Privacy Policy

01 Who We Are

MedikZo is a healthcare appointment booking platform operated by Helixova Solutions Private Limited, a company incorporated in India with its registered address at Dinhata Road, Coochbehar – 736101, West Bengal, India.

MedikZo helps patients in tier-2 and tier-3 cities discover doctors and clinics, and book appointments through the app. Our Patient Coordinators confirm appointments by telephonically contacting the relevant clinic and the patient.

For any questions about this policy, contact us at admin@helixova.in.

02 Data We Collect

We collect data in three ways: information you provide, information generated by your use of the platform, and information received from third-party service providers in the course of delivering our service.

Category	What We Collect	When
Account	Name, mobile number	Registration
Family profiles	Names and relationship of additional members added to your account	When you add a profile
Appointment request	Preferred doctor, clinic, specialization, date/time preference, notes you provide	Each booking request
Location	City selected in the app for clinic discovery; device location only if you explicitly grant permission	During app use
Call data	Phone calls made by our Patient Coordinators to confirm appointments are recorded (see Section 04)	During confirmation calls
Notifications	Delivery status of SMS notifications sent to you about your appointment	Appointment lifecycle events
Profile photo	Photo you optionally upload to your patient profile	When you add or update your profile picture
Device & usage	Device type, operating system version, app version, search queries entered in the app	During app use
Crash & diagnostics	Crash reports, stack traces, and app stability diagnostics collected via Firebase Crashlytics	When the app crashes or encounters an error

We do not collect payment card details or government-issued identity numbers (Aadhaar, PAN, passport). Profile photos are stored solely to identify you within the app and are not used for any diagnostic or clinical purpose.

03 How We Use Your Data

Appointment booking & confirmation – to process your request, assign it to a Patient Coordinator, and confirm the slot with the clinic.
Telephonic confirmation – our Patient Coordinator will call you on the mobile number you registered to confirm appointment details.
Notifications – we send SMS messages to update you on appointment status (confirmed, rescheduled, cancelled).
Doctor and clinic discovery – your selected city is used to show you relevant doctors and clinics.
Service improvement – usage data and search queries are analysed in aggregate to improve search quality and the overall platform.
Support and dispute resolution – call recordings and appointment records are used to resolve complaints or disputes.
Legal compliance – to comply with applicable Indian law and respond to lawful requests from government authorities.

Your phone number is protected. Patient Coordinators see only the last four digits of your mobile number on their dashboard. All calls are placed through our platform’s telephony system. Your full number is never displayed to or dialled directly by a coordinator.

04 Call Recording

Calls made by MedikZo Patient Coordinators to confirm your appointment are recorded. By using the MedikZo platform and submitting an appointment request, you consent to being contacted by our coordinators and to those calls being recorded.

Call recordings are used solely for:

Quality assurance and coordinator training.
Resolving disputes about what was communicated during a confirmation call.
Responding to lawful requests from regulatory or judicial authorities.

Recordings are stored on secure, encrypted cloud infrastructure located in India. Access is restricted to authorised MedikZo personnel on a need-to-know basis. Recordings are automatically archived and then deleted per the retention schedule in Section 06.

05 Data Sharing

We do not sell, rent, or trade your personal data. We share data only to the extent necessary to operate the platform:

Recipient	What Is Shared	Purpose
Clinics / Doctors	Your name, appointment details, and preferred date/time	Confirming and scheduling your appointment
CallerDesk	Call metadata and recordings	Telephony infrastructure for coordinator calls
Amazon Web Services (AWS)	All platform data	Cloud hosting and storage – data stored in the Asia Pacific (Mumbai) region
Firebase Crashlytics (Google)	Crash reports and app diagnostics (no personally identifiable information)	App stability monitoring and crash diagnosis
Algolia	Doctor and clinic names, specializations (no patient PII)	Search and clinic/doctor discovery
SMS gateway	Mobile number, appointment status message	Delivering appointment notifications to you
Law enforcement / courts	Data as required by a valid legal order	Compliance with Indian law

All third-party service providers are required to handle your data only for the purposes described above and in accordance with applicable law.

06 Data Retention

Data Type	Retention Period
Account and profile data	For the duration of your account, plus 2 years after deletion
Appointment records	3 years from the appointment date
Call recordings (active storage)	90 days in hot storage
Call recordings (archived)	Moved to cold storage after 90 days; deleted after 1 year from the recording date
SMS delivery logs	1 year
Device and usage data	1 year from collection

When data is no longer required, it is securely deleted or anonymised so it can no longer identify you.

07 Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights with respect to your personal data:

Right to access – you may request a summary of the personal data we hold about you and how it is being used.
Right to correction and erasure – you may request correction of inaccurate or incomplete data. You may also request erasure of your data, subject to any legal obligations that require us to retain it.
Right to grievance redressal – you have the right to raise a grievance with our Grievance Officer (Section 11) and receive a response within the timeframe prescribed by law.
Right to nominate – you may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity.
Right to withdraw consent – where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing done before withdrawal. Withdrawing consent for core platform functions (e.g., coordinator calls) will mean we cannot provide the appointment confirmation service.

To exercise any of these rights, contact our Grievance Officer at admin@helixova.in. We will respond within the period prescribed under applicable law.

Unresolved grievances: If you are not satisfied with our response, you have the right to escalate your complaint to the Data Protection Board of India, once it is constituted and operational under the DPDP Act, 2023.

08 Children

MedikZo accounts must be created by a person who is 18 years of age or older. While you may add family members – including minors – as additional profiles under your account, you represent that you are the parent or legal guardian of any minor whose data is entered, and that you are providing consent on their behalf.

We do not knowingly collect personal data from individuals under 18 who are the primary account holder. If we discover that an account was created by someone under 18, we will deactivate the account and delete the associated data.

09 Security

We implement technical and organisational measures to protect your data, including:

Encryption of data in transit (TLS) and at rest on AWS infrastructure.
Access controls – internal staff see only the data necessary for their role. Patient Coordinators, for example, do not have access to your full mobile number.
Infrastructure hosted exclusively in AWS Asia Pacific (Mumbai) – your data does not leave India.
Call recordings are stored in a private, access-controlled S3 bucket with automatic lifecycle management.

No system is impenetrable. If you suspect a security issue related to your account, contact us immediately at admin@helixova.in.

10 Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you via the app or SMS at least 7 days before the changes take effect, and update the “Effective” date at the top of this page. Continued use of MedikZo after the effective date constitutes acceptance of the revised policy.

We recommend reviewing this page periodically. Previous versions of this policy are available upon written request to admin@helixova.in.

11 Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, the details of the Grievance Officer are:

Suman Das

Grievance Officer · Helixova Solutions Private Limited

Email admin@helixova.in

Address Dinhata Road, Coochbehar – 736101, West Bengal, India

Platform medikzo.com

We will acknowledge grievances within 48 hours and aim to resolve them within 30 days of receipt.

Contents