Privacy Policy for CypherMD

Effective Date: October 22, 2025
Last Updated: October 22, 2025

1. Introduction

Welcome to CypherMD (“we,” “us,” “our,” or “Company”). CypherMD is a comprehensive Hospital Management System (HMS) that integrates billing, pharmacy management, laboratory management, nursing workflows, Electronic Medical Records (EMR), AI-powered features, and mobile applications for patients and healthcare providers.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information and health data when you use our software platform, mobile applications, and related services (collectively, the “Services”). We are committed to protecting your privacy and maintaining the confidentiality and security of your personal and medical information in compliance with applicable Indian laws, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023.

Registered Office:
Cypher MD
Main Ferozpur Road, Near MBD Mall
Ludhiana, Punjab 141012, India

Contact Information:
Email: contact@cyphermd.com
Phone: +91 88472 29036
Data Protection Officer: Rajan Verma

By using CypherMD’s Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

We collect several types of information from and about users of our Services, including:

2.1 Personal Information

Patient Information:

  • Full name, date of birth, age, and gender
  • Contact details (phone number, email address, residential address)
  • Government-issued identification documents (Aadhaar, PAN, Voter ID, etc.)
  • Emergency contact information
  • Profile photographs
  • Insurance information and policy details
  • Financial information for billing and payment processing

Healthcare Provider Information:

  • Professional details (name, qualifications, registration numbers, specialization)
  • Contact information
  • Employment details
  • Professional licenses and certifications

2.2 Health and Medical Information

As a healthcare management platform, we process sensitive personal data including:

  • Medical history and health records
  • Diagnoses, treatment plans, and clinical notes
  • Prescriptions and medication history
  • Laboratory test results and reports
  • Radiology and imaging reports
  • Vital signs and monitoring data
  • Immunization records
  • Allergy information
  • Surgical and hospitalization records
  • Progress notes and discharge summaries
  • Mental health information
  • Genetic information (if applicable)

2.3 Usage and Technical Information

Device Information:

  • Device type, model, and operating system
  • Unique device identifiers (IMEI, Android ID)
  • Mobile network information
  • IP address and geolocation data (approximate location)

App Usage Data:

  • Features accessed and time spent on the application
  • Interaction patterns and preferences
  • Error logs and crash reports
  • Performance metrics

Cookies and Tracking Technologies:

  • We use cookies, web beacons, and similar technologies to enhance user experience, analyze usage patterns, and improve our Services

2.4 Information Collected Through Permissions

Camera Permission:

  • Used for scanning and uploading medical documents, prescriptions, lab reports, and medical certificates
  • Used for capturing profile photographs
  • Images captured are encrypted and stored securely
  • We do not access your camera without your explicit permission

Microphone Permission:

  • Used for voice-based queries and voice messages to healthcare providers
  • Voice recordings are processed for communication purposes only
  • Audio data is not used for any other purpose without consent

Storage Permission:

  • Used to cache downloaded medical documents, reports, and prescriptions locally on your device
  • Enables offline access to your medical records
  • Files are encrypted and automatically cleared based on app settings

2.5 Information from Third Parties

We may receive information from:

  • Healthcare providers who use our HMS platform
  • Insurance companies for claim processing
  • Payment gateways for transaction verification
  • Laboratory and diagnostic centers for test results
  • Pharmacy partners for medication fulfillment
  • Government health databases (with consent) for vaccination records or public health programs

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Primary Healthcare Services

  • Maintaining comprehensive Electronic Medical Records (EMR)
  • Facilitating doctor-patient consultations and follow-ups
  • Processing prescriptions and medication orders
  • Managing laboratory test orders and results
  • Coordinating nursing care and patient monitoring
  • Scheduling appointments and sending reminders
  • Managing hospital admissions, discharges, and transfers

3.2 Billing and Financial Transactions

  • Processing payments for consultations, procedures, medications, and tests
  • Generating invoices and billing statements
  • Managing insurance claims and reimbursements
  • Detecting and preventing fraudulent transactions

3.3 AI-Powered Features and Analytics

  • Providing intelligent prescription generation and auto-fill capabilities
  • Analyzing treatment patterns for clinical decision support
  • Generating healthcare analytics and operational insights
  • Predicting appointment no-shows and optimizing scheduling
  • Identifying drug interactions and contraindications
  • Automating administrative workflows

3.4 Communication and Notifications

  • Sending appointment reminders via SMS, email, or push notifications
  • Notifying you of test results availability
  • Sharing prescription and medication reminders
  • Providing health tips and wellness information
  • Sending system updates and service announcements

3.5 Service Improvement and Development

  • Analyzing usage patterns to improve user experience
  • Developing new features based on user needs
  • Conducting research and statistical analysis (anonymized data only)
  • Testing and debugging the platform
  • Ensuring system security and preventing misuse

