MyMedicals

Legal

Privacy Policy

This page implements the finalized privacy policy content for MyMedicals, formatted as a documentation-style page for readability, with section anchors, a sticky left navigation, and on-page search.

Issue date

16 February 2026

Last updated

16 February 2026

Public URL

https://mymedicals.life/privacy-policy

1.INTRODUCTION AND WHO WE ARE

1.1About this Privacy Policy

This Privacy Policy explains how we access, collect, use, share, store, secure, retain, and delete information when you use MyMedicals (the “App”) and related services, including our support channels and the webpages we operate to support the App (together, the “Service”). This Privacy Policy describes the Service as it exists today. If we change how the Service handles personal data, we will update this Privacy Policy accordingly.

MyMedicals does not contain adult or explicit content. Any age limitation described in this Privacy Policy exists only for privacy/legal compliance because the Service allows users to store and manage health-related information.

No medical advice: MyMedicals does not provide medical advice, diagnosis, treatment, or clinical decision support. The Service is intended only for personal organization, record-keeping, and adherence tracking (for example, reminders and optional history views). Always seek the advice of a qualified healthcare professional with questions about medications or medical conditions, and do not rely on the Service for emergency or time-critical medical decisions.

1.2Who we are

The Service is operated by DEVRECON Softwares Private Limited (“DEVRECON”, “we”, “us”, “our”). DEVRECON is responsible for the privacy practices described in this Privacy Policy.

Registered Office Address:

DEVRECON Softwares Private Limited 402, 4th floor, Sri Sai Raghava Residency Balaji Nagar, Kukatpally Hyderabad, Telangana 500072 India Store distribution identity (for clarity):

The App is distributed on the Apple App Store under the Apple Developer Program seller name Sri Sasank Vemuri, who is acting as DEVRECON’s authorized representative for App Store distribution and operations. The App is distributed on Google Play under the developer identity DEVRECON Softwares Private Limited. Regardless of which store account distributes the App, DEVRECON operates the Service and remains responsible for the processing described in this Privacy Policy.

1.3What this Privacy Policy covers

This Privacy Policy applies to:

the MyMedicals mobile application for Android and iOS; our official MyMedicals support channels (including email support); and the MyMedicals webpages used to support the App, including this Privacy Policy and our account deletion instructions page.

Geographic availability (EEA/UK/Switzerland): The Service is intended for users in India.

We do not direct the Service to individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland, and we do not knowingly offer the Service to those regions. If you are located in the EEA/UK/Switzerland, please do not use the Service.

This Privacy Policy does not apply to third-party websites, services, or apps you may access via links or through services not controlled by DEVRECON. Those third parties have their own privacy practices and policies.

1.4Key terms used in this Policy

For the purposes of this Privacy Policy:

Personal data / personal information means information that identifies you directly (such as your email address) or that can reasonably be linked to you, your account, or your device. Health-related information means information you choose to enter, upload, or store in the App about medications, prescriptions, reminders, adherence history, and related notes. Because this may reveal information about a person’s health, it may be treated as sensitive under certain laws and platform rules. User content means content you provide through the Service, such as photos/files you upload (including prescriptions) and text you enter into the App.

1.5Eligibility (18+ only) and age enforcement

MyMedicals is intended for users aged 18 years and older. We enforce this requirement at sign-up using a date-of-birth check. If you have not completed 18 years of age, you cannot create an account. If you are 18 or older (including users who have just turned 18), you may create an account.

By creating an account and using the Service, you confirm that you are at least 18 years old and that the information you provide is accurate.

We do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has provided personal data to us, please contact us using the details in Section 1.8 so we can take appropriate steps to delete the data and prevent further processing.

1.6Third-party services we use to operate the Service

MyMedicals relies on third-party services and libraries to provide core functionality. Depending on the service, a provider may process data on our behalf to deliver the Service. We do not sell personal data.

The Service uses the following third-party services and libraries (current build):

Cloud infrastructure and authentication: We use Amazon Web Services (AWS), including AWS Cognito, for hosting, storage, and account authentication/identity management. Analytics: We use Firebase Analytics to understand app usage patterns and improve reliability and user experience. Push notifications: We use Firebase Cloud Messaging (FCM) for Android push notifications and Apple Push Notification service (APNs) for iOS push notifications so reminders and alerts can be delivered to your device. Push delivery requires device/app push tokens. Sign-in options: Where you choose to use it, we support authentication through Google Sign-In. Prescription scanning / extraction (only when you choose to scan): If you choose to use prescription scanning features, prescription content (such as an image and/or extracted text) may be processed to extract medication fields. This processing may involve use of the OpenAI API to structure or extract information from the prescription content. Scanning is optional, and you can use manual entry instead of scanning. We do not authorize our AI service provider to use our API inputs/outputs to train or improve their models. Limited retention by the provider for security and abuse prevention may occur as part of operating the API service. On device/local libraries: We use Realm (local database) and Nuke (iOS image loading/caching library) to support app functionality. Health platforms: MyMedicals does not request access to, or read/write data from, Google Health Connect or Apple HealthKit.

1.7Where your data is processed (including cross-border processing)

Our primary cloud infrastructure is hosted in AWS EU-West (Europe). Depending on where you use the Service from, your personal data may be stored and processed outside India, including in the European Union.

