🇮🇳 Privacy & Data Protection - India

Your Data Stays in India, Always

OneMedAI India is committed to complete data localization. All medical data processed through our platform is stored exclusively on servers within India and is never transferred across borders. This Privacy Policy outlines our practices regarding the collection, use, and protection of Sensitive Personal Data or Information (SPDI) and medical records in compliance with Indian laws.

Last Updated: October 16, 2025
Effective Date: January 1, 2025
Jurisdiction: Republic of India
🔒

100% Data Localization

All data stored exclusively in India | No cross-border transfers

Quick Navigation

📋 Scope & Applicability 🇮🇳 Data Localization 📊 Data We Collect ⚙️ How We Use Data 🔐 Security Measures Indian Compliance 👤 Your Rights 📧 Contact Us

👤 Your Rights Under Indian Law

Under the Digital Personal Data Protection Act, 2023 and IT Act, 2000, you have the following rights:

🔍 Right to Access (Section 11, DPDP Act)

Request a complete copy of all personal and medical data we hold about you, including AI-generated reports and diagnostic findings.

✏️ Right to Correction (Section 12, DPDP Act)

Correct any inaccurate or incomplete personal information in your account or medical records.

🗑️ Right to Erasure (Section 13, DPDP Act)

Request deletion of your personal data, subject to legal and medical record retention requirements under Indian law.

🚫 Right to Withdraw Consent (Section 6, DPDP Act)

Withdraw your consent for data processing at any time, with the same ease as giving consent.

📋 Right to Nominate (Section 15, DPDP Act)

Nominate another individual to exercise your rights in case of death or incapacity.

⚖️ Right to Grievance Redressal (Section 17, DPDP Act)

File a grievance with our Grievance Officer, who must respond within 30 days as per Indian law.

🤖 Right to Human Review

Request that a qualified medical professional review any AI-generated diagnostic decisions.

📜 Right to Complain to DPB

Lodge a complaint with the Data Protection Board of India if you believe your rights have been violated.

📧

How to Exercise Your Rights: Contact our Data Protection Officer at dpo.india@onemedai.com or call our toll-free number 1800-XXX-XXXX. We will respond within 30 days as mandated by the DPDP Act, 2023.

🆓

No Fees: Exercising your rights under DPDP Act is completely free. We do not charge any fee for data access, correction, or deletion requests.

🤝 Data Sharing Within India

We share your information only within India in the following limited circumstances:

🚫

Absolute Prohibition on Cross-Border Transfer: OneMedAI India does not and will never transfer your data outside India. We do not share data with any foreign entity, offshore service provider, or international cloud service with servers outside India. This is our ironclad commitment to data sovereignty.

🚫

We Never Sell Your Data: We do not and will never sell, rent, or trade your personal information or medical data to any third party, whether in India or abroad.

📅 Data Retention Policy

We retain your information in accordance with Indian medical record retention requirements:

Data Type
Retention Period
Legal Basis (Indian Law)
Medical Images & Reports
5 years from last consultation
Indian Medical Council Regulations + Clinical Establishments Act
Patient Medical Records
5 years (10 years for medicolegal cases)
MCI Guidelines, Indian Evidence Act
Pediatric Records
Until patient turns 25 years
Best practices for pediatric care in India
User Account Data
Duration of account + 3 years
Contract law, Limitation Act, 1963
Audit Logs & Security Records
3 years
IT Act 2000, CERT-In guidelines
Financial Records
7 years
Income Tax Act, 1961; Companies Act, 2013
De-identified Research Data
As per research protocol (with consent)
ICMR ethical guidelines
Marketing Communications
Until opt-out + 30 days
DPDP Act 2023, TRAI regulations
🗑️

Secure Deletion: When data is deleted, we use cryptographic wiping and secure erasure methods as per IS/ISO/IEC 27001 standards. All data is permanently erased from our Indian servers and backup systems.

⚖️

Retention Beyond Legal Requirements: If you request deletion before the legal retention period expires, we will anonymize your data immediately while retaining non-identifiable records for legal compliance.