3.6 Legal and Compliance

  • Complying with legal obligations and regulatory requirements
  • Responding to legal processes, court orders, or government requests
  • Protecting our rights, property, and safety
  • Enforcing our terms of service and policies
  • Maintaining audit trails for healthcare compliance

4. Legal Basis for Processing (India-Specific)

Under the Digital Personal Data Protection Act, 2023, and related Indian regulations, we process your personal data based on:

  1. Consent: You provide explicit consent when registering and using our Services
  2. Contractual Necessity: Processing is necessary to provide healthcare services you’ve requested
  3. Legal Obligation: Compliance with healthcare regulations, tax laws, and court orders
  4. Legitimate Interests: Fraud prevention, security, and service improvement
  5. Vital Interests: In medical emergencies where immediate care is required

5. How We Share Your Information

We respect your privacy and do not sell your personal or health information. We may share your information only in the following circumstances:

5.1 Healthcare Providers

  • With doctors, nurses, and other medical professionals involved in your care
  • With laboratory and diagnostic centers for test processing
  • With pharmacy partners for medication fulfillment
  • With referred specialists or consulting physicians

5.2 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in delivering our Services:

Cloud Infrastructure: Amazon Web Services (AWS) – Mumbai Region for secure data storage

Payment Processing: Authorized payment gateways for transaction processing

Communication Services: SMS and email service providers for notifications and alerts

Analytics Providers: For anonymized usage analytics and service improvement

AI and Machine Learning Services: For processing clinical data and generating insights

All third-party service providers are contractually obligated to maintain confidentiality and use your data only for specified purposes in compliance with Indian data protection laws.

5.3 Insurance Companies

  • With your insurance provider for claim processing and pre-authorization
  • Only the minimum necessary information is shared

5.4 Legal and Regulatory Authorities

  • When required by law, court order, or government regulation
  • To comply with healthcare regulatory requirements
  • In response to lawful requests by public authorities
  • To protect rights, property, and safety

5.5 Business Transfers

  • In the event of merger, acquisition, or sale of assets, your information may be transferred
  • You will be notified of any such change and given choices regarding your data

5.6 With Your Consent

  • Any other sharing will only occur with your explicit consent

6. Data Storage and Security

6.1 Data Location

All your data is stored on secure servers located in Amazon Web Services (AWS) Mumbai region, ensuring that your information remains within India in compliance with data localization requirements.

6.2 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

  • End-to-end encryption for data transmission (TLS/SSL)
  • Encryption at rest for stored data (AES-256)
  • Secure authentication and multi-factor authentication for healthcare providers
  • Regular security audits and vulnerability assessments
  • Intrusion detection and prevention systems
  • Automated backup and disaster recovery mechanisms

Administrative Safeguards:

  • Role-based access control (RBAC) for healthcare staff
  • Comprehensive audit logging of all data access
  • Regular security training for employees
  • Background verification of employees handling sensitive data
  • Non-disclosure agreements with all staff and partners

Physical Safeguards:

  • Secure data centers with restricted access
  • 24/7 monitoring and surveillance
  • Environmental controls and redundancy

6.3 Data Retention

Active Users: We retain your medical records and personal information for as long as you maintain an active account and use our Services.

Inactive Accounts: If your account remains inactive, we retain your data in accordance with Indian healthcare regulations and legal requirements, typically for a minimum of 5 years from the last consultation or as required by the Medical Council of India guidelines.

Data Deletion: Upon your written request, we will delete your personal information, except where retention is required by law, for legal proceedings, or for legitimate healthcare purposes. Medical records may be retained longer if required by healthcare regulations.

Anonymized Data: We may retain anonymized, de-identified data indefinitely for research, analytics, and service improvement purposes.

7. Your Rights and Choices

Under Indian data protection laws, you have the following rights:

7.1 Access and Portability

  • Request a copy of your personal and health information
  • Receive your medical records in a portable electronic format
  • Transfer your data to another healthcare provider

7.2 Correction and Updates

  • Request correction of inaccurate or incomplete information
  • Update your contact details and preferences through the app

7.3 Deletion Rights

  • Request deletion of your personal data (subject to legal and regulatory retention requirements)
  • Medical records may be retained as required by healthcare regulations

7.4 Consent Withdrawal

  • Withdraw consent for specific data processing activities
  • Note that withdrawal may affect your ability to use certain Services

7.5 Opt-Out Options

  • Unsubscribe from promotional communications
  • Disable push notifications in app settings
  • Opt-out of non-essential data collection

7.6 Complaint Rights

  • Lodge a complaint with our Data Protection Officer
  • File a complaint with the appropriate regulatory authority

To exercise any of these rights, please contact:
Email: contact@cyphermd.com
Phone: +91 88472 29036
Data Protection Officer: Rajan Verma

We will respond to your request within 30 days as required by law.

