediFamily is offline-first. Most of your data lives on your device:

• IndexedDB (via Dexie.js): All health records, family profiles, medicines, reminders, vitals
• localStorage: Session data (email, name, user ID), app settings (language, theme, PIN hash, notification preferences)
• Images: Prescription and lab report images stored as compressed blobs in IndexedDB (max 500KB each, max 10 per record)
• Service Worker Cache: App shell and assets cached for offline functionality
• Symptom tracking data is stored locally only and is never synced to any server

B. Cloud Storage (Supabase)

• Provider: Supabase (hosted on AWS ap-south-1, Mumbai, India)
• Data location: India (Mumbai region) — your health data does not leave India for storage purposes
• What is synced: All records except locally-stored images and symptom tracker data
• Sync frequency: Automatically every 30 minutes when online, or manually triggered by you
• Encryption in transit: All connections use HTTPS/TLS 1.2+
• Encryption at rest: PostgreSQL encryption at rest (AES-256) via Supabase/AWS
• Access control: Row Level Security (RLS) — every database query is scoped to your user ID. You can only access your own data. No other user or MediFamily employee can access your records.

C. Data NOT Stored Anywhere

• Passwords in plaintext (only bcrypt hash via Supabase Auth)
• Credit card or payment information (no payments in app)
• Raw Aadhaar number (only ABHA ID if linked)

6. Third-Party Services and Data Sharing

We share your data only with the following services, strictly for delivering the MediFamily service:

Services We Do NOT Use

We do not use any advertising networks, analytics platforms (Google Analytics, Mixpanel, etc.), social media SDKs, crash reporting services, A/B testing tools, or data brokers.

7. When Your Data is Shared

A. Share Links (Initiated by You)

• You can create time-limited, secure share links to share health records with doctors
• Shared: Family member profile (name, blood group, allergies, conditions), health records, medicines
• Not shared: Your email, user ID, reminders, app settings
• Links expire after a configurable duration (default: 24 hours)
• You can revoke any share link at any time
• Doctors see a read-only view — no MediFamily account needed to view
• Access is logged (timestamp only, no IP tracking)

B. We Never Share Your Data With

• Advertisers or advertising networks
• Data brokers or data aggregators
• Insurance companies
• Employers
• Government agencies (unless compelled by valid legal process under Indian law)
• Any commercial third party for monetary or non-monetary consideration

8. Cross-Border Data Transfers

Your health records are stored in India (AWS Mumbai region via Supabase). However, when you use AI-powered features (prescription scanning, AI doctor chat, lab analysis, medicine identification), the relevant data is sent to Google Gemini AI servers, which may be located outside India.

Under the DPDPA 2023, cross-border data transfers are permitted unless the destination country is on a government-notified restricted list. As of the date of this policy, no country has been restricted.

We minimize cross-border transfers by:

• Storing all primary data in India
• Sending only the minimum necessary data to AI services
• Never sending email, password, phone, or ABHA details to AI services
• Processing OCR (text extraction) entirely on your device via Tesseract.js

9. Security Measures

We implement security practices aligned with industry standards to protect your data:

10. Data Breach Notification

In the event of a personal data breach, we will:

• Notify the Data Protection Board of India within 72 hours of becoming aware of the breach, as required under the DPDPA 2023
• Notify affected users via email with details of: the nature and extent of the breach, data affected, potential consequences, and steps we are taking to mitigate harm
• Take immediate steps to contain and remedy the breach
• Maintain a record of all breaches and actions taken

11. Your Rights as a Data Principal

Under the DPDPA 2023 and the IT Act 2000, you have the following rights:

• Right to Access: View all your personal and health data at any time within the app
• Right to Correction: Edit or update any of your health records, family profiles, medicines, or personal information
• Right to Erasure: Delete individual records from within the app, or request complete account and data deletion by contacting us
• Right to Data Portability: Export all your data in JSON or CSV format (More → Download Report)
• Right to Withdraw Consent: Withdraw your consent at any time by deleting your account. Withdrawal is as easy as granting consent.
• Right to Nominate: Under the DPDPA, you have the right to nominate another person to exercise your rights in case of your death or incapacity
• Right to Complain: If we fail to address your concerns, you may file a complaint with the Data Protection Board of India

To exercise any of these rights, contact us at sandeep@2xg.in.

12. Data Retention

• Active data: Retained as long as your account exists and you continue using the service
• Deleted records: Soft-deleted (marked as is_deleted) in the database. Permanently purged during periodic cleanup cycles.
• Share links: Automatically expire after the duration you set (default: 24 hours)
• AI usage logs: Retained for cost tracking and debugging purposes
• After account deletion: All cloud data associated with your account is deleted. Local data on your device remains under your control.
• Full data removal: Contact us at sandeep@2xg.in to request permanent deletion of all data. We will process your request within 30 days.

13. Cookies and Tracking Technologies

MediFamily uses only strictly essential cookies:

• Supabase session cookie: Required for authentication and keeping you signed in. This is a first-party, httpOnly, secure cookie.

We do not use:

• Tracking cookies
• Advertising cookies
• Third-party cookies
• Browser fingerprinting
• Pixel tracking or web beacons

14. Children's Privacy

Under the DPDPA 2023, a "child" is any person under 18 years of age.

• MediFamily does not allow children under 18 to create their own accounts
• Family members (including children) are added and managed exclusively by the parent or legal guardian who holds the account
• Children's health records are accessible only to the account holder (parent/guardian)
• We do not engage in behavioral monitoring or targeted advertising directed at children
• If we become aware that we have collected personal data from a child without verifiable parental consent, we will delete that data

15. AI Features and Health Data

16. Regulatory Compliance

India: DPDPA 2023 & IT Act 2000

• Personal data processed with explicit user consent
• Health data treated as sensitive personal data with additional care (per IT Rules 2011 SPDI framework)
• Data stored in India (AWS Mumbai region)
• Data minimization: only data necessary for the stated purpose is collected
• No data sold or shared with third parties for commercial purposes
• Users can withdraw consent by deleting their account
• Grievance redressal mechanism provided (see Section 18)

GDPR (for EU Users, if applicable)

• Data minimization, right to access, right to erasure, and data portability supported
• No automated decision-making that produces legal effects

HIPAA (US)

MediFamily does not claim HIPAA compliance. We have no Business Associate Agreement (BAA) with Supabase or Google. MediFamily is not intended for use by US healthcare providers as an Electronic Health Record (EHR) system.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the "Last updated" date at the top of this page
• For significant changes, we will notify you via email or in-app notification
• Continued use of MediFamily after changes constitutes acceptance of the updated policy
• If you do not agree with the changes, you may delete your account

18. Grievance Redressal

In accordance with the DPDPA 2023 and the IT Act 2000 (Rule 5(9) of the IT Rules 2011), we have designated a Grievance Officer:

If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India as established under the DPDPA 2023.

19. Contact Us

• Email: sandeep@2xg.in
• GitHub: MEDIFAMILY Issues
• Location: Bangalore, Karnataka, India