1.8How to contact us (support, privacy, and grievances)

You can contact us at:

Support: support@mymedicals.life Privacy and escalations: management@devrecon.in If you are contacting us about privacy or account matters, please include the email address associated with your MyMedicals account and a clear description of your request so we can respond efficiently and securely. Grievance Officer (India):

Director, DEVRECON Softwares Private Limited - Rama Sundari Kari Email: management@devrecon.in Postal address: DEVRECON Softwares Private Limited, 402, 4th floor, Sri Sai Raghava Residency, Balaji Nagar, Kukatpally, Hyderabad, Telangana 500072, India

1.9Account deletion (in-app and outside-app)

If you created a MyMedicals account, you can request deletion using either method below. Account deletion is permanent and is not the same as “deactivation.” In-app deletion: You can delete your account within the App (Account/Profile settings → Delete Account). After you confirm deletion, we delete your account and associated account data from our active systems right away. Outside-app deletion: You can also request deletion outside the App using either of the following:

Web resource: https://mymedicals.life/delete-account.

Email: support@mymedicals.life (send the request from your registered email address) Important: To protect your account security, you must send the request from the email address registered to your account. We cannot process deletion requests from unregistered email addresses.

Verification and Timing: Requests made outside the App are processed manually and may require a verification step (for example, replying to a confirmation email). We typically acknowledge requests within 48 hours, and we complete the deletion within 5 business days after verification. When an account is deleted, we delete or de-identify personal data associated with that account from our active systems. Limited information may remain for a limited period in security or operational logs, or where retention is required for legal compliance, fraud prevention, abuse prevention, or dispute handling. Details on retention and deletion are described in the Data Retention and Deletion section of this

1.10Where to find this Privacy Policy

The latest version of this Privacy Policy is available at:

https://mymedicals.life/privacy-policy

1.11Changes to this Privacy Policy

We may update this Privacy Policy from time to time to keep it accurate and aligned with our practices, legal obligations, and platform requirements. When we update it, we will revise the “Last Updated” date at the top and publish the updated version at https://mymedicals.life/privacy-policy

2.DEFINITIONS

2.0Overview

For purposes of this Privacy Policy, the following definitions apply:

“App” means the MyMedicals mobile application made available on iOS and Android. “Service” means the App and the related services we provide through it, including the core functionality, features available in the current version of the App, and our official support channels related to the App. “Company”, “DEVRECON”, “we”, “us”, or “our” means DEVRECON Softwares Private Limited, the developer and operator of MyMedicals. “You” or “User” means any person who accesses or uses the Service. “Account” means your registered MyMedicals user account and the profile, settings, and identifiers associated with it. “Personal Data” (also called “Personal Information” in some jurisdictions) means any information that relates to an identified or identifiable individual. This includes information that directly identifies you (for example, your name or email address) and information that can reasonably be linked to you, your Account, or your device. “Sensitive Personal Data”, “Sensitive Data”, or “Personal and Sensitive User Data” means categories of Personal Data that are treated as sensitive or higher-risk under applicable laws and/or platform policies and may require heightened protections. In the context of MyMedicals, this can include Health Data, medical documents/images you upload, and authentication/security information. “Health Data” means health-related information you choose to provide or store in the App, such as medication details, prescription-related information, medical schedules, reminder/adherence history, allergies or dietary sensitivities (e.g., gluten status), medical notes, and related health information you choose to store (and, if you choose to provide them, items such as blood group and other health profile fields). “Account Data” means information used to create, authenticate, and operate your Account, such as your name (if provided), email address, phone number (if provided), date of birth (used to verify eligibility to use the Service), chosen login method (for example, email/password or third-party sign-in), and basic profile/settings information. “Authentication Data” means information used to verify your identity and securely sign

you into the Service. This can include hashed passwords (where applicable), OTP/verification events, login/session tokens, session identifiers, and authentication metadata. “User Content” means the content you choose to upload, submit, store, or otherwise make available through the Service, including photos/images, documents/files (such as prescriptions), text entries, notes, and any attachments. User Content may contain Personal Data or Health Data depending on what you upload or type. “Prescription Scan Data” means the content and outputs related to the prescription scanning workflow, including (a) the image you choose to scan/upload and (b) extracted text/fields produced during the scan workflow (for example, medication name, dosage, and frequency), where applicable. “Medication and Reminder Data” means information you create to use the core reminder functionality, such as medication entries, schedules, reminder configuration, and adherence interactions (for example, completion status and interaction timestamps). “Device Data” means technical information about the device and app environment used to access the Service, such as device model, operating system version, app version, language/region settings, network information, and similar operational signals used for security, reliability, and performance. “Device Identifiers” means identifiers that can be linked to a particular device or app installation, such as push notification tokens, app instance identifiers, installation identifiers, and similar IDs used to deliver notifications, maintain security, prevent fraud/abuse, and measure app usage. “Push Token” means a device/app token used to deliver push notifications to your device (for example, medication reminders). Push tokens are used to route notifications to the correct device/app instance. “Analytics Data” means information about how users interact with the Service, such as feature usage, app opens, screen views, interaction patterns, and similar signals used to understand performance and improve the Service. “Diagnostics Data” means technical information used to troubleshoot, secure, and improve the Service, such as crash logs, error reports, performance logs, and related debugging data. “Sharing” (in-app sharing) means sharing you intentionally initiate using MyMedicals features, where you choose to make selected information visible to another

