Privacy Policy

Who we are

MidHealth Labs is a telehealth platform for perimenopause and menopause care operated by Learnovate Skills Private Limited, a company incorporated under the Companies Act 2013 with its registered office in Bangalore, Karnataka, India. References to "we", "us", or "our" in this policy refer to Learnovate Skills Private Limited.

MidHealth Labs connects women with qualified gynecologists for remote consultations, personalised treatment plans, and medication delivery. As part of providing this service, we collect and process personal and health-related information. This policy explains what we collect, why we collect it, how we use it, and what rights you have.

The law that governs this policy

This policy is written in compliance with the Digital Personal Data Protection Act 2023 (DPDPA), the Information Technology Act 2000 and its associated rules, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, the Telemedicine Practice Guidelines 2020 issued by the Board of Governors of the Medical Council of India, and applicable provisions of the Indian Contract Act 1872.

What personal data we collect

We collect two categories of information.

The first is basic personal information. This includes your name, date of birth, email address, phone number, and delivery address. We collect this when you register on the platform, complete the symptom assessment, or book a consultation.

The second is sensitive personal data and information as defined under the IT Rules 2011. This includes your health and medical history, menstrual history and cycle information, details of symptoms and conditions you disclose during the assessment or consultation, medications you are currently taking, prescription and treatment records, video consultation recordings, and consultation transcripts. Health information is classified as sensitive personal data under Indian law and is subject to heightened protections under this policy.

We also collect technical data automatically when you use the platform. This includes your IP address, device type, browser type, pages visited, and time spent on the platform. This data is used for security monitoring and platform improvement.

Why we collect your data and the legal basis for processing

We process your basic personal data to create and manage your account, process subscription payments, deliver medications to your home, send appointment reminders and follow-up communications, and provide customer support.

We process your sensitive health data to operate the clinical assessment, match you with an appropriate specialist, enable your doctor to review your history before the consultation, generate and transmit prescriptions to our pharmacy partner, support ongoing care and dose adjustments, and maintain clinical records as required by Indian telemedicine regulations.

Under the DPDPA 2023, the legal basis for processing your personal data is your explicit consent, which you provide at the point of registration and assessment. You may withdraw consent at any time. Withdrawal of consent will result in discontinuation of your care and deletion of your account in accordance with this policy.

Who we share your data with

We share your data only where necessary to provide the service.

Your health information is shared with the specialist gynecologist assigned to your consultation. This is necessary for clinical care and is protected by medical confidentiality obligations.

Your prescription is shared with our pharmacy partner for the purpose of dispensing and delivering your medication. The pharmacy partner is bound by a data processing agreement requiring them to handle your information with the same level of protection as we do.

Your payment information is processed by Razorpay, a PCI-DSS compliant payment gateway. We do not store card details.

Appointment scheduling and video consultation links are managed through Google Workspace and Google Meet. These services operate under their own privacy policies and are used solely for operational purposes.

WhatsApp Business API services, used for appointment reminders and follow-up communications, are provided through a Meta-authorised Business Solution Provider.

We do not sell your personal data to any third party. We do not share your data with advertisers. We do not share your data with any party not listed above without your explicit consent except where required by law.

Data storage and security

Your data is stored on servers located within India or in jurisdictions that provide an equivalent level of data protection as required under Indian law.

We implement the following security measures: end-to-end encryption for all health data transmitted between you and our platform, role-based access controls ensuring only authorised personnel and your treating doctor can access your health records, regular security audits and vulnerability assessments, and strict data minimisation practices ensuring we collect only what is necessary for your care.

In the event of a data breach that is likely to affect your rights or interests, we will notify you and the Data Protection Board of India within 72 hours of becoming aware of the breach, in accordance with the DPDPA 2023.

How long we keep your data

We retain your personal data for as long as your account is active. If you cancel your subscription, we retain your basic personal information for 12 months to facilitate any service-related queries or disputes.

Your health and consultation records are retained for a minimum of seven years from the date of your last consultation. This retention period is required under Indian medical records regulations and the Telemedicine Practice Guidelines 2020 to support clinical continuity and medico-legal requirements.

After the applicable retention period, your data is securely deleted or anonymised.

Your rights under Indian law

Under the Digital Personal Data Protection Act 2023, you have the following rights.

To exercise any of these rights, write to us at privacy@midhealthlabs.com. We will respond within 30 days.

Cookies and tracking

Our website uses cookies to maintain session information and improve your experience. We do not use advertising cookies or third-party tracking cookies. You may disable cookies in your browser settings, though this may affect the functionality of the platform.

Changes to this policy

We may update this policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by email or through a prominent notice on the platform at least 30 days before the changes take effect.