Privacy Policy

Last updated: December 21, 2025

1. Introduction

Vitamesh ("we," "our," or "us") is committed to protecting your privacy and the confidentiality of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare management platform and services.

We operate as a healthcare technology platform that enables doctors and clinics to manage patient appointments, medical records, prescriptions, and other healthcare-related services. We comply with applicable healthcare privacy laws including HIPAA (Health Insurance Portability and Accountability Act).

2. Information We Collect

2.1 Personal Health Information (PHI)

We may collect the following types of health information:

  • Patient demographics (name, date of birth, gender, contact information)
  • Medical history and conditions
  • Appointment information and scheduling data
  • Vital signs and physical measurements
  • Prescription and medication information
  • Treatment notes and medical records
  • Insurance and billing information

2.2 Technical Information

  • Device information (IP address, browser type, operating system)
  • Usage data and analytics
  • Log files and error reports
  • Cookies and similar tracking technologies

2.3 Healthcare Provider Information

  • Doctor and clinic information
  • Professional credentials and licensing
  • Clinic addresses and contact details
  • Calendar and scheduling preferences

3. How We Use Your Information

3.1 Healthcare Operations

  • Facilitating appointment booking and scheduling
  • Managing patient records and medical history
  • Processing prescriptions and treatment plans
  • Coordinating care between healthcare providers
  • Generating reports and analytics for healthcare providers

3.2 Platform Operations

  • Providing and maintaining our services
  • Processing transactions and billing
  • Improving our platform and user experience
  • Providing customer support
  • Ensuring platform security and preventing fraud

3.3 Communication

  • Sending appointment confirmations and reminders
  • Providing healthcare-related notifications
  • Responding to inquiries and support requests
  • Sending important platform updates and security notices

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal health information. We may share your information only in the following circumstances:

4.1 Healthcare Providers

We share information with your chosen healthcare providers (doctors, clinics, and their authorized staff) to facilitate your care and treatment.

4.2 Legal Requirements

We may disclose information when required by law, court order, or government regulation, including:

  • Public health and safety reporting
  • Law enforcement investigations
  • Legal proceedings and court orders
  • Regulatory compliance and audits

4.3 Service Providers

We may share information with trusted third-party service providers who assist in operating our platform, such as cloud hosting, data analytics, and payment processing. These providers are bound by strict confidentiality agreements.

5. Data Security

We implement robust security measures to protect your information:

  • End-to-end encryption for data transmission
  • Encrypted data storage with industry-standard protocols
  • Multi-factor authentication and access controls
  • Regular security audits and vulnerability assessments
  • HIPAA-compliant infrastructure and practices
  • Employee training on data privacy and security

6. Your Rights

You have the following rights regarding your personal health information:

6.1 Access and Portability

  • Request access to your personal health information
  • Obtain copies of your medical records
  • Request data portability in standard formats

6.2 Correction and Amendment

  • Request corrections to inaccurate information
  • Add amendments to your medical records
  • Update your contact and demographic information

6.3 Restriction and Objection

  • Request restrictions on how your information is used
  • Object to certain types of data processing
  • Opt-out of non-essential communications

6.4 Data Deletion

Request deletion of your account and associated data, subject to legal retention requirements for medical records.

7. Third-Party Integrations

7.1 Google Calendar Integration

Our platform integrates with Google Calendar to help healthcare providers manage appointments. When you connect your Google Calendar:

  • We access only calendar event information necessary for appointment scheduling
  • No patient health information is shared with Google
  • You can disconnect this integration at any time
  • Google's privacy policy applies to their services

7.2 Voice Transcription Services

Our voice transcription features may use secure third-party services. All audio data is encrypted, processed securely, and automatically deleted after transcription.

8. Data Retention

We retain your information for as long as necessary to:

  • Provide ongoing healthcare services
  • Comply with medical record retention laws (typically 7-10 years)
  • Meet legal and regulatory requirements
  • Resolve disputes and enforce agreements

When retention is no longer required, we securely delete or anonymize your information.

9. International Data Transfers

Your information is primarily processed and stored in India. If information is transferred internationally for service provision or compliance purposes, we ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions where applicable.

10. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes through our platform or via email. Your continued use of our services after such notification constitutes acceptance of the updated policy.

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Vitamesh Privacy Officer

Email: privacy@vitamesh.in

Address: Greater Noida, Uttar Pradesh, India

Phone: +917077102666

We will respond to your requests within 30 days or as required by applicable law.