MyMedicals user through the App. “Data Sharing” (platform disclosure term) means disclosure or transmission of data from the App to another entity, including vendors/service providers used to operate the Service. This term may be used differently by platform disclosure forms and can include service-provider transmissions that occur under our instructions to operate the Service. “Service Providers” means third-party vendors we use to operate, maintain, support, or improve the Service (for example, cloud hosting, authentication, analytics, notification delivery, and prescription scanning providers). Service Providers process data on our behalf and under our instructions for purposes related to providing the Service. “Third-Party Services” means third-party platforms or services that may be involved in

your use of the Service (for example, Apple/iOS services, Google/Android services, telecom providers, or external websites). Third-Party Services operate under their own policies and terms. “Third-Party SDKs” means software libraries integrated into the App that help deliver functionality (for example, authentication, analytics, notifications, scanning, or storage). Depending on configuration, SDKs may process certain data as part of providing their function. “Processing” means any operation performed on data, whether or not automated, such as accessing, collecting, recording, organizing, structuring, storing, updating, using, transmitting, disclosing, securing, retaining, deleting, erasing, or transferring data. “Consent” means a clear, affirmative agreement to a specific data processing activity after you have been provided clear information about what will happen. Consent may be collected through actions such as tapping “I Agree,” enabling a setting, submitting information through the App, or granting a device permission when prompted. “De-identified Data” means data that has been modified so it can no longer reasonably be used to identify you. De-identified data may be used for analytics and service improvement where permitted by law and consistent with this Privacy Policy. “Aggregated Data” means data combined with other data so it is summarized and does not identify any individual user. “Data Controller” means the organization that determines the purposes and means of processing Personal Data. For MyMedicals, DEVRECON is the Data Controller for most processing described in this Privacy Policy. “Data Processor” means an organization that processes Personal Data on behalf of a Data Controller (for example, a Service Provider operating under our instructions). “Data Principal” means the individual to whom the Personal Data relates (in other words, the person whose data is processed). “Data Fiduciary” means the entity that determines the purpose and means of processing Personal Data (in other words, the organization responsible for the processing decisions). For MyMedicals, DEVRECON acts as the Data Fiduciary for most processing described in this Privacy Policy. “Tracking” means (i) linking user or device data collected from this App with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes, or (ii) sharing user or device data with a data broker. Note: MyMedicals does NOT engage in Tracking as defined here. “Data Broker” means an entity that collects or aggregates information about individuals and sells, licenses, or otherwise discloses that information to other entities, typically for advertising, profiling, or similar commercial purposes. “Retention” means how long we keep Personal Data before deleting or de-identifying it, subject to operational needs and legitimate purposes (for example, security, fraud prevention, dispute handling, and legal compliance) as described in this Privacy Policy. “Delete Account” means a request to remove your MyMedicals Account from our active records and delete associated Personal Data that we are not legally required to maintain, subject to the retention rules described in this Privacy Policy.

3.DATA WE COLLECT

3.0Overview

We collect and process information in four main ways: (A) information you provide when you create an account, complete your profile, enter medication or other healthrelated details, upload content, use sharing, or contact support; (B) information generated when you use app features (for example, reminders and adherence history); (C) information collected automatically for technical operation, security, abuse prevention, and reliability; and (D) information received from third parties when you choose to use those features (for example, sign-in providers and push notification services). Because MyMedicals is designed to store and manage health-related information, some information you choose to provide may be treated as sensitive under certain laws and platform policies.

3.1Data you provide (Account, Profile, Preferences)

When you create an account or update your profile/settings, we collect the information needed to create and operate your account and provide core app functionality. Depending on the sign-in method you choose, this may include your name, email address and/or phone number. In the current version, we also collect your date of birth to verify eligibility to use the Service (18+ only), and blood group as part of your profile.

You may also choose to provide additional profile information, such as address, height, weight, dietary preferences and/or allergies (including dietary restrictions such as gluten-related preferences), and a profile picture if you upload one. You control whether you provide optional profile fields.

Your account is associated with identifiers such as your email address and/or phone number (depending on how you signed up). Certain identifiers may not be editable inside the App, and you can contact support if you need assistance updating them.

3.2Medication and reminder data (core feature data)

MyMedicals is a medication reminder, storage, and sharing application. When you use medication and reminder features, we collect and store medication and schedule information you create or enter in the App. This can include medication name, optional display labels, course or schedule details (such as start date, duration, quantity, dosage/frequency, and scheduled reminder times), and configuration settings needed to deliver reminders.

We also collect and store adherence and interaction records generated by your use of reminders, including interaction timestamps and outcomes such as whether a reminder/dose was marked as taken, snoozed, missed, or taken late relative to the scheduled time. This adherence history is used to display your medication history and summaries inside the App.

We do not collect device health sensor data (for example, step count, heart rate, or other vitals), and we do not access data from Apple HealthKit or Google Health Connect.

3.3Prescription scans (images and extracted information) - only if you choose to use scanning

If you choose to scan or upload a prescription (or similar medical document), we collect and process (a) the image you upload and (b) the information extracted from it (for example, medication name, dosage, and frequency), where extraction is successful. Prescription images may contain sensitive personal information printed on them (for example, patient name, doctor details, clinic identifiers, or medical notes).

We use the OpenAI API as a service provider to provide prescription scanning/extraction functionality when you initiate a scan. This means the prescription image and/or relevant text may be transmitted to OpenAI for processing so we can extract and structure medication fields and help populate medication entries and reminders.

We do not opt in to allow our OpenAI API inputs/outputs to be used to train or improve OpenAI models, and we use the scanning output only to provide the scanning feature and populate your medication information. The service provider may retain limited API content for a limited period for security and abuse-prevention purposes as part of operating the API service.

If you do not want prescription content transmitted for scanning, you can avoid the scanning feature and use manual entry workflows.

3.4Files, photos, and text you upload (User Content)

We collect and store the content you choose to upload or store in the App, such as photos/images (including prescription images), documents/files (including medical documents you choose to store), and text entries or notes you save. Depending on your device settings and your actions, the App may request access to device permissions such as camera access (to capture an image) or photo access (to upload an existing image). Your device may allow you to grant limited photo access (for example, access only to selected photos) rather than full-library access; when you grant limited access, the App can access only the photos you select and cannot access the rest of your library. You can manage, limit, or revoke these permissions at any time in your device settings; if you revoke a permission, related features may not function.

