Privacy Policy

MedNode AI — Privacy Policy

mednode.in

Your health data is yours. This policy explains exactly what we collect, how we use it, and the strong controls you have over your personal health information.

Last updated: May 21, 2026 Effective: May 21, 2026

Overview

MedNode AI ("we", "our", or "us") operates the MedNode AI patient health vault platform at mednode.in. This Privacy Policy describes how we collect, use, store, and protect your personal and health information when you use our services.

By creating an account or using our platform, you agree to the practices described in this policy. If you do not agree, please do not use our services.

This policy applies to all users of the MedNode AI platform including patients, doctors, and anyone who accesses health records shared via our platform. It complies with applicable data protection laws including India's Digital Personal Data Protection (DPDP) Act 2023 and international best practices for health data privacy.

Data We Collect

2.1 Account Information

  • Full name, email address, and phone number when you register
  • Password (stored as a secure cryptographic hash — never in plain text)
  • Date of birth (optional, for patient profile)
  • Doctor-specific: medical license number, specialty, hospital affiliation

2.2 Health & Medical Data

  • Medical documents you upload: prescriptions, lab reports, discharge summaries, imaging reports
  • Extracted structured data from documents: medications, diagnoses, lab values, procedures, allergies
  • AI-generated clinical summaries and risk assessments derived from your documents
  • Health vault history: upload timestamps, document types, record identifiers

2.3 Usage & Technical Data

  • IP address, browser type, and operating system
  • Pages visited, features used, and interaction timestamps
  • Chat messages sent to the AI health assistant
  • Audit logs of who accessed your shared data and when

2.4 WhatsApp Integration Data

  • Phone number used to communicate with our WhatsApp bot
  • Documents and images sent via WhatsApp for processing
  • Message history with the bot (not stored beyond processing)

We do NOT collect: government ID numbers, financial or payment card information, biometric data (fingerprints, face scans), or any data not described above.

How We Use Your Data

We use your data only for the following purposes:

  • Providing the core service: storing, organising, and surfacing your health records
  • AI-powered extraction: converting uploaded documents into structured clinical data using Azure Document Intelligence and OpenAI GPT
  • Generating health insights, risk summaries, and next-action suggestions personalised to your records
  • Operating the AI chat assistant that answers questions about your health data
  • Enabling patient-controlled data sharing: generating and validating time-limited access codes for doctors
  • Sending transactional notifications (account verification, security alerts) — never marketing without consent
  • Improving our AI extraction accuracy (only on aggregated, anonymised data — never your identifiable records)
  • Complying with our legal obligations and enforcing our terms

We do NOT sell your data to third parties. We do NOT use your personal health data for advertising. We do NOT share your data with insurance companies or employers.

Sharing & Disclosure

4.1 Patient-Controlled Doctor Sharing

You control who sees your health data. When you generate a share code, you choose:

  • Which data scopes the doctor can access (vault, history, insights)
  • How long the access lasts (7 days to 1 year)
  • You can revoke access at any time — the doctor immediately loses access

4.2 Third-Party Service Providers

We use the following trusted sub-processors who are bound by strict data processing agreements:

ProviderPurposeData Shared
Microsoft AzureCloud infrastructure, storage, OCR, AIDocuments, extracted text
Azure OpenAI (GPT)Clinical data structuring and chat AIExtracted document text
Twilio / WhatsAppWhatsApp bot messagingPhone number, document images
PostgreSQL (Azure)Secure database storageAll structured patient data

4.3 Legal Disclosure

We may disclose your information only when required by law, court order, or to prevent fraud or abuse of our platform. We will notify you of such requests where legally permitted.

4.4 Business Transfer

In the event of a merger, acquisition, or sale of assets, your data will only be transferred to a successor entity that agrees to maintain the same or stronger privacy protections described in this policy.