🤖 AI-Specific Privacy Provisions

As an AI-powered medical platform operating in India, we adhere to specific privacy and ethical considerations:

AI Training & Model Development (India-Only)

  • De-identification: All training data is thoroughly anonymized as per DPDP Act expert determination standards
  • Explicit Consent: We obtain clear written consent before using any identifiable data for AI training
  • Opt-Out Rights: You can opt out of having your anonymized data used for AI improvement
  • India-Only Training: All AI model training occurs on servers within India using Indian patient data only
  • No Foreign Access: Training datasets are never exported or accessed from outside India
  • Bias Mitigation: Regular audits to ensure AI models are fair for Indian population diversity
  • Indian Medical Standards: AI trained on Indian medical practices and disease patterns

Automated Decision-Making & Human Oversight

  • No Fully Automated Diagnosis: All AI diagnoses require review by licensed Indian medical professionals
  • Human-in-the-Loop: Medical practitioners registered in India make final clinical decisions
  • Explainability: AI provides reasoning in plain language for all diagnostic suggestions
  • Confidence Scores: Transparent confidence metrics for each AI-generated finding
  • Right to Human Review: Guaranteed right to have Indian doctors review AI findings
  • Clinical Validation: All models validated on Indian patient populations before deployment

Algorithm Transparency & Accountability

  • Model Information: Documentation available on AI architecture, training methodology
  • Performance Metrics: Regular disclosure of diagnostic accuracy on Indian populations
  • Limitations: Clear communication of AI limitations and appropriate use cases
  • Version Control: Tracking of AI model versions used for each report
  • Adverse Event Reporting: CDSCO-compliant reporting of AI-related diagnostic errors
  • Regular Audits: Annual AI ethics and accuracy audits by Indian medical experts
⚕️

Medical Professional Responsibility: OneMedAI is a diagnostic aid tool registered with CDSCO as a Software Medical Device. Final clinical decisions remain the responsibility of licensed medical practitioners registered with the Medical Council of India or State Medical Councils. Our AI augments, but never replaces, human medical judgment.

🇮🇳

Made for India: Our AI models are specifically trained and validated for the Indian population, considering genetic diversity, disease prevalence patterns, and medical practices unique to India.

👶 Children's Privacy & Pediatric Data

OneMedAI's platform is designed for use by healthcare professionals, not directly by patients. However, we process pediatric patient data with enhanced protection:

Pediatric Patient Data Protection

When processing medical data for children and minors:

  • Parental/Guardian Consent: Healthcare providers must obtain verifiable consent from parents or legal guardians as per Indian law
  • Age-Appropriate Processing: Enhanced safeguards for children under 18 years as per DPDP Act
  • Extended Retention: Pediatric records retained until the patient turns 25 years (Indian medical practice)
  • No Direct Collection: We never knowingly collect information directly from children
  • Guardian Rights: Parents/guardians can exercise all data rights on behalf of minors
  • Special Categories: Additional protection for sensitive pediatric conditions
👨‍⚕️

Healthcare Provider Responsibility: Healthcare providers using OneMedAI are responsible for obtaining all necessary consents from parents/guardians as per MCI guidelines and POCSO Act requirements where applicable.

🍪 Cookies & Tracking Technologies

We use cookies and similar technologies on our website. All cookies are stored and processed within India only:

Essential Cookies

Always Active

Required for platform functionality:

  • Authentication and session management
  • Security and fraud prevention
  • Load balancing (India servers only)
  • User preference storage

Analytics Cookies

Optional - Consent Required

Help us improve our service (India-based analytics only):

  • Platform usage patterns
  • Performance monitoring
  • Error reporting
  • Feature usage tracking
  • Data never shared outside India

Marketing Cookies

Optional - Consent Required

For relevant communications (India-focused):

  • Email campaign tracking
  • WhatsApp Business API (India)
  • SMS marketing (TRAI DND compliant)
  • Conversion tracking (India only)
🇮🇳

No Third-Party International Tracking: We do not use Google Analytics, Facebook Pixel, or any other international tracking tools that transfer data outside India. All analytics are processed using India-based solutions.

📝 Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in Indian laws or our practices:

How We Notify You of Changes

  • Material Changes: 30-day advance notice via email, SMS, and prominent platform notification
  • Minor Changes: Updated "Last Modified" date at the top of this policy
  • Legal Changes: Immediate updates with notification as required by Indian law
  • Version History: Previous versions archived and available upon request
  • Fresh Consent: Material changes require fresh consent as per DPDP Act
📧

Stay Informed: We recommend reviewing this Privacy Policy periodically. Continued use after changes indicates acceptance, unless fresh consent is legally required.

📧 Contact Information

For questions, concerns, or to exercise your privacy rights, please contact us:

General Support

📧 info@onelearnai.com