8. Children’s Privacy

CypherMD is intended for users aged 18 years and above. We do not knowingly collect personal information from individuals under 18 without parental or guardian consent.

For Minor Patients:

  • Parents or legal guardians must create and manage accounts for minors
  • Parental consent is required for all data processing
  • Parents can access, modify, or delete their child’s information

If we discover that we have collected information from a child under 18 without proper consent, we will delete that information immediately.

9. Permissions and How to Manage Them

9.1 Camera Permission

Purpose: Document scanning, profile photo upload
How to Manage: Settings > Apps > CypherMD > Permissions > Camera

9.2 Microphone Permission

Purpose: Voice queries and messages to doctors
How to Manage: Settings > Apps > CypherMD > Permissions > Microphone

9.3 Storage Permission

Purpose: Caching documents and reports for offline access
How to Manage: Settings > Apps > CypherMD > Permissions > Storage

9.4 Location Permission (if applicable)

Purpose: Finding nearby hospitals, pharmacies, or emergency services
How to Manage: Settings > Apps > CypherMD > Permissions > Location

You can revoke any permission at any time through your device settings. However, revoking certain permissions may limit functionality of specific features.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain login sessions
  • Remember your preferences
  • Analyze usage patterns
  • Improve user experience

Types of Cookies Used:

  • Essential Cookies: Required for basic functionality
  • Performance Cookies: Help us understand how you use our Services
  • Functional Cookies: Remember your preferences

You can control cookies through your browser settings, but disabling cookies may affect functionality.

11. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or integrations. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

Third-Party Integrations May Include:

  • Payment gateways
  • Insurance portals
  • Laboratory information systems
  • Pharmacy management systems

12. International Data Transfers

Currently, all data is stored and processed within India (AWS Mumbai). If we need to transfer data outside India in the future, we will:

  • Obtain your explicit consent
  • Ensure adequate data protection safeguards
  • Comply with all applicable data transfer regulations

13. Data Breach Notification

In the unlikely event of a data breach affecting your personal or health information:

  • We will notify affected users within 72 hours of discovering the breach
  • We will inform relevant regulatory authorities as required by law
  • We will take immediate steps to mitigate harm and prevent future breaches
  • We will provide guidance on protective measures you can take

14. Business Transitions

If CypherMD undergoes a merger, acquisition, reorganization, or sale of assets:

  • Your information may be transferred as part of that transaction
  • We will notify you via email and/or prominent notice on our website
  • The successor entity will be bound by this Privacy Policy
  • You will have the option to delete your data before the transfer

15. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in:

  • Our data practices
  • Legal and regulatory requirements
  • New features and services
  • User feedback and best practices

Notification of Changes:

  • We will notify you of material changes via email or in-app notification
  • The “Last Updated” date at the top will be revised
  • Continued use of Services after changes constitutes acceptance
  • For significant changes, we may seek your renewed consent

We encourage you to review this Privacy Policy periodically.

16. Compliance with Indian Laws

CypherMD is committed to full compliance with:

  • Digital Personal Data Protection Act (DPDPA), 2023
  • Information Technology Act, 2000, and IT Rules, 2011
  • Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002
  • Clinical Establishments (Registration and Regulation) Act, 2010
  • Drugs and Cosmetics Act, 1940
  • Indian Contract Act, 1872
  • Consumer Protection Act, 2019

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Cypher MD
Main Ferozpur Road, Near MBD Mall
Ludhiana, Punjab 141012, India

Email: contact@cyphermd.com
Phone: +91 88472 29036
Data Protection Officer: Rajan Verma

Business Hours:
Monday – Saturday: 9:00 AM – 6:00 PM IST
Sunday: Closed

We will respond to all inquiries within 30 days.

18. Grievance Redressal

In accordance with Information Technology Act, 2000, and rules made thereunder, if you have any grievance regarding:

  • Data collection or processing
  • Privacy violations
  • Security concerns
  • Unauthorized access or use

Please contact our Grievance Officer:

Name: Rajan Verma
Email: contact@cyphermd.com
Phone: +91 88472 29036
Address: Main Ferozpur Road, Near MBD Mall, Ludhiana, Punjab 141012

The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 30 days.

19. Disclaimer

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your login credentials.

20. Acceptance of Terms

By downloading, installing, or using the CypherMD mobile application or web platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use our Services.

For the most current version of this Privacy Policy, please visit: https://cyphermd.com/privacy-policy/

This Privacy Policy is designed to be compliant with Google Play Store requirements, Indian data protection laws, and healthcare regulations. It is recommended to have this document reviewed by a legal professional before publication.