Privacy Policy

This policy explains what data MCMRx India (“MCMRx”, “we”) collects when you browse mcmrx.com or use our mobile apps, why we collect it, how long we keep it, and your rights.

• Account data — email, optional display name, MCMRx patient code, role (patient / doctor / pharmacy / admin). Doctors additionally provide registration number + council; pharmacies provide drug-licence number + address.
• Health-record data — saved medicines, prescriptions, reminders, family-member profiles, insurance cards, and government-scheme card details that you choose to add. Uploaded card images are stored in private buckets that only you can read.
• Location — your device's approximate location, only when you grant permission, to surface nearby pharmacies, camps, and healthcare facilities. We round logged search locations to two decimal places (~1.1 km) before persisting.
• Activity — searches, contributions, prescription views, and pharmacy bookmarks, used to power your dashboard and improve recommendations.
• Payment data — when you pay through Razorpay, we receive the order ID, payment ID, and amount; we never receive or store card numbers or UPI credentials.
• Operational logs — request metadata (IP, user-agent, timestamps) retained for up to 30 days for abuse prevention.

• Provide the core features: medicine price comparison, prescriptions, reminders, family profiles, scheme info.
• Verify doctor and pharmacy applicants before granting portal access.
• Crowd-source crowdsourced price data is aggregated; we never publish your individual receipts.
• Process payments via Razorpay and reconcile orders / subscriptions.
• Communicate transactional notices (prescription received, payment receipts, account alerts).

• Doctors you give your patient code to — see name, age (if provided), and prescriptions issued to you.
• Pharmacies you order from — see your delivery address and the items in that order only.
• Razorpay — for payment processing only.
• Supabase / AWS — our cloud hosts; bound by data-processing agreements.

We do not sell your data to third parties. We do not run advertising on MCMRx.

• Access, correct, or export any data we hold about you.
• Delete your account — health records and uploads are removed; legal/audit records are retained per Indian law.
• Withdraw consent for location at any time from your device settings.

To exercise these rights, email support@mcmrx.com or use the contact form.

Health records persist for as long as your account is active. After account deletion we keep minimal audit records (admin actions, payment receipts) for up to 7 years per Indian financial-record norms; all other data is purged within 30 days.

Data is encrypted in transit (TLS 1.2+) and at rest. Storage buckets enforce per-user access policies. Sensitive secrets (Razorpay, email API keys) live only on the server side. We notify affected users within 72 hours of confirming any incident that compromises personal data.

MCMRx is for users aged 18+. Family-member profiles (including minors) may be created and managed by a consenting adult account holder.

We'll post any material change on this page with a new “Last updated” date and notify signed-in users by email at least 14 days in advance of effect.

Questions or complaints? support@mcmrx.com · or visit the contact page.