🌍 You are viewing this policy as a resident of India
Your specific rights under DPDPA 2023 (enforced by Data Protection Board of India) are highlighted below.Jump to your rights →

Privacy Policy

Last updated: 13 June 2026 · Effective: 13 June 2026

MediHost AI Technologies Private Limited · CIN: U62013TS2026PTC215115 · DPIIT: DIPP263024 · Patent: 202641047349

Your rights under DPDPA 2023India
  • Right to access your personal data
  • Right to correction and erasure
  • Right to grievance redressal
  • Right to nominate a representative
Enforced by: Data Protection Board of India

1. Who We Are

MediHost AI Technologies Private Limited ("MHAI", "we", "us", "our") is a healthcare technology company incorporated in India (CIN: U62013TS2026PTC215115), headquartered at Hyderabad, Telangana, India 500090. We operate the MediHost AI platform at medihostai.com — an AI-powered marketing, hospital management, and revenue cycle management SaaS platform for independent healthcare clinics operating across 159 countries.

We are a globally operating Indian company. All data is processed and stored on AWS infrastructure located in Mumbai, India (ap-south-1 region). We do not have physical offices in every country we serve — but we are committed to opening local offices in countries where our business volume and user base justify a local presence.

2. What Personal Data We Collect

CategoryExamplesPurpose
IdentityName, professional title, medical registration numberAccount creation, compliance display
ContactEmail, phone number, clinic addressService delivery, support, billing
FinancialPayment method (processed by Razorpay/Stripe — we do not store card data)Subscription billing
Clinical (clinic-level)Patient records entered by clinic staffHMS functionality — you are the data controller for patient data
UsageLogin times, feature usage, AI generation logsProduct improvement, fraud prevention
DeviceIP address, browser type, countrySecurity, locale detection, compliance
CommunicationsWhatsApp messages, emails sent via platformAI receptionist (Clara) functionality

3. How We Use Your Data

We process your personal data for the following purposes, each with a lawful basis:

PurposeLawful Basis
Providing the platform and HMS servicesContract performance
Processing subscription paymentsContract performance
Sending transactional emails and WhatsApp messagesContract performance / Legitimate interest
AI website generation and marketing contentContract performance
Compliance with applicable lawsLegal obligation
Fraud prevention and securityLegitimate interest
Product analytics and improvementLegitimate interest
Marketing communications (opt-in only)Consent

4. Data Storage and Security

All personal data is stored on Amazon Web Services (AWS) infrastructure in Mumbai, India (ap-south-1). We implement industry-standard security measures including:

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Role-based access control (RBAC)
  • Audit logs for all data access
  • Regular security assessments
  • DPDPA 2023-compliant data retention policies

5. Who We Share Data With

RecipientPurposeLocation
RazorpayPayment processing (India)India
StripePayment processing (International)USA (SCCs applied)
ResendTransactional email deliveryUSA (SCCs applied)
Meta (WhatsApp Cloud API)AI receptionist messagingUSA (SCCs applied)
AWSCloud infrastructure and storageIndia (Mumbai)
AnthropicAI content generation (Claude API)USA (SCCs applied)

We do not sell your personal data. We do not share your data with third parties for advertising purposes.

6. Data Retention

We retain your personal data for the duration of your subscription plus 3 years for legal and compliance purposes. Patient data entered into the HMS is retained for the period required by applicable healthcare regulations in your jurisdiction (typically 7–10 years). You may request deletion of your account data at any time by contacting our grievance officer.

7. Your Rights — India (DPDPA 2023)

As a resident of India, you have the following rights under the Digital Personal Data Protection Act 2023, enforced by the Data Protection Board of India:

  • Right to access your personal data and information about its processing
  • Right to correction of inaccurate or outdated personal data
  • Right to erasure of personal data no longer needed
  • Right to grievance redressal within 72 hours of complaint
  • Right to nominate another individual to exercise rights on your behalf

To exercise these rights, contact our Grievance Officer (details in Section 12).

8. Your Rights — UAE (PDPL 2021)

As a resident of the UAE, you have rights under Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL), enforced by the UAE Data Office:

  • Right to access and review your personal data
  • Right to rectification of inaccurate data
  • Right to erasure of personal data
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

Our platform operates from India. Data transfers to India are governed by standard contractual clauses. To exercise your rights, contact saicharanpakala@medihostai.com.

