Privacy Policy

Last updated: April 6, 2026

Effective date: April 6, 2026

1. Who We Are

MediHost™ AI is a product of SmartGumastha Technologies, a technology company registered in Hyderabad, India. We build cloud-based clinic management software including website hosting, appointment scheduling, billing, EMR, and laboratory information systems for healthcare providers.

Legal Entity: SmartGumastha Technologies

Address: Hyderabad, Telangana, India

Email: privacy@medihost.in

2. What Data We Collect

Under the Digital Personal Data Protection (DPDP) Act, 2023, the clinic is the Data Fiduciary (they decide what patient data to collect and why). MediHost™ AI is the Data Processor(we process data on the clinic’s behalf using our software infrastructure).

We process the following categories of data:

  • Account data — clinic name, owner name, email address, phone number, and login credentials.
  • Patient data — patient names, contact details, medical history, prescriptions, lab reports, and billing records as entered by the clinic.
  • Usage data — pages visited, features used, browser type, device information, IP address, and session duration.
  • Payment data — transaction IDs, plan details, and billing history. Card/UPI details are processed by Razorpay and never stored on our servers.
  • Cookies — one essential authentication cookie. See Section 8 for details.

3. Why We Collect It

In accordance with the purpose limitation principle of the DPDP Act, 2023, we only collect and process personal data for the following specific, lawful purposes:

  • To provide, operate, and maintain the MediHost™ AI platform and its features.
  • To create and manage your clinic account and authenticate users.
  • To process payments, generate invoices, and manage subscriptions.
  • To send transactional communications (appointment reminders, billing receipts, system alerts).
  • To improve our services, fix bugs, and develop new features based on aggregated usage patterns.
  • To comply with legal obligations including tax filings and regulatory requirements.
  • To respond to support requests and grievances.

We do not process data for any purpose beyond what is stated above without obtaining fresh consent.

4. Who We Share Data With

We never sell your personal data. We share data only with the following service providers who act as sub-processors:

  • Railway — application hosting and database infrastructure.
  • Vercel — front-end hosting and edge network delivery.
  • Razorpay — payment processing (PCI DSS compliant).
  • Resend — transactional email delivery.
  • Twilio — SMS notifications and appointment reminders.
  • Anthropic — AI-powered features (data sent only when AI features are used, with minimal context).

Each sub-processor is bound by data processing agreements. We may also disclose data if required by law, court order, or government authority.

5. Data Retention

  • Active account data — retained while your account is active, plus 90 days after deletion to allow recovery.
  • Medical records — retained for 7 years as per Indian medical record-keeping guidelines.
  • GST/tax records — retained for 8 years as required under Indian tax law.
  • Server logs — automatically purged after 30 days.

6. Your Rights Under the DPDP Act, 2023

As a Data Principal, you have the following rights:

  • Right to Access — request a summary of the personal data we process and the processing activities.
  • Right to Correction — request correction of inaccurate or misleading personal data.
  • Right to Erasure — request deletion of your personal data, subject to legal retention requirements.
  • Right to Grievance Redressal — file a complaint with our Grievance Officer or escalate to the Data Protection Board of India.
  • Right to Nominate — nominate another individual to exercise your rights in case of death or incapacity.

To exercise any of these rights, email privacy@medihost.in with your registered clinic email. We will respond within 72 hours.

7. Grievance Officer

In accordance with the DPDP Act, 2023, we have appointed the following Grievance Officer:

Name: Sai Charan Kumar Pakala

Designation: Founder & Data Protection Officer

Email: privacy@medihost.in

Phone: +91 7993 135 689

Location: Hyderabad, Telangana, India

All grievances will be acknowledged within 72 hours and resolved as expeditiously as possible.

8. Cookies

MediHost™ AI uses one essential cookie:

CookiePurposeDurationType
medihost_authSession authenticationSession / 30 daysEssential

We do notuse any tracking cookies, advertising cookies, or third-party analytics cookies. Because we only use a strictly necessary cookie, no opt-in consent is required for its operation — though we inform you of its use via our cookie banner.

9. Healthcare Data Disclaimer

MediHost™ AI is a software platform, not a healthcare provider, medical device, or diagnostic service. We do not provide medical advice, diagnoses, or treatment recommendations. All clinical decisions are the sole responsibility of the licensed healthcare professionals using the platform. The data entered, stored, and managed through MediHost™ AI is under the full control and responsibility of the clinic (Data Fiduciary).

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 30 days beforethe changes take effect. The “Last updated” date at the top of this page will always reflect the most recent revision. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or concerns, reach us at:

Email: privacy@medihost.in

Subject line: Privacy Inquiry — [Your Clinic Name]