3.5Sharing data (only when you choose to share)

By default, your content is private to you. We collect sharing-related data only when you intentionally use in-app sharing features. This may include what information you chose to share, which MyMedicals user you shared it with, sharing timestamps, and any sharing permissions/roles supported by the feature. Sharing occurs only through your action inside the App, and shared information is presented inside MyMedicals rather than through public links.

3.6Notifications data (push tokens, preferences, and reminder interactions)

To deliver medication reminders, we use standard notification services (APNs on iOS and FCM on Android). For notifications to work, we process a push notification token associated with your device/app installation, along with notification preferences and delivery signals necessary to route reminders to your device. When you interact with reminders (for example, marking a dose as taken or snoozing a reminder), those interactions are stored as part of your adherence history described in Section 3.2.

3.7Authentication data (sign-in and account security)

Depending on your sign-in method, we process authentication data needed to create and secure your account and keep you signed in. This can include verification events (for example, OTP/verification workflows where used), session identifiers, and sign-in provider identifiers when you choose a third-party sign-in option. We use this information to authenticate you, prevent unauthorized access, maintain secure sessions, and support account recovery.

3.8Technical, security, and session data (automatic collection)

To operate the Service securely and reliably, we automatically collect certain technical and security data. This may include IP address, request and event timestamps, device and app information (such as device model, operating system version, app version, language/region settings), session identifiers and security tokens, and diagnostic/error logs (for example, crash or server error logs). We use this information to keep accounts secure, detect and prevent abuse or fraud, troubleshoot issues, and maintain reliability and performance.

3.9Analytics data (app usage measurement)

We use analytics tooling (including Firebase Analytics) to understand how the App is used, evaluate stability/performance, and improve the user experience. Analytics data may include app interaction events (such as feature usage), app performance and reliability signals, and device/app identifiers used to measure installations and sessions.

We do not use these identifiers or analytics data for cross-app tracking or targeted advertising, and we do not share them with data brokers.

3.10Support communications

If you contact support, we collect the content of your message and any attachments you provide, along with contact details and metadata needed to respond and troubleshoot (such as message timestamps and technical details you choose to share like device type, app version, or screenshots).

3.11Data we do not intentionally collect (current version)

In the current version, we do not intentionally collect precise (GPS) location data, your device contacts list/phonebook, payment card details, government identification numbers, or health platform data from Google Health Connect or Apple HealthKit.

4.HOW WE USE YOUR DATA

4.0Overview

We use the data described in Section 3 only for purposes that are necessary to operate MyMedicals as a medication reminder, storage, and in-app sharing service; to keep accounts and systems secure; to provide support; to maintain reliability; and to comply with applicable legal obligations. We do not use Health Data or other personal data for targeted advertising, and we do not sell personal data. We do not use identifiers collected from MyMedicals to track you across other companies’ apps, websites, or offline properties.

4.1Account creation, eligibility, login, and profile management

We use Account Data, Authentication Data, and Profile/Preference Data to create and manage your account, verify eligibility (18+ using date of birth), authenticate you when you sign in, and maintain your account settings and preferences. This includes using your contact details to verify and secure your account (for example, verification flows and account recovery), to maintain secure sessions, and to apply security measures designed to prevent unauthorized access. If you provide optional profile details such as blood group, height/weight, dietary preferences and/or allergies (including gluten-related preferences), or a profile picture, we use that information only to support your use of the Service within MyMedicals and to display it to you (and only to people you intentionally share it with inside MyMedicals, where applicable).

4.2Medication reminders, schedules, and adherence history (core purpose)

We use Medication and Reminder Data to let you create medication entries and schedules, deliver reminders (including via in-app notifications and/or push notifications if enabled), and display your medication history and adherence records inside the App.

We use your reminder interactions (for example, marking a dose as taken, snoozing, or missing a reminder) to update adherence status, generate summaries, and keep your records accurate across sessions and devices where syncing is part of the Service.

4.3Prescription scanning and extraction (only if you choose to use it)

If you choose to use prescription scanning, we use Prescription Scan Data to extract and structure medication fields so you can more easily create medication entries and schedules. When you initiate scanning, prescription content (such as an image and/or relevant text) may be transmitted to the OpenAI API solely to perform the extraction you requested. We have configured our use of the OpenAI API so that our API inputs and outputs are not used to train or improve OpenAI models. The provider may retain limited API content for a limited period for security and abuse-prevention purposes as part of operating the API service. We use the scan result only to populate medication details and support reminder creation within MyMedicals.

4.4Storage, synchronization, and access across sessions

We use your User Content (such as uploaded prescriptions or medical documents, images, and notes), Medication and Reminder Data, and Account Data to store your information so you can access it later in the App. Where cloud storage/synchronization is part of the Service, we use these data categories to sync your records across devices and sessions associated with your account (for example, after reinstalling the App or signing in again).

4.5In-app sharing (only when you enable it)

MyMedicals supports in-app sharing so you can share selected information with a person you choose inside MyMedicals. We use Sharing Data to enable the sharing feature you turn on, display the shared view to the recipient(s) you selected, maintain sharing permissions, and allow you to revoke access. Sharing through this feature is limited to MyMedicals users (recipients must have a MyMedicals account), and the shared information is displayed inside MyMedicals rather than via public links.

4.6Service communications (non-marketing)

We use your contact details, authentication context, and notification settings to send essential service communications such as verification messages for account security and to deliver medication reminders via push notifications if you enable notifications on your device. We do not use your personal data to send third-party marketing communications or to show targeted advertisements.