9. Your Rights — United Kingdom (UK GDPR)

As a UK resident, you have rights under the UK General Data Protection Regulation, enforced by the Information Commissioner's Office (ICO, ico.org.uk):

  • Right to be informed about how your data is used
  • Right of access to your personal data (Subject Access Request)
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making and profiling

You have the right to lodge a complaint with the ICO at ico.org.uk. Our lawful basis for processing is contract performance and legitimate interest. International transfers to India are covered by the UK Adequacy Framework or standard contractual clauses.

10. Your Rights — United States (CCPA + State Laws)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA. Residents of Virginia, Colorado, Connecticut, Texas, and other states with privacy laws have similar rights:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information (with exceptions)
  • Right to opt-out of the sale or sharing of personal information
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising privacy rights

We do not sell personal information. We are not a HIPAA Covered Entity or Business Associate — our platform is HIPAA-conscious by design. To exercise your rights, contact saicharanpakala@medihostai.com.

11. Your Rights — European Union (GDPR)

As an EU resident, you have rights under the General Data Protection Regulation (GDPR), enforced by your national Data Protection Authority:

  • Right to access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Rights related to automated decision-making (Article 22)

International transfers from the EU to India are governed by Standard Contractual Clauses (SCCs). You may lodge a complaint with your national DPA.

11b. Your Rights — Brazil (LGPD)

As a Brazilian resident, you have rights under the Lei Geral de Proteção de Dados (LGPD), enforced by the Autoridade Nacional de Proteção de Dados (ANPD):

  • Direito de confirmação e acesso
  • Direito de correção
  • Direito de anonimização, bloqueio ou eliminação
  • Direito de portabilidade
  • Direito de revogação do consentimento
  • Direito de oposição

11c. Your Rights — Southeast Asia & Pacific

For residents of Indonesia (UU PDP), Thailand (PDPA), Vietnam (PDPD), Philippines (Data Privacy Act 2012), and other Southeast Asian jurisdictions, you have the right to access, correct, delete, and port your personal data. Contact saicharanpakala@medihostai.com to exercise these rights.

11d. Your Rights — Africa (NDPR, DPA Kenya, POPIA)

For residents of Nigeria (NDPR), Kenya (Data Protection Act 2019), South Africa (POPIA), and other African jurisdictions, you have the right to access, correct, delete, and object to processing of your personal data. Contact saicharanpakala@medihostai.com to exercise these rights.

11e. Your Rights — Japan (APPI)

日本にお住まいの方は、個人情報の保護に関する法律(APPI)に基づき、個人情報の開示・訂正・利用停止を請求する権利があります。お問い合わせ: saicharanpakala@medihostai.com

11f. Your Rights — South Korea (PIPA)

대한민국 거주자는 개인정보 보호법(PIPA)에 따라 개인정보 열람, 정정, 삭제, 처리정지를 요청할 권리가 있습니다. 문의: saicharanpakala@medihostai.com

11g. Your Rights — Turkey (KVKK)

Türkiye'de ikamet edenler, Kişisel Verilerin Korunması Kanunu (KVKK) kapsamında kişisel verilerinize erişim, düzeltme ve silme hakkına sahipsiniz. İletişim: saicharanpakala@medihostai.com

11h. Your Rights — Pakistan (PECA/DPB)

پاکستان میں رہنے والے افراد کو ذاتی ڈیٹا تک رسائی، درستگی اور حذف کا حق حاصل ہے۔ رابطہ: saicharanpakala@medihostai.com

12. Grievance Officer & Contact

Grievance Officer (All Jurisdictions)
Name: Sai Charan Kumar Pakala
Designation: Founder & Data Protection Officer
Organisation: MediHost AI Technologies Private Limited
Address: Hyderabad, Telangana, India 500090
WhatsApp: +91 79931 35689
Response time: Within 72 hours of receipt of complaint

MediHost AI Technologies is a globally operating Indian company. We are committed to opening local offices in countries where our business volume warrants a physical presence. Until then, all privacy matters are handled by our India-based team with the same standards expected by your local jurisdiction.

13. Cookies & Tracking

We use essential cookies for authentication and locale detection. We use analytics cookies (opt-in) to improve the platform. We do not use advertising or third-party tracking cookies. You can manage cookie preferences in your browser settings.

14. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email and an in-platform notification at least 30 days before the change takes effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

© 2026 MediHost AI Technologies Private Limited · CIN: U62013TS2026PTC215115 · DPIIT: DIPP263024 · Terms · About · Contact