Security Measures

We implement industry-standard and health-data-specific security controls:

  • AES-256 encryption for all data at rest
  • TLS 1.3 encryption for all data in transit between your device and our servers
  • Passwords hashed with PBKDF2-SHA256 (210,000 iterations) — never stored in plain text
  • Optional TOTP-based two-factor authentication (2FA) for patient accounts
  • Time-limited, scoped, revocable access tokens for doctor data sharing
  • Full audit logs: every access to shared patient data is recorded with timestamp and IP
  • No employee access to patient health data without a valid business reason
  • Regular security reviews and dependency updates
  • Azure Container Apps with private networking and no public database exposure

While we implement strong security measures, no system is 100% breach-proof. We encourage you to use a strong password, enable 2FA, and report any suspected unauthorised access to support@mednode.in immediately.

Your Rights

Under India's Digital Personal Data Protection (DPDP) Act 2023 and applicable international frameworks, you have the following rights:

Right to Access
Request a copy of all personal data we hold about you.
Right to Correction
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your account and all associated data.
Right to Portability
Export your health records in a structured format (JSON/PDF).
Right to Withdraw Consent
Revoke any data sharing consent at any time.
Right to Grievance Redressal
Lodge a complaint with us or the Data Protection Board.

To exercise any of these rights, email us at support@mednode.in. We will respond within 30 days. Identity verification may be required before processing requests.

Data Retention

We retain your data only for as long as necessary to provide our services or as required by law. The table below shows exactly how long each category of data is kept:

Data TypeRetention PeriodReason
Account profile (name, email, phone)Until account deletion + 30 daysService provision
Uploaded medical documentsUntil you delete the file or your accountPatient-controlled vault
Extracted health data (labs, meds, diagnoses)Until you delete the record or your accountHealth insights
AI chat messages90 days, then automatically deletedConversation history
Login sessions / tokens7 days, or until you log outAuthentication
Audit logs (data access records)2 yearsSecurity & DPDP compliance
Doctor share access logs1 year after code expiry or revocationSecurity audit trail
WhatsApp messagesNot stored beyond immediate processingTransient processing only
Anonymised analyticsIndefinitely (cannot be linked to you)Platform improvement
Deleted account dataFully purged within 30 days of verified requestRight to erasure

When the retention period expires, data is securely deleted or irreversibly anonymised. You may request earlier deletion at any time — see the "How to Delete Your Data" section below.

How to Delete Your Data

You have the right to delete your data at any time. We provide two ways to do this:

Option A — Delete from inside the app (instant)

  • Sign in to MedNode AI at mednode.in
  • Go to Profile → Account Settings → Delete Account
  • Confirm deletion — your account and all associated health data will be queued for permanent deletion
  • All personal data is fully purged within 30 days of confirmation

Option B — Email request

  • Email support@mednode.in with subject line: "Data Deletion Request"
  • Include the email address or phone number registered to your account
  • We will verify your identity and confirm the deletion within 7 business days
  • All personal data is fully purged within 30 days of verification
What gets deleted: account profile, all uploaded documents, extracted health data, AI-generated insights, chat history, doctor share codes, and all associated metadata. Audit logs required for legal compliance are anonymised (personal identifiers removed) and retained for up to 2 years.

This action is permanent and cannot be undone. We recommend exporting your health records before requesting deletion.

We will send a confirmation email once your data has been fully deleted. If you do not receive a confirmation within 30 days, contact support@mednode.in.

Cookies & Tracking

We use minimal cookies and tracking technologies:

  • Authentication tokens: stored in your browser to keep you logged in (session-based, cleared on logout)
  • No third-party advertising or marketing cookies
  • No cross-site tracking or behavioural profiling
  • Basic analytics (page views, error rates) to improve platform reliability — no personal identifiers

You can clear all cookies by logging out or clearing your browser storage. Disabling cookies will prevent you from staying logged in.

Children's Privacy

MedNode AI is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@mednode.in and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Send an email notification to registered users for significant changes
  • Show an in-app notice for 30 days after significant updates

Your continued use of MedNode AI after any changes constitutes your acceptance of the updated Privacy Policy.

Contact Us

For privacy-related questions, data requests, or to report a concern:

Company
MedNode AI
Privacy Contact
support@mednode.in
Location
India
Response Time
Within 30 days of receiving your request

This Privacy Policy was last updated on May 21, 2026 and is effective from May 21, 2026.

© 2026 MedNode AI. All rights reserved. Back to Home