Medizys Clinical OS

Last updated: June 2026

At Medizys, we take your privacy and the security of medical data extremely seriously. This Privacy Notice details how we collect, process, and protect your information in compliance with the Digital Personal Data Protection Act (DPDPA), 2023.

Data Fiduciary Declaration

Under the DPDPA, Medizys acts as a Data Fiduciary. We determine the purpose and means of processing your personal data. We process your data solely for providing healthcare queue management, scheduling, and clinical operations as requested by you.

Data Collection & Processing

We collect information that you provide directly to us, such as when you create an account, book an appointment, or use our platform. This processing is strictly based on your explicit consent, which you can withdraw at any time.

Data Subject Rights (DSR)

You have the right to:

Access information about personal data processed by us.
Correct, complete, or update your personal data.
Request erasure of your personal data when it is no longer necessary for the purpose it was collected.
Readily withdraw your consent or manage your consent preferences.

Third-Party Data Processors

We engage third-party Data Processors (e.g., Cloudflare, Neon DB) under strict Data Processing Agreements (DPAs). These vendors are contractually bound to implement robust security measures and are prohibited from using your data for their own purposes.

Breach Notification Protocol

In the event of a personal data breach, Medizys has a rapid response protocol. We will notify the Data Protection Board of India (DPBI) and affected users within 72 hours, and file a report with CERT-In within 6 hours, as mandated by Indian cybersecurity regulations.

Data Security

All health information processed by Medizys is encrypted at rest and in transit. We enforce strict role-based access controls to ensure data is only visible to authorized medical personnel and authorized system administrators.