4.7Support, account requests, and deletion handling

If you contact support, we use Support Communications and related account information to respond, troubleshoot issues, and fulfill your requests. We also use limited account and authentication information to verify identity for sensitive requests (for example, account deletion requests) and to process deletion requests initiated in-app or via our deletion web resource or support channel.

4.8Security, fraud prevention, and abuse prevention

We use Technical, Security, and Session Data to protect accounts and prevent unauthorized access, reduce fraud and abuse, investigate suspicious activity, maintain system integrity, and keep the Service reliable and available. We also use this information to debug errors, monitor performance, and respond to security incidents.

4.9Analytics and service improvement (no ads; no tracking)

We use Analytics Data and Diagnostics Data to understand how the App is used, evaluate performance and stability, improve usability, fix bugs, and reduce crashes. We do not use analytics identifiers for cross-app tracking or targeted advertising, and we do not share analytics data with data brokers.

4.10Legal compliance and protection of rights

We may process personal data as reasonably necessary to comply with applicable laws and lawful requests, enforce our Terms of Use, protect our rights and property, protect users and the public, and establish, exercise, or defend legal claims. We aim to limit such processing to what is necessary and proportionate to the purpose.

4.11Material changes to how we use data

If we make a material change to how we use personal data, we will update this Privacy Policy and, where required, provide appropriate notice and choices within the Service.

5.HOW WE SHARE / DISCLOSE YOUR DATA

5.0Overview

We do not sell your personal data or health-related information. We share, disclose, or otherwise make data available only in the limited situations described in this Section 5:

(A) sharing you intentionally initiate inside the App; (B) disclosures to service providers that help us operate the Service; and (C) disclosures for legal, safety, or business reasons.

5.1Sharing you intentionally initiate inside the App (in-app sharing / family sharing)

By default, your data is private and accessible only to you through your account. We disclose information to another person only when you intentionally use an in-app sharing feature and choose what to share and with whom. Sharing boundaries: in-app sharing is available only within MyMedicals. Recipients must have a MyMedicals account, and shared information is presented inside MyMedicals rather than through public links. Sharing remains active until you revoke it in the App. Scope of what may be shared: depending on what you select and the feature design, shared information may include medication schedules, reminder/adherence status, summaries, and other health-related information you choose to make visible to a recipient inside MyMedicals. Some shared views may be “view-only” for recipients (meaning they can view shared information but cannot edit your data). Screenshots and downstream control: we do not restrict screenshots at the device level. A recipient may capture screenshots or otherwise record what they can view.

You should share only with people you trust. Once another person views information (or captures it), we cannot control how they use it outside the App. Revoking sharing: you can revoke sharing at any time inside the App. After revocation, the recipient should no longer be able to access the shared view going forward within MyMedicals.

5.2Service providers we use to operate the Service

We use service providers to host infrastructure, deliver core functionality, maintain security, deliver notifications, provide analytics, and support users. These service providers may process personal data on our behalf and under our instructions to provide their services to us. We aim to (i) choose vendors that implement appropriate safeguards, (ii) limit access to what is necessary, and (iii) contractually require vendors to protect personal data and use it only to provide the contracted services. Service provider categories may include:

cloud hosting, storage, and infrastructure (to operate backend systems and store/sync data);
authentication and account security (to create accounts, authenticate logins, and secure sessions);
push notification delivery (to deliver medication reminders and service notifications);
analytics and performance measurement (to understand app usage and improve reliability); and
prescription scanning/extraction providers (only when you choose to use scanning). We do not authorize service providers to use your data for their own advertising purposes or to build advertising profiles about you for targeted advertising.

5.3Key providers used by MyMedicals (current build)

Based on the current implementation of MyMedicals, the Service may disclose data to the following providers for the purposes listed:

Amazon Web Services (AWS) Used for cloud hosting, storage, and identity/authentication services (including AWS Cognito). AWS may process account data, device/session data, medication/reminder data, and user content stored/synced through the Service to operate the backend systems under our instructions. Google / Firebase services (Firebase Analytics and Firebase Cloud Messaging) Firebase Analytics is used to measure app usage patterns and improve stability and user experience. Firebase Cloud Messaging (FCM) is used to deliver push notifications on Android. These services may process device/app identifiers (such as app instance identifiers and push tokens), usage events, diagnostics/performance signals, and notification delivery metadata required to provide these functions. Apple services (Apple Push Notification service — APNs) APNs is used to deliver push notifications on iOS. APNs requires a push token and notification routing information to deliver reminders to your device. Google Sign-In (only if you choose this sign-in method)

If you choose Google Sign-In, we receive authentication information necessary to verify your identity and create or access your MyMedicals account (for example, a unique account identifier and basic profile information provided as part of the sign-in flow). We use this only for account authentication and access management. OpenAI API (only if you choose to use prescription scanning/extraction) If you choose to scan/upload a prescription for extraction, prescription content (such as the image and/or relevant extracted text) is transmitted to the OpenAI API to perform the extraction you requested. This disclosure occurs only when you initiate scanning. We have contractually configured our OpenAI API usage so that our API inputs/outputs are not used to train or improve OpenAI models. OpenAI may retain API content for up to 30 days for abuse monitoring and security purposes as part of operating the API.

5.4Legal, safety, and compliance disclosures

We may disclose personal data if we reasonably believe disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or enforceable governmental request; (b) protect the rights, safety, and security of DEVRECON, our users, or the public; (c) detect, prevent, or address fraud, abuse, security incidents, or technical issues; or (d) establish, exercise, or defend legal claims. When feasible and lawful, we try to limit disclosures to the minimum data necessary for the relevant purpose.

