Your records,
your rules.

MediConsult exists because Indians deserved a healthcare platform that takes their data as seriously as their health. This policy explains — in plain language — what we collect, why, how we keep it safe, and how you can control it.

This policy applies to mediconsult.life, our mobile apps, and the API our partner clinics use. It does not cover third-party services like Razorpay or Calendly, which have their own policies (linked at the end).

Account: name, date of birth, gender, phone, email, profile photo.

Health: symptoms, prescriptions, lab reports, imaging and other records you upload or your doctor adds.

Bookings: doctors you searched and visited, slots, payment status, refunds.

Device: IP address, browser type, and crash logs to keep the platform stable.

To match you with the right clinician and process bookings.

To make your medical history available to the doctor you book — only at the moment of the consult, with your consent.

To send transactional messages (booking confirmations, reminders, refunds). You can opt out of marketing notifications at any time.

To meet our legal obligations and to fight fraud.

The doctor you book — and only that doctor — sees your relevant medical history for the duration of the consult.

Razorpay processes payments. Calendly hosts your slot. Both are bound by their own privacy policies and our data-processing agreements.

We never sell your data. We never use your health data for advertising. Full stop.

Access, correct or export your data from your dashboard at any time.

Delete your account — we erase your data within 30 days, except where law requires us to keep records (e.g. invoices for 7 years).

Object to processing or restrict it. We respond within 7 days.

Complain to a Data Protection Officer. Ours is reachable at support@mediconsult.life.

AES-256 encryption at rest. TLS 1.3 in transit.

Servers physically located in India (Mumbai + Hyderabad). No cross-border transfer of health data without your consent.

ISO 27001 certified. HIPAA-aligned controls. Independently audited every 6 months.

Role-based access. Staff who access your records must justify each access — logs are tamper-evident and reviewed quarterly.

We use a small set of first-party cookies to keep you signed in and remember your preferences.

We use privacy-friendly analytics (Plausible) that doesn’t set tracking cookies and aggregates data.

We do not run third-party advertising trackers.

For users under 18, we require a parent or legal guardian to set up the account and consent to processing.

Pediatric records are encrypted with the same standard as adult records but are accessible only to the verified guardian.

When we update this policy, we email you 30 days before changes take effect.

Material changes (new data uses, new third parties) require fresh consent. You can decline and continue using the platform with the older terms until 60 days have passed.

Email: support@mediconsult.life · DPO: support@mediconsult.life

Post: MediConsult Health Technologies Pvt. Ltd., 4th Floor, WeWork Embassy GolfLinks, Bengaluru 560071.

Grievance officer: Anish Kapur · support@mediconsult.life (resolved within 7 days).