Privacy Policy

Your Data Stays in India, Always

OneMedAI is built with a privacy-first approach to healthcare data. Your clinical, diagnostic, and personal health information is stored and processed exclusively within India, in compliance with Indian data protection laws.

🔒 100% India Data Residency🛡️ ISO 27001 Compliant📋 DPDPA 2023 Ready

1. Your Rights Under Indian Law

As a user of OneMedAI, you have the following rights under applicable Indian data protection laws, including the Digital Personal Data Protection Act (DPDPA) 2023 and the Information Technology Act, 2000:

Right to Access & Portability

Request a copy of your personal and medical data in a structured, machine-readable format at any time.

Right to Rectification

Request correction of any inaccurate or incomplete personal or medical data we hold about you.

Right to Erasure (Right to be Forgotten)

Request deletion of your personal data when it is no longer necessary for the purpose it was collected.

Right to Restrict Processing

Request restriction of processing of your personal data in certain circumstances under applicable law.

Right to Object

Object to the processing of your personal data for direct marketing or legitimate interest purposes.

Right to Lodge a Complaint

Lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

India's Data Protection Bill

We comply with India's Digital Personal Data Protection Act (DPDPA) 2023 and all applicable data protection regulations.

India's IT Act & IT Rules

Full compliance with India's Information Technology Act, 2000 and the IT (Reasonable Security Practices) Rules, 2011.

📌 How to Exercise Your Rights: To exercise any of these rights, please contact our Data Protection Officer at privacy@onemedai.com. We will respond to your request within 30 days as required by applicable law.

2. Data Sharing Within India

We may share your data with the following categories of recipients, all located within India:

Healthcare providers directly involved in your care and treatment
Authorized laboratory and diagnostic service partners
Cloud infrastructure providers with data centers located in India
Regulatory and government authorities as required by Indian law

Safeguards for Third-Party Data Transfers

Contractual obligations ensuring data protection standards are maintained
Regular audits of third-party security practices and compliance
Data Processing Agreements (DPAs) with all third-party vendors
Incident Response protocols and breach notification processes in place
Access Controls: Only authorized personnel can access personal data

Legal Basis for Data Sharing Under Indian Law

Consent: Where you have given explicit consent for data sharing
Contractual Necessity: Where sharing is necessary to fulfill our service obligations
Legal Obligation: Where sharing is required by Indian law or regulation
Legitimate Interest: Where sharing is necessary for our legitimate business interests

International Transfer Compliance for Global Users

Standard Contractual Clauses (SCCs) for international data transfers
Binding Corporate Rules for intra-group transfers where applicable
Adequacy decisions and certifications as recognized by applicable authorities

📌 Important: OneMedAI does not sell, rent, or trade your personal or medical data to any third parties for marketing or advertising purposes under any circumstances.

3. Data Retention Policy

Data CategoryRetention PeriodLegal Basis
Medical Records / ReportsAs per applicable medical record retention lawsLegal Obligation
Patient Records7 years from last interactionRegulatory Compliance
Account DataDuration of account + 30 daysContractual Necessity
Usage Analytics24 monthsLegitimate Interest
Audit Logs3 yearsLegal / Security
Marketing DataUntil consent is withdrawnConsent
Security & Access LogsAs required under ISO 27001 / SOC 2Security & Compliance

⚠️ IMPORTANT: If you are a healthcare provider or institution, your data retention obligations may differ based on applicable medical record retention laws in India (e.g., MCI Guidelines, Clinical Establishments Act). Please consult your legal counsel for specific guidance.

4. AI-Specific Privacy Practices

OneMedAI uses artificial intelligence to process and analyze medical data. We are committed to transparency and ethical AI practices:

a) Training Data & Model Development Safeguards

AI Models are trained on de-identified, anonymized datasets only
No individual patient data is used for model training without explicit consent
Training datasets undergo rigorous quality and bias assessments

b) Automated Decision-Making & Human Oversight

All AI-generated reports and diagnoses are recommendations only
Final clinical decisions always rest with qualified healthcare professionals
Users can request human review of any AI-generated output at any time

c) Algorithm Transparency & Accountability

We maintain documentation of AI model architectures and training methodologies
Regular bias audits and fairness assessments are conducted
AI performance metrics are monitored and reported transparently

📌 Breach Notification Policy: In the event of a data breach involving personal or medical data, OneMedAI will notify affected users and relevant authorities within 72 hours as required under DPDPA 2023 and applicable Indian regulations.

5. Children's Privacy & Pediatric Data

OneMedAI takes special care when processing data related to minors (under 18 years of age):

Parental or Guardian Consent: We require verifiable consent from a parent or legal guardian before processing any minor's health data.
Pediatric data is subject to enhanced security controls and access restrictions.
We do not use children's data for AI model training or any secondary purposes.
Parents/guardians may request access, correction, or deletion of their child's data at any time.

6. Cookies & Tracking Technologies

OneMedAI uses cookies and similar technologies to enhance your experience:

Essential Cookies

Required for platform functionality, authentication, and security. These cannot be disabled.

Functional Cookies

Used to remember your preferences, language settings, and customized interface options.

Analytics Cookies

Help us understand how users interact with our platform to improve services. All analytics data is anonymized.

You can manage cookie preferences through your browser settings or our cookie consent banner.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors:

Material changes will be communicated via email notification to all registered users.
Non-material updates will be reflected on this page with an updated 'Last Modified' date.
Continued use of OneMedAI after changes constitutes acceptance of the updated Privacy Policy.
Previous versions of this policy are available upon request.

8. Contact Information

For any privacy-related questions, concerns, or to exercise your data protection rights, please contact us:

Data Protection Officer:OneMedAI Privacy Team
General Inquiries:info@onelearnai.com
Response Time:Within 30 business days