5.5Business transfers

If DEVRECON is involved in a merger, acquisition, financing, reorganization, bankruptcy, dissolution, or sale/transfer of some or all of our business or assets, personal data may be disclosed as part of that transaction (for example, to advisors and a successor entity). In such cases, we will require appropriate confidentiality protections and, where required by law, provide appropriate notice.

5.6What we do not share and what we do not do

We do not sell personal data or health-related information. We do not share personal data with data brokers. We do not disclose personal data for third-party advertising purposes, and we do not use data collected in MyMedicals for cross-app tracking or targeted advertising.

6.SECURITY SAFEGUARDS

6.0Overview

We take the security of your personal data and health-related information seriously. We use administrative, technical, and organizational safeguards designed to help protect your information against unauthorized access, disclosure, alteration, loss, and destruction. Because MyMedicals can involve health-related information, we apply safeguards appropriate to the sensitivity of the data and the risks of processing.

6.1Encryption in transit (network security)

We protect data sent between the App and our servers (and between our servers and our service providers used to operate the Service) using HTTPS/TLS encryption. This helps protect information in transit from interception or tampering when transmitted over networks.

6.2Encryption at rest (storage security)

Where supported by the systems we use, we apply encryption at rest and other storage-layer protections designed to help protect data stored on servers and in managed cloud services. Access to protected storage and related secrets (such as keys/credentials) is restricted to authorized systems and personnel, and we design our environment so that sensitive information is not stored or handled in plaintext unnecessarily.

6.3Account and authentication safeguards

We apply safeguards designed to protect account access and reduce unauthorized use, including verification mechanisms during sign-up and account recovery (for example, OTP verification where applicable), password security controls (for example, storing passwords in hashed form where password-based sign-in is used; we do not store passwords in plain text), and session/account-integrity controls designed to detect and mitigate suspicious activity (for example, repeated failed login attempts or other signals that may indicate unauthorized access).

6.4Access controls and internal handling (least privilege)

We use access control measures intended to limit data access to authorized systems and personnel who need access to operate and support the Service. Safeguards include role-based access and permissions designed to limit access to the minimum needed for a job function (“least privilege”), along with controlled access to production systems.

We also design our support/admin processes to reduce unnecessary access to sensitive content. DEVRECON staff do not routinely view users’ stored medical content such as medication history, prescription images, or uploaded files. Administrative actions are generally limited to account-level operations (for example, assisting with login issues, responding to security/abuse concerns, and processing a verified account deletion request) and typically use identifiers such as email and/or phone number. Where appropriate, we maintain logging for sensitive administrative actions to support security review and investigations.

6.5Cloud infrastructure and vendor safeguards (contractual requirements)

We operate the Service using cloud infrastructure and managed services that provide security capabilities intended to protect applications and data. In addition, we contractually require our cloud providers and other service providers that process personal data on our behalf to implement appropriate technical and organizational security measures, maintain confidentiality, and process personal data only under our documented instructions to provide the contracted services.

6.6Application security, monitoring, and maintenance

We maintain operational safeguards intended to improve reliability and reduce security risk, such as monitoring for errors and abnormal activity patterns that may indicate misuse or security issues, logging needed to investigate and resolve incidents (while minimizing sensitive data in logs where feasible), patch and update practices (including updating dependencies and addressing security issues), and rate limiting and abuseprevention controls where appropriate to protect the Service.

6.7Data integrity and availability (recovery measures)

We use measures designed to maintain availability and integrity of the Service, which may include redundancy measures and recovery processes appropriate to the Service.

If encrypted backups or snapshots are used as part of operational resilience, data may persist for a limited period in those systems until overwritten or rotated out in the ordinary course. Details about deletion and retention are described in the Retention & Deletion section of this Privacy Policy.

6.8Your device security and your responsibilities (including biometrics)

Security also depends on how you protect your account and device. You are responsible for keeping your login credentials confidential and not sharing OTPs, using device-level protections (for example, PIN/biometrics) where available, keeping your device operating system and the App reasonably up to date, and using in-app sharing features only with people you trust.

If you enable device biometrics (for example, Face ID/Touch ID or Android biometrics) and your device is shared with another person who is enrolled in your device biometrics or otherwise able to unlock your device, that person may be able to access the App on that device. We cannot prevent access that occurs through your device’s authorized unlock mechanisms. If you share a device, you should disable biometrics for App access (if available), use a strong device passcode, and log out when appropriate.

6.9Reporting security issues to us

If you believe you have found a security vulnerability or suspect unauthorized access to your account, contact us immediately at:

support@mymedicals.life
management@devrecon.in Please include details that can help us investigate (for example, your account email, device type, and a description of what you observed). Do not publicly disclose suspected vulnerabilities before giving us a reasonable opportunity to investigate.

6.10Personal data breach notification

If we become aware of a personal data breach, we will take appropriate steps to investigate, contain, and remediate the incident and to reduce the risk of harm to affected individuals.

Where required by applicable law, we will notify:

affected users (Data Principals / data subjects) without undue delay, using the communication channel(s) associated with their account or another appropriate method; and
relevant regulators/authorities within the timelines prescribed by law. Depending on the jurisdiction and circumstances, those timelines may include notifying a supervisory authority/board within 72 hours of becoming aware of the breach, where feasible, and providing required details in phases if all information is not immediately available. Breach notices (where required) will be provided in clear language and will generally describe the nature of the breach, the likely consequences, the measures taken or proposed to address it, steps affected users can take to protect themselves, and a contact point for further information.

