Privacy First

Privacy Policy

We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights as a MedShra user.

Effective: 1 January 2026 Last updated: 12 April 2026 IT Act Compliant
🔐
Data Encrypted
All data encrypted in transit and at rest using AES-256
🚫
Never Sold
Your data is never sold or shared with advertisers
📤
You Own It
Export or delete your data at any time
Table of Contents
  1. Information We Collect
  2. How We Use Your Information
  3. Data Sharing & Disclosure
  4. Data Storage & Security
  5. Data Retention
  6. Your Rights
  7. Cookies & Tracking
  8. Children's Privacy
  9. Changes to This Policy
  10. Contact Us

1 Information We Collect

1.1 Account Information

When you register for MedShra, we collect:

  • Full name, email address, and phone number
  • Business details (pharmacy/company name, address, city, state)
  • GST number and Drug License number
  • Login credentials (passwords are hashed and never stored in plain text)

1.2 Business Data

Data you enter while using MedShra:

Data TypeExamplesPurpose
InventoryMedicine names, batches, expiry dates, stock levelsCore service delivery
BillingCustomer bills, amounts, payment modesBilling & GST reports
Customer DataCustomer names, phone numbers, addressesCRM & WhatsApp messaging
Supplier DataSupplier names, orders, paymentsSupply chain management
FinancialRevenue figures, credit amountsAnalytics & reports

1.3 Technical Data

Automatically collected when you use MedShra:

  • IP address, browser type, and device information
  • Pages visited and features used (for improving UX)
  • Error logs and performance data

2 How We Use Your Information

We use your information exclusively to:

  • Provide the service — Process your bills, manage inventory, generate GST reports
  • Smart features — Run expiry prediction and alerts using your stock data
  • Communications — Send service updates, billing reminders, and support responses
  • Security — Detect and prevent fraud, unauthorised access, and abuse
  • Improve the platform — Analyse usage patterns to build better features
  • Legal compliance — Meet obligations under Indian IT Act, GST law, and Drug regulations
✅ We do NOT use your data for advertising, profiling for third parties, or any purpose beyond providing MedShra services.

3 Data Sharing & Disclosure

We never sell your personal or business data. We may share data only in these limited cases:

3.1 Service Providers

  • Razorpay — Payment processing (subject to Razorpay's Privacy Policy)
  • Cloud provider — Secure data hosting
  • WhatsApp Business API — Sending messages on your behalf

3.2 Legal Requirements

We may disclose data if required by law, court order, or government authority under the Indian IT Act 2000.

3.3 Business Transfer

In the event of a merger or acquisition, your data may be transferred to the successor entity, with prior notice to you.

4 Data Storage & Security

Your data is stored on secure servers located in India, complying with Indian data localisation requirements.

  • Encryption: AES-256 at rest; TLS 1.3 in transit
  • Backups: Daily automated backups with 30-day retention
  • Access control: Role-based access; MedShra staff can only access data when needed for support
  • Security audits: Regular penetration testing and vulnerability assessments
Note: Despite our best efforts, no internet-based system is 100% secure. Please use a strong, unique password.

5 Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • Your data is available for export for 90 days
  • After 90 days, all personal data is permanently deleted
  • Billing records may be retained for 7 years as required by Indian tax law
  • Anonymised, aggregated data may be retained for platform improvement

6 Your Rights

  • Access: Request a copy of all data we hold about you
  • Correction: Update or correct inaccurate data at any time
  • Deletion: Request deletion of your account and associated data
  • Export: Download your data in CSV/Excel format from account settings
  • Restriction: Request we limit how we process your data
  • Objection: Object to certain uses of your data

To exercise any of these rights, email privacy@medshra.com. We will respond within 30 days.

✅ You can export all your data directly from Settings → Data Export in your MedShra dashboard.

7 Cookies & Tracking

Cookie TypePurposeDuration
EssentialLogin sessions, CSRF protectionSession / 30 days
PreferenceTheme (light/dark), language settings1 year
AnalyticsPage views and feature usage (anonymised)90 days

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

8 Children's Privacy

MedShra is a business platform intended for adults (18+) operating registered pharmaceutical businesses. We do not knowingly collect data from individuals under 18. If you believe a minor has registered, contact us at privacy@medshra.com.

9 Changes to This Policy

When we make material changes, we will:

  • Send an email notification to all registered users
  • Display a prominent notice in the MedShra dashboard
  • Update the "Last updated" date at the top of this page

10 Contact Us

  • Email: privacy@medshra.com
  • Support: support@medshra.com
  • WhatsApp: +91 96312 50109
  • Address: MedShra Technologies, Bhagalpur, Bihar — 813204, India
We are committed to resolving privacy concerns promptly. You may also lodge a complaint with MeitY (Ministry of Electronics & IT) if you believe your data rights have been violated.