Privacy Policy

MediVyn is a personal health tracking application operated by Saikiran Bandi, trading as MediVyn, based in Hyderabad, India. We are reachable at saikiran@medivyn.com.

This Privacy Policy applies to all MediVyn products including medivyn.com, medivyn.health, and our mobile applications on Android.

Account Information

• Name and email address (from Google Sign-In or direct registration)
• Profile photo (if provided via Google)
• Account creation date and last login

Health Data (provided by you)

• Vital signs: blood pressure, heart rate, SpO2, temperature, weight
• Blood glucose readings and type (FBS, RBS, PPBS, HbA1c)
• Medications: name, dose, frequency, reminder time
• Daily wellness: mood, sleep quality, eating habits, movement, hydration
• Symptom descriptions and AI assessment results
• Health records and documents you upload
• Medical history: past illnesses, surgeries, allergies, family history
• Lifestyle information: smoking, alcohol, activity level, diet type

Usage Data

• Features used and frequency of use
• Device type, operating system, and app version
• Crash reports and error logs
• General location (country level, from IP address) for pricing purposes

Payment Data

• Subscription status and expiry date
• Payment transaction IDs (we do not store card numbers or bank details — these are handled by Razorpay and Google Play)

We use your data exclusively to provide and improve MediVyn:

• To display your health history and trends within the app
• To generate personalized AI health insights based on your logged data
• To power the AI symptom checker with your health context
• To send medication reminders and daily wellness notifications
• To generate pre-appointment summaries for your doctor visits
• To determine your subscription pricing based on your region
• To send important service updates and policy changes
• To diagnose technical problems and improve app performance

We do not use your health data for advertising, profiling, or any commercial purpose beyond providing MediVyn to you.

Your data is stored using Google Firebase, hosted on Google Cloud infrastructure with servers in asia-south1 (Mumbai, India). All data is:

• Encrypted in transit using TLS 1.2 or higher
• Encrypted at rest using AES-256
• Protected by Firebase Security Rules that ensure only you can access your data
• Backed up automatically by Google Cloud infrastructure

Health records and documents you upload are stored in Firebase Storage with the same encryption standards. Access URLs are time-limited and require authentication.

While we implement industry-standard security measures, no system is 100% secure. We encourage you to use a strong password and enable two-factor authentication on your Google account.

We do not sell, rent, or trade your personal or health data to any third party.

We share data only with the following service providers, strictly for operating MediVyn:

• Google Firebase — database, authentication, and file storage
• OpenAI — AI health tips and insights (anonymized prompts only, no personal identifiers sent)
• Anthropic — AI symptom checker (anonymized health context only)
• Razorpay — payment processing (we share only what is required to process your payment)
• Vercel — web application hosting

Each of these providers is bound by their own privacy policies and data processing agreements. We do not permit them to use your data for any purpose other than providing their services to us.

We may disclose your data if required by law, court order, or to protect the safety of users or the public. We will notify you of such disclosures where legally permitted.

MediVyn uses AI to generate personalized health insights. When your data is sent to AI providers:

• We send only the minimum data necessary for the specific insight
• We do not send your name or email to AI providers
• Health context is sent as anonymized clinical data
• AI providers are contractually prohibited from using your data to train their models

The AI-generated insights are stored in your account so you can review them. You can delete them at any time from your profile settings.

Regardless of where you are located, you have the following rights over your data:

• Access — Request a copy of all data we hold about you
• Correction — Update or correct inaccurate data through the app or by contacting us
• Deletion — Request deletion of your account and all associated data
• Portability — Request your health data in a machine-readable format
• Restriction — Request that we limit how we process your data
• Objection — Object to specific types of processing

To exercise any of these rights, email saikiran@medivyn.com. We will respond within 30 days.

EU/EEA Users (GDPR): You have additional rights under the General Data Protection Regulation including the right to lodge a complaint with your local supervisory authority.

UK Users: You have rights under the UK GDPR and Data Protection Act 2018.

California Users (CCPA): You have the right to know what personal information we collect, to delete it, and to opt out of its sale. We do not sell personal information.

Indian Users (DPDP Act): You have rights under India's Digital Personal Data Protection Act 2023 including the right to access, correct, and erase your personal data.

We retain your data for as long as your account is active. If you delete your account:

• Your health data is permanently deleted within 30 days
• Uploaded health records and documents are deleted within 30 days
• Payment records are retained for 7 years as required by financial regulations
• Anonymized, aggregated usage statistics may be retained indefinitely

MediVyn is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will delete it immediately. If you believe we have collected data from a child, contact saikiran@medivyn.com.

The MediVyn web application uses the following:

• Authentication cookies — required for you to stay logged in
• Session storage — temporary caching of your data for faster page loads (cleared when you close your browser)
• Vercel Analytics — anonymous usage statistics to help us improve the app (no personal identifiers)

We do not use advertising cookies, third-party tracking, or behavioral profiling cookies.

MediVyn is operated from India and your data may be processed by our service providers in other countries including the United States (Google, OpenAI, Anthropic, Vercel). These transfers are protected by:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Data Processing Agreements with all service providers
• Industry-standard encryption for all data in transit

MediVyn sends push notifications for medication reminders, daily wellness check-ins, and streak updates. You can disable notifications at any time through:

• MediVyn app Settings → Notifications
• Your device's notification settings

Disabling notifications will not affect your ability to use MediVyn, but you will not receive medication reminders.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The effective date at the top of this page reflects the most recent update.

Continued use of MediVyn after changes constitutes acceptance of the updated Privacy Policy.

For any privacy-related questions, requests, or concerns:

Data Controller: Saikiran Bandi, trading as MediVyn

Email: saikiran@medivyn.com

Website: medivyn.com

Response time: Within 30 days for data requests, within 5 business days for general inquiries.