6.11No method is 100% secure

No security system is perfect. While we work to protect your information using safeguards designed to reduce risk, we cannot guarantee absolute security of data transmitted over the internet or stored on systems.

7.DATA RETENTION AND DELETION

7.0Overview

We keep personal data only for as long as we need it to provide the Service you requested, maintain security and reliability, comply with applicable legal obligations, resolve disputes, and enforce our agreements. We use time-based retention limits to reduce how much data we hold and to avoid keeping data longer than necessary. Retention can vary depending on the type of data, how you use the Service, and whether we must retain limited information for legitimate purposes such as security, abuse prevention, or legal compliance.

7.1Retention while your account is active

While your account is active, we retain the following categories of data:

Account and profile data. We retain your account profile, login identifiers, and settings for as long as your account remains active so you can sign in and use the Service. This includes the profile information you choose to provide (for example, blood group, dietary preferences/allergies, and other optional profile fields) and the date of birth you provide for eligibility verification (18+). Medication, reminder, and adherence data. We retain medication schedules, reminder configuration, and adherence history needed to provide the core functions of

MyMedicals (reminders, adherence tracking, and history views). In the current version of the Service, medication/reminder data and adherence history are subject to a rolling retention window of up to 6 months. This means older medication/adherence records may be automatically deleted as they fall outside the 6-month window, even if you continue using the Service. User content (uploads and notes). We retain the photos, documents/files (including prescriptions or other medical documents), and text entries/notes you upload or store in

the Service to provide storage, viewing, and (where applicable) synchronization. In the current version of the Service, user content is subject to a rolling retention window of up to 6 months, and older content may be automatically deleted as it falls outside that window. Notification-related data. We retain push notification tokens and notification preferences as needed to deliver reminders. Push tokens can change over time (for example, if your operating system refreshes them). We retain the current token(s) needed for notification delivery and remove or refresh tokens as necessary. Technical, security, and operational logs. We retain limited technical, security, and session data (for example, IP address, timestamps, device/app version, and security/session identifiers) for a limited period to protect accounts, prevent fraud/abuse, investigate incidents, and maintain Service reliability. We aim to minimize sensitive information in logs. As a general rule, we retain such logs for up to 90 days,

unless a longer period is necessary to investigate or address security incidents, comply with law, or establish, exercise, or defend legal claims. Analytics and diagnostics. We retain analytics and diagnostics data for a limited period to understand performance and improve the Service. We do not use analytics data for cross-app tracking or targeted advertising. Where we can, we configure analytics retention to minimize how long this data is kept.

7.2Inactive accounts

If your account shows no sign-in activity and no medical data updates for 12 months, we may delete your account and associated data to reduce the amount of personal data we retain. Where feasible and appropriate, we will attempt to provide notice to your registered email address before deleting an inactive account.

7.3Deleting your account (user-initiated)

You can request deletion of your account and associated data in either of these ways:

A) Inside the App (recommended). You can delete your account within the App (Account/Profile settings → Delete Account). After you confirm deletion, we delete your account and associated data from our active systems.
B) Outside the App (web or email). You can request deletion by emailing support@mymedicals.life from your registered email address. You may also use our deletion resource at https://mymedicals.life/delete-account, which provides a direct link to email our support team with the necessary request details pre-filled.
Security Requirement: To protect your account, you must send the request from the email address registered to your account. We cannot verify or process deletion requests from unregistered email addresses.
Verification: We may require a verification step (for example, replying to a confirmation email) before we complete deletion. Deletion timing:
For in-app deletion, deletion is designed to be processed immediately after you confirm.
For outside-app deletion requests, because they are processed manually, we typically acknowledge verified requests within 48 hours, and we complete deletion within 5 business days after verification. Account deletion is intended to be permanent and is not reversible once completed.

7.4What happens when you delete your account

When your account is deleted, we delete or de-identify personal data associated with that account from our active systems, including account/profile data, medication/reminder/adherence data, and user content stored with the account. After deletion, you should no longer be able to sign in or access the deleted data. Limited information may still remain for a limited period in security or operational logs, or where retention is required or permitted for legitimate purposes such as fraud/abuse prevention, security incident investigation, compliance with law, or dispute handling.

We retain only what is necessary for those purposes and restrict access to it.

Backups and disaster recovery: Our infrastructure may maintain encrypted backups, snapshots, or replicas for disaster recovery and business continuity. Deleted data may persist in these protected backup systems until the backup/snapshot is overwritten or rotated out in the ordinary course (typically days to a few weeks, depending on configuration). Backup data is access-restricted and is not used for routine operations. If

we restore from a backup as part of disaster recovery, we will re-apply deletions to any restored data promptly after restoration and, in any event, within 30 days.

If you used prescription scanning/extraction, a third-party service provider involved in that processing (OpenAI) may retain limited API content for up to 30 days for security and abuse-prevention purposes as part of operating the API service. This provider retention is separate from our internal account deletion process, and we cannot force immediate deletion of the provider’s abuse-monitoring logs within that retention window.

7.5Deletion of specific items without deleting your account

You can delete certain items (for example, specific medications, reminders, or uploaded files) from within the App. When you delete items, we remove them from your active view and delete them from active systems associated with your account, subject to the same limited exceptions described above for security, legal compliance, and dispute handling.

7.6De-identified and aggregated data

We may retain de-identified or aggregated data (which does not reasonably identify you) for analytics, service improvement, security, and operational purposes, where permitted by law. De-identified or aggregated data is not used to identify you and may be retained longer than identifiable personal data.

8.YOUR CHOICES & RIGHTS

8.0Overview

You have choices about how your data is used in MyMedicals, and you may have legal rights depending on where you live. This section explains (A) the controls currently available in the App and on your device, and (B) how to contact us to exercise privacy requests.

