Medflix Privacy Policy

This Privacy Policy outlines the principles and procedures governing the collection, processing, use, and disclosure of personal data by Medflix, a service provided by Plexus Professionals Network Private Limited, a company incorporated in India ("Medflix", "we", "us", "our"). This document is intended to provide a transparent and comprehensive overview of our data handling practices, in compliance with the applicable laws of India, including the Digital Personal Data Protection Act, 2023 (DPDPA).

The protection of user privacy is a core tenet of our operations. By creating an account and providing your consent to utilize the services provided by Medflix, you ("Data Principal", "you", "your") signify your agreement to the terms stipulated in this policy.

To deliver our services, we collect and process specific categories of personal data. In adherence to the principle of Data Minimisation, we only collect data that is necessary for the specified purposes outlined in this policy.

Data Collected Upon Account Registration:

• Personal Identification Data: This includes your name, email address, mobile number, and city.
• Professional Credentials: Details regarding your degree, medical specialty, and institutional affiliations.
• Verification Documentation: Documents submitted to substantiate your professional credentials.
• Technical Data: Device specifications, IP address, and session logs for security and service optimization.

Data Collected During Platform Usage:

• Engagement Data: Responses to interactive content such as polls, surveys, and quizzes.
• Usage Metrics: Data on platform engagement, including content viewed, liked, or saved.
• User-Generated Content: Content created by you, such as posts and comments, which contributes to the community's knowledge base. This also includes your data (queries, documents, files) submitted on our assistive AI tools like AI Assist/Robin.

Optional User-Provided Data:

• Profile Photograph and Biography: Information you voluntarily add to your profile.

Note on Sensitive Personal Data: Users are reminded of their professional and ethical obligation to maintain patient confidentiality. You are strictly prohibited from sharing any patient's sensitive personal data. All case reports or other clinical data shared on the platform or our assistive AI tools like AI Assist/ Robin must be completely and irrevocably anonymized. We may use anonymized or aggregated data to improve our tools and services. We do not use identifiable patient data to train AI tools.

Payment Information: For payment processing, Medflix utilizes "Razorpay," a secure, PCI-compliant third-party platform. Medflix does not receive, process, or store any credit card, UPI, or bank account details on its servers.

The collection and processing of personal data are integral to the operation and enhancement of the platform. We process your data based on the following legal grounds:

• Consent: Your free, specific, informed, and unambiguous consent is the primary basis for our data processing activities. By agreeing to this policy, you provide consent for the collection and processing of your data for the purposes stated herein. You may manage or withdraw your consent at any time through your account settings or by contacting our Grievance Officer.
• Contractual Necessity: To provide the core services and fulfill our terms of service agreement with you.
• Legitimate Interest: For purposes such as platform security, debugging, service improvement, and fraud prevention, provided these interests are not overridden by your data protection rights.
• Legal Obligation: To comply with our legal and regulatory responsibilities under Indian law.

Medflix is committed to the protection of your personal data and does not engage in the sale or misuse of such data. Information is shared only under the following limited circumstances:

• With Trusted Data Processors: With third-party service providers for essential services such as payment processing, output processing for assistive AI tools like AI Assist/Robin, cloud hosting, sending communications and analytics, who are contractually bound to maintain the confidentiality and security of the data.
• For Legal Compliance and Protection: If required by law, court order, or governmental authority.
• With Internal Personnel: Access is strictly limited to authorized team members bound by confidentiality agreements.
• With Partners, Upon Specific Consent: Only when you have provided affirmative consent for a specific purpose.

As a Data Principal under the DPDPA, 2023, you are entitled to the following rights concerning your personal data:

• Right to Access Information: You have the right to obtain a summary of your personal data that is being processed by us.
• Right to Correction and Erasure: You have the right to request the correction of inaccurate or misleading personal data and the completion of incomplete data. You may also request the erasure of your personal data, subject to our data retention policy. Visit Medflix's User Data Removal or contact the grievance redressal officer mentioned below.
• Right to Grievance Redressal: You have the right to a readily available means of registering a grievance with our Grievance Officer. We are committed to responding to all grievances in a timely manner.
• Right to Nominate: You have the right to nominate any other individual who, in the event of your death or incapacity, shall exercise your rights under the provisions of the DPDPA.
• Right to Opt-Out: You have a right to opt out of our communications for promotion, newsletters, or other marketing messages (excluding Ads on platform or other mandatory services as a part of using Medflix). We are committed to responding to all such requests in a timely manner.

You may exercise these rights by accessing your account settings or by contacting our Grievance Officer.

Data Retention Policy:

Upon deletion of an account, all associated personal data will be erased from our primary systems. However, certain data may be retained for a limited period if required to comply with legal, regulatory, or tax obligations. Anonymized or aggregated data may be retained indefinitely for analytics and service improvement purposes.

• Security Measures: Medflix employs reasonable security safeguards to protect your personal data from unauthorized access, disclosure, or misuse. This includes secure authentication (OTP), data encryption (SSL/TLS), and restricted internal access. In the event of a data breach, we will notify the appropriate authorities and affected users as required by law.
• Data Transfers: Your personal data will be processed and stored in India. By using our service, you consent to this transfer, storage, and processing.

Medflix is a professional platform intended for individuals who are at least 18 years of age. We do not knowingly collect or process personal data from individuals under the age of 18.

We use some cookies and other similar services to provide you with services mentioned in our terms. Though these cookies are important, if you prefer you may clear or block cookies from your browser or device settings anytime. Do note that as some cookies are necessary and if you clear or block them, some of our services might not function as expected.

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India. Any dispute arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts in Ahmedabad, India.

For any questions, concerns, or grievances related to this policy or the processing of your personal data, please contact our designated officer:

Mr. Lakshay Chotiya
Office Address: 207, Sigma-II, Opp Himalaya Mall, Bodakdev, Ahmedabad-380054
Email: support@medflix.app
Hours of Operation: Mon-Fri, 9 AM to 6 PM IST
Phone: +91 9023-729662