Last Updated: 16 May 2025
Effective From: 01 July 2023
Entity: MYSTIC EDGE HEALTHCARE PRIVATE LIMITED
Uno.care (“Company”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of individuals (“Users” or “you”) who use our website, applications, services, connected healthcare solutions, and related platforms (“Platform”).
This Privacy Policy describes how we collect, use, store, process, protect, share, and retain personal data of users in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable data-privacy laws.
By accessing or using the Platform, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data as described below.
1. Definitions
For purposes of this Policy:
Term | Meaning |
Personal Data | Any data about an identifiable individual. |
Sensitive Personal Data / Health Data | Medical records, reports, prescriptions, consultation notes, vitals, lab results, disability data, biometric data, and any information relating to health. |
Data Principal | The individual to whom the personal data relates. |
Data Fiduciary | Uno.care, responsible for determining purpose and means of processing personal data. |
Data Processor | Third-parties engaged to process data on our behalf. |
Consent | Free, informed, specific, unambiguous indication of agreement by a clear affirmative action. |
2. Data We Collect
We may collect and process the following categories of personal data:
A. Personal Identification Data
- Name, age, gender, date of birth
- Mobile number, email address
- Government-issued identity documents
B. Health & Medical Data (Sensitive Personal Data)
- Medical history, consultation notes, prescriptions, diagnosis
- Vital measurements, imaging records, doctor observations
- Vaccination and screening information
- Uploaded reports, documents, and attachments
C. Device, Technical & Usage Data
- IP address, device type, OS, browser information
- App usage behavior, logs, cookies, identifiers
- Location (if permitted)
3. Legal Basis for Processing
We process personal data based on:
- Explicit Consent
- Performance of contractual services
- Legal or regulatory requirements
- Legitimate interests (security, improvement, analytics)
- Protection of health or safety
4. How We Use Personal Data
We process your personal data to:
- Provide healthcare services and consultations
- Maintain and manage health records
- Schedule appointments and deliver documentation
- Improve services, analytics, troubleshooting, and support
- Communicate with users and provide updates
- Ensure regulatory compliance and legal obligations
- Prevent misuse, fraud, and unauthorized access
We do not sell personal data.
5. Sharing & Disclosure of Personal Data
We may share data only when necessary with:
A. Third-party service providers (processors)
- Cloud & hosting partners
- Diagnostics and healthcare service partners
- Data analytics tools
- Payment processors
B. Healthcare professionals
Authorized doctors and medical staff involved in your care.
C. Regulatory or legal authorities
When required under law or government directives.
D. Corporate transactions
Mergers, acquisitions, restructuring — users will be notified.
All third-party processors operate under legally binding Data Processing Agreements (DPAs) ensuring confidentiality and security.
6. Cross-Border Data Transfer
Where personal data is transferred outside India, such transfers will take place only subject to:
- Adequate safeguards and contractual obligations
- Compliance with applicable data protection regulations
Data protection equivalent to Indian standards will be ensured.
7. Data Retention
We retain data only as necessary for the purpose collected:
Category | Retention |
Medical Records & Consultation Data | 7–10 years or as required by healthcare regulations |
Account & personal information | While account is active + 24 months |
Analytics & logs | 12 months |
Legal compliance data | As mandated by authorities |
After expiry, data is deleted or anonymized securely.
8. Data Security
We maintain technical, organizational, and administrative safeguards including:
- Encryption (data at rest & in transit)
- Role-based access control (RBAC)
- Secure cloud infrastructure
- Regular audits, monitoring, and incident management
9. Data Breach Notification
In the event of a personal data breach, UNO.care will notify affected individuals and the Data Protection Board of India without undue delay, along with necessary details and remedial actions.
10. Your Rights
Under DPDP Act, users have the following rights:
- Right to access personal data
- Right to correction or erasure
- Right to withdraw consent
- Right to data portability
- Right to grievance redressal
Requests may be submitted via our contact information below.
11. Children’s Data
We do not knowingly process personal data of individuals below 18 years without verifiable parental consent.
12. Cookies & Tracking
We use cookies for:
- Session management
- Analytics and performance
- Personalization
Users may manage settings via browser or device controls.
13. Grievance, Contact & Data Protection Officer
Grievance Officer / Data Protection Officer:
Name: Vishal Bhardwaj
Email: support@uno.care
Responses will be provided within 7 working days.
14. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. Changes will be posted on this website and in the UNO.care application, and updated links will indicate that the Policy has been modified. We encourage you to periodically review this Policy.
For major updates, changes or updates will be effective after 30 days of posting.
15. Withdrawal of Consent & Account Deletion
Users may withdraw consent or request account deletion by contacting support. Upon verification, data will be deleted except where retention is required by law.
Acceptance
By using the Platform and providing personal data, you acknowledge that you have read and understood this Privacy Policy and consent to its processing as described herein.
