This Privacy Policy describes how MetaboliQ Technologies Pvt. Ltd. (“MetaboliQ”, “we”, “us”) may collect, use, store, and disclose information when you use our websites, applications, and related services (collectively, the “Services”). This document is provided for transparency; it is not legal advice. If you are a patient or healthcare provider, additional terms may apply under your agreement with us or your clinic.
Depending on how you interact with the Services, we may process categories of information such as: identifiers (e.g. name, email, phone); professional information (e.g. specialty, clinic); technical data (e.g. device type, IP address, logs); and, where applicable, health-related data introduced through clinical workflows subject to consent and applicable law.
We process information to operate and improve the Services; provide support; ensure security and fraud prevention; meet legal and regulatory obligations; and, where permitted, communicate about products and updates. Health data is handled in line with consent, purpose limitation, and applicable healthcare and data-protection requirements.
Where the Digital Personal Data Protection Act, 2023 (India) or other laws apply, we rely on appropriate grounds such as consent, legitimate uses as defined by law, or other permitted bases. You may withdraw consent where processing is consent-based, subject to legal exceptions.
We may share information with service providers who assist us under contracts that require appropriate safeguards. We may disclose information if required by law or to protect rights, safety, and security.
Named processors include:
We retain prescription records for 5 years from the date of issuance, in line with typical Indian medical-record retention norms. After 5 years, records are eligible for automated deletion.
We implement technical and organisational measures designed to protect information. No method of transmission or storage is completely secure; we encourage responsible use of credentials and devices.
Subject to applicable law, you may have rights to access, correction, erasure, restriction, objection, or portability, and rights regarding automated decision-making. Patients (or their legal representatives) may withdraw consent for processing and delivery of notifications. Once consent is withdrawn, the system will not deliver new prescription notifications to the patient via SMS, though existing records remain stored per the retention policy above. To exercise rights or ask questions, contact us at the email below.
Currently. MetaboliQ uses Google Cloud Platform for all infrastructure. Patient data — including prescriptions, patient profiles, and audit logs — is currently stored in Google's us-central1 region (Iowa, USA), processed under Google's Cloud Data Processing Addendum and Standard Contractual Clauses, which provide the legal safeguards required for cross-border data transfers under Indian law and global privacy frameworks.
Where we're going. We are migrating production infrastructure to Google Cloud's asia-south1 region (Mumbai) to bring all patient data within India. The migration is targeted for Q3 2026. Once complete, we will update this Privacy Policy and notify pilot doctors. No new patient data will be created in us-central1 after the cutover date.
Where data is processed outside India, we take steps consistent with applicable law to ensure appropriate protection.
Our Services are not directed at children in a manner that solicits personal data contrary to law. If you believe we have collected data from a child improperly, please contact us.
We may update this Policy from time to time. The “Last updated” date will change when we do; material changes may be communicated as required by law.
Per DPDP Act §13, queries, complaints, and requests to exercise rights may be addressed to:
Tushar Langer
Designation: Data Protection Officer & Grievance Officer
Email: tushar.langer@metaboliq.in
MetaboliQ Technologies Pvt. Ltd., Hyderabad, India