Privacy Policy

1. Introduction

MedLens ("we", "our", "us") operates the MedLens pharmacy management platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

We collect information that you provide directly to us:

• Account Information: Phone number, name, email address, pharmacy details (name, GSTIN, drug license number, address).
• Business Data: Invoice records, inventory data, patient names and phone numbers, sales transactions, purchase records.
• Scanned Documents: Invoice images uploaded for OCR processing.
• Usage Data: Log data, device information, and analytics about how you use the Service.

3. How We Use Your Information

• To provide, maintain, and improve the Service.
• To process invoices using optical character recognition (OCR).
• To manage pharmacy inventory, sales, and patient records.
• To send transactional notifications via WhatsApp (invoice sharing, order updates) on your behalf.
• To provide customer support and respond to inquiries.
• To detect, prevent, and address technical issues and security threats.

4. WhatsApp Messaging

Our Service enables pharmacies to share invoices and business notifications with patients and partners via WhatsApp Business API. Messages are sent only when explicitly triggered by authorized pharmacy staff. We do not send marketing messages or unsolicited communications to patients. Message delivery status (sent, delivered, read) is tracked for operational purposes.

5. Data Storage and Security

Your data is stored on secure cloud servers. We implement industry-standard security measures including encrypted connections (HTTPS/TLS), secure authentication with HTTP-only cookies, CSRF protection, and role-based access controls. Scanned invoice images are stored in encrypted cloud storage (S3-compatible). Database backups are encrypted and stored securely.

6. Data Sharing

We do not sell your personal information. We may share data only in these circumstances:

• Service Providers: Cloud hosting, OCR processing (Google Gemini AI), WhatsApp Business API (Meta), error tracking (Sentry).
• Legal Requirements: When required by law, regulation, or legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

7. Data Retention

We retain your business data for as long as your account is active or as needed to provide the Service. Invoice and sales records are retained as required by Indian tax and pharmaceutical regulations. You may request deletion of your account and associated data by contacting us.

8. Your Rights

• Access your personal data stored with us.
• Request correction of inaccurate data.
• Request deletion of your data (subject to legal retention requirements).
• Withdraw consent for optional data processing.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us: