๐
Data Encrypted
All data encrypted in transit and at rest using AES-256
๐ซ
Never Sold
Your data is never sold or shared with advertisers
๐ค
You Own It
Export or delete your data at any time
1 Information We Collect
1.1 Account Information
When you register for MedShra, we collect:
- Full name, email address, and phone number
- Business details (pharmacy/company name, address, city, state)
- GST number and Drug License number
- Login credentials (passwords are hashed and never stored in plain text)
1.2 Business Data
Data you enter while using MedShra:
| Data Type | Examples | Purpose |
|---|
| Inventory | Medicine names, batches, expiry dates, stock levels | Core service delivery |
| Billing | Customer bills, amounts, payment modes | Billing & GST reports |
| Customer Data | Customer names, phone numbers, addresses | CRM & WhatsApp messaging |
| Supplier Data | Supplier names, orders, payments | Supply chain management |
| Financial | Revenue figures, credit amounts | Analytics & reports |
1.3 Technical Data
Automatically collected when you use MedShra:
- IP address, browser type, and device information
- Pages visited and features used (for improving UX)
- Error logs and performance data
2 How We Use Your Information
We use your information exclusively to:
- Provide the service โ Process your bills, manage inventory, generate GST reports
- AI features โ Train and run expiry prediction models using your anonymised stock data
- Communications โ Send service updates, billing reminders, and support responses
- Security โ Detect and prevent fraud, unauthorised access, and abuse
- Improve the platform โ Analyse usage patterns to build better features
- Legal compliance โ Meet obligations under Indian IT Act, GST law, and Drug regulations
โ
We do NOT use your data for advertising, profiling for third parties, or any purpose beyond providing MedShra services.
3 Data Sharing & Disclosure
We never sell your personal or business data. We may share data only in these limited cases:
3.1 Service Providers
Trusted third-party vendors who help us operate MedShra:
- Razorpay โ Payment processing (subject to Razorpay's Privacy Policy)
- AWS / Cloud provider โ Secure data hosting
- WhatsApp Business API โ Sending messages on your behalf
- Google Analytics โ Anonymised usage analytics
All service providers are bound by data processing agreements and may only use your data to provide services to MedShra.
3.2 Legal Requirements
We may disclose data if required by law, court order, or government authority under the Indian IT Act 2000 or other applicable regulations.
3.3 Business Transfer
In the event of a merger or acquisition, your data may be transferred to the successor entity, with prior notice to you.
4 Data Storage & Security
Your data is stored on secure servers located in India, complying with Indian data localisation requirements.
- Encryption: AES-256 encryption at rest; TLS 1.3 in transit
- Backups: Daily automated backups with 30-day retention
- Access control: Role-based access; MedShra employees can only access data when needed for support
- Security audits: Regular penetration testing and vulnerability assessments
Note: Despite our best efforts, no internet-based system is 100% secure. Please use a strong, unique password and enable any available two-factor authentication.
5 Data Retention
We retain your data for as long as your account is active. Upon account deletion:
- Your data is available for export for 90 days
- After 90 days, all personal data is permanently deleted from our systems
- Billing records may be retained for 7 years as required by Indian tax law
- Anonymised, aggregated data may be retained indefinitely for improving our AI models
6 Your Rights
As a MedShra user, you have the following rights regarding your data:
- Access: Request a copy of all data we hold about you
- Correction: Update or correct inaccurate data at any time
- Deletion: Request deletion of your account and associated data
- Export: Download your data in CSV/Excel format from account settings
- Restriction: Request we limit how we process your data
- Objection: Object to certain uses of your data
To exercise any of these rights, email privacy@medshra.com. We will respond within 30 days.
โ
You can export all your data directly from Settings โ Data Export in your MedShra dashboard.
7 Cookies & Tracking
MedShra uses the following types of cookies:
| Cookie Type | Purpose | Duration |
|---|
| Essential | Login sessions, CSRF protection | Session / 30 days |
| Preference | Theme (light/dark), language settings | 1 year |
| Analytics | Page views and feature usage (anonymised) | 90 days |
You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.
8 Children's Privacy
MedShra is a business platform intended for adults (18+) operating registered pharmaceutical businesses. We do not knowingly collect data from individuals under 18 years of age. If you believe a minor has registered, please contact us immediately at privacy@medshra.com.
9 Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Send an email notification to all registered users
- Display a prominent notice in the MedShra dashboard
- Update the "Last updated" date at the top of this page
Continued use of MedShra after the effective date of changes constitutes acceptance of the revised policy.