Skip to Content

Privacy Policy


1. Preamble

This Privacy Policy (“Policy”) governs the collection, processing, storage, use, disclosure, and protection of information obtained from Users (“You”, “Patient”, or “User”) via the digital platform Medzly.com (“Company”, “We”, “Us”, or “Our”), which operates solely as a technological intermediary facilitating access to licensed medical Practitioners across Allopathy, Homeopathy, and Ayurveda. By accessing, registering, or using the Platform, the User expressly acknowledges and consents to this Policy and agrees to be legally bound by all provisions herein.

 2. Scope and Applicability

 2.1 This Policy applies to all Personal Data, Sensitive Personal Data and Information (SPDI), medical records, transaction data, and any information generated, submitted, or stored via the Platform.

2.2 This Policy governs all Users irrespective of their geographic location within India, including end-users, account holders, and any third-party service providers interacting through or via the Platform.

 3. Information Collected

3.1 Registration Information

 Full name, date of birth, gender, contact details, government-issued identification numbers, and verification documents.

 3.2 Health-Related Information

 Medical history, symptoms, diagnostic reports, prescriptions, consultation notes, allergies, medications, and lifestyle details.

 3.3 Technical and Usage Information

 IP addresses, device identifiers, geolocation data, browser type, operating system, clickstream data, session logs, and other analytics information.

 3.4 Payment and Transaction Data

 Billing information, transaction metadata, tax identifiers, and payment instrument details.

 3.5 Communications 

Audio, video, and text communications exchanged between the User and Practitioner, as well as messages sent to Medzly.com customer support.

 4. Purpose of Data Collection

 4.1 Facilitation of appointments, teleconsultations, prescription issuance, and medicine delivery.

4.2 Verification of Practitioner credentials and compliance with regulatory and statutory obligations.

4.3 Billing, invoicing, and financial reconciliation.

4.4 Improving Platform functionalities, analytics, and user experience.

4.5 Compliance with legal, regulatory, and statutory mandates.

4.6 Detection, prevention, and investigation of fraud, unauthorized access, and security incidents.

4.7 Marketing, promotional communications, or survey administration only if consented to by the User.

 5. Legal Basis for Data Processing

 5.1 Processing shall be based on at least one lawful basis including:

(a) Explicit consent of the User;

(b) Necessity for the performance of a contract;

(c) Compliance with statutory or regulatory obligations;

(d) Legitimate interests of Medzly.com, balanced against the User’s rights;

(e) Vital interest of the User in medical emergencies.

 6. Data Sharing and Disclosure

 6.1 Information may be shared with:

 Licensed Practitioners for the sole purpose of providing medical consultation and delivering treatment;

 Payment gateways, financial institutions, and logistics partners strictly for transaction and delivery purposes;

 Government, statutory, or regulatory authorities where disclosure is mandated by law; 

Third-party service providers assisting with Platform operations, analytics, or security, under strict contractual obligations of confidentiality and data protection. 

6.2 Medzly.com does not sell, rent, or trade personal data to third parties for commercial purposes.

 7. Data Security and Confidentiality 

7.1 Medzly.com employs industry-standard administrative, technical, and physical safeguards including AES-256 encryption, role-based access control, pseudonymization, secure cloud hosting, intrusion detection, and periodic security audits. 

7.2 Despite these measures, no system is infallible; Medzly.com disclaims liability for breaches arising from events beyond reasonable control, including third-party compromise, hacking, or force majeure.

 8. Data Retention

 8.1 Data shall be retained for the period necessary to: 

Fulfill contractual obligations;

Comply with statutory and regulatory record-keeping requirements; 

Resolve disputes or enforce agreements; 

Maintain business, security, and audit records. 

8.2 Once retention periods expire, data shall be securely deleted, anonymized, or archived in accordance with applicable laws. 

9. Cross-Border Data Transfers 

9.1 Any cross-border transfer of User data shall occur only to jurisdictions ensuring adequate protection of personal data or pursuant to enforceable contractual arrangements safeguarding equivalent standards of data protection.

 10. User Rights

 10.1 Users have rights including:

 Right of access and rectification of personal information;

 Right to restrict or object to processing;

 Right to erasure (“right to be forgotten”);

 Right to data portability;

 Right to lodge complaints with regulatory authorities.

 10.2 Requests shall be submitted via the Platform’s designated Data Protection Officer (“DPO”) and shall be addressed within statutory timelines.

 11. Consent and Lawful Processing

 11.1 By registering or using the Platform, the User provides explicit consent for collection, processing, storage, and transfer of personal and health information as described herein.

 11.2 Consent may be withdrawn in writing at any time, subject to the limitation that withdrawal shall not affect processing required for completion of ongoing consultations, statutory compliance, or prior lawful processing.

 12. Cookies and Tracking Technologies

 12.1 The Platform uses cookies, beacons, and similar technologies for session management, performance monitoring, personalization, and analytics.

 12.2 Users may configure browser settings to reject cookies; however, certain Platform functionalities may be degraded or unavailable.

 13. Data Breach Notification

 13.1 Medzly.com shall promptly investigate and report any security incidents likely to result in harm to the User in accordance with applicable law.

 13.2 Notifications shall be sent to affected Users and statutory authorities, as legally mandated.

 14. Third-Party Services

 14.1 Integration with external laboratories, pharmacies, telecommunication providers, or cloud services is for facilitation only.

 14.2 Users acknowledge that Medzly.com cannot control third-party data handling and disclaims any responsibility for breaches or misuse outside its direct operational control.

 15. Confidentiality Obligations

 15.1 User data, consultation records, prescriptions, and health information are strictly confidential.

 15.2 Disclosure is limited to Practitioners, authorized operational partners, or statutory authorities in accordance with law.

 15.3 Unauthorized disclosure by Users or Practitioners may attract civil and criminal liability.

 16. Security and Audit Rights 

16.1 Medzly.com reserves the right to monitor Platform usage, audit access logs, and perform security assessments to ensure compliance with this Policy.

 16.2 Such monitoring is conducted without violating the confidentiality of communications except as expressly permitted for security or legal purposes.

 17. Non-Disclosure and Intellectual Property 

17.1 Users may not reproduce, distribute, or share content, records, or proprietary Platform material with third parties without written consent.

 17.2 All intellectual property rights remain with Medzly.com or its licensors.

 18. Limitation of Liability

 18.1 Medzly.com shall not be liable for indirect, incidental, or consequential damages arising from use, misuse, or inability to access the Platform, including data loss, disclosure, or breaches beyond reasonable control.

 18.2 Aggregate liability shall be strictly limited to the fees paid for the service giving rise to the claim.

 19. Updates to Privacy Policy

 19.1 Medzly.com may amend, modify, or update this Privacy Policy unilaterally, with the revised version posted on the Platform. Continued use after posting constitutes acceptance of the updated Policy.

 20. Governing Law and Dispute Resolution

20.1 This Privacy Policy shall be governed by the laws of India 

20.2 All disputes shall be subject to exclusive jurisdiction of competent courts in India, unless otherwise resolved by arbitration pursuant to the arbitration provisions in the Terms and Conditions.

21. Final Declaration

 21.1 By accessing, using, or transacting on Medzly.com, the User irrevocably acknowledges that they have read, understood, and consented to this Privacy Policy in its entirety.

 21.2 All obligations regarding confidentiality, data protection, and lawful processing shall survive account termination, Platform cessation, or service discontinuation.