8.1Access, review, and update your profile (in-app controls)

You can access and edit most profile information directly in the App, including your name, date of birth, blood group, and optional fields such as address, height, weight, dietary preferences and/or allergies (including gluten-related preferences), and a profile picture (if you uploaded one). Keeping your information accurate helps ensure reminders and related features work correctly.

8.2Updating account identifiers (email/phone)

Your account may be linked to identifiers such as your email address and/or phone number (depending on how you signed up). The App may not allow you to change certain identifiers directly in-app. If you need to update your email address or phone number, contact us as described in Section 8.13. For security, we may need to verify your identity before making identifier changes.

8.3Know what data we have / request access, a copy, or portability

You can request information about the personal data we process about you and request a copy of your data.

We do not currently offer a self-serve “download/export my data” feature inside the App. However, you may request a copy of your data by contacting us as described in Section 8.13. Where applicable and technically feasible, we will provide a copy in a structured, commonly used, machine-readable format (for example, CSV or JSON). For security, we may require identity verification before providing a copy.

8.4Correct, complete, or update information

If you believe information associated with your account is inaccurate or incomplete, you can (A) update it inside the App where editing is available (see Section 8.1) and/or (B) contact us to request correction, completion, or updating (see Section 8.13). We may ask you to verify your identity before processing correction requests.

8.5Control notifications (device settings)

MyMedicals may send reminders using your device’s notification services. Notification permissions, sounds, and alert styles are controlled through your device settings (iOS/Android notification settings). If you disable notifications at the device level, reminders may not be delivered.

8.6Control device permissions (camera/photos)

Certain features (such as uploading files/photos or scanning prescriptions) may require device permissions (for example, camera access or photo library access). You can typically grant, deny, or revoke these permissions through your device settings at any time. If you revoke a permission, related features may not work as intended.

8.7Control Family Sharing (optional)

Family Sharing is optional and off by default. If you enable it, you can share only with a person who has a MyMedicals account, and you can revoke sharing at any time inside the App by removing the family member. After revocation, access should stop going forward and the shared user should no longer appear in the recipient’s Family Sharing section.

Important: We do not restrict screenshots. People you share with may capture screenshots of what they can view. Share only with people you trust.

8.8Control prescription scanning (optional) and withdraw consent

Prescription scanning (if available) is optional. If you do not want to use scanning, you can avoid using that feature and use manual entry workflows where available.

If scanning or a similar sensitive feature relies on your consent, you may withdraw your consent by stopping use of that feature and/or by deleting your account (see Section 8.10).

8.9Analytics and service improvement (current approach)

We use analytics and diagnostics data to understand app performance and improve reliability and user experience.

We do not sell your personal data. We do not use your personal data for targeted advertising. We do not use identifiers collected from this App for cross-app tracking or advertising measurement, and we do not share your personal data with data brokers.

If you prefer not to have your data processed for service improvement, you can stop using the Service and delete your account (see Sections 8.10 and 8.11). Some platform privacy controls may limit certain identifiers; however, platform controls may not affect operational analytics needed for the Service to function securely and reliably.

8.10Delete your account

You can request deletion of your account in either of these ways:

A) Inside the App (recommended): Profile → Account → Delete Account
B) Outside the App: Use our account deletion resource at https://mymedicals.life/delete-account or email support@mymedicals.life from your registered email address (we may request confirmation before proceeding). Timing: After you initiate deletion and any required verification is completed, we aim to complete verified deletion requests within 5 business days. Account deletion is intended to be permanent and is not reversible once completed. Account deletion and what happens after deletion (including limited retention for legitimate purposes and backup/disaster recovery cycles) are described in the “Data Retention & Deletion” section of this Privacy Policy.

8.11Stop using the Service / withdraw consent

You can stop using the Service at any time by uninstalling the App. Uninstalling the App does not delete your account or data stored on our systems.

If you want your account and associated data deleted, you must submit an account deletion request (see Section 8.10).

Where we rely on your consent for optional features (for example, enabling Family Sharing or using prescription scanning), you can withdraw consent by disabling or stopping use of the optional feature (where controls exist) and/or deleting your account.

8.12Your legal rights may vary by location

Depending on where you live and applicable law, you may have rights such as:

the right to access information about your personal data and how it is processed;
the right to receive a copy of your personal data (and, where applicable, a portable copy in a machine-readable format);
the right to correct, complete, or update your personal data;
the right to request deletion/erasure of your personal data (subject to limited retention for legitimate purposes and/or legal compliance);
the right to withdraw consent for certain processing (where consent is the legal basis);
the right to object to or restrict certain processing in some jurisdictions;
the right to lodge a complaint with a relevant authority (where applicable); and
the right to nominate another individual to exercise your rights in the event of your death or incapacity (where applicable law provides such a right). In India, subject to applicable law and prescribed procedures, you may have rights that include: obtaining a summary of personal data being processed and related processing activities; obtaining the identities of other data fiduciaries and data processors with whom your personal data has been shared (subject to lawful exceptions); requesting correction/completion/updating and erasure; grievance redressal; and the right to nominate an individual to exercise your rights in the event of your death or incapacity.

8.13How to exercise your rights / contact us

To request access, a copy/portability export, correction, deletion, nomination, or to raise a privacy concern, contact us at:

Support: support@mymedicals.life Privacy & escalations: management@devrecon.in To help us process your request, please include:

the email address (and phone number, if applicable) associated with your MyMedicals account;
the type of request you are making (access, copy/export, correction, deletion, nomination, etc.); and
relevant details (for example, what information you want corrected, what data you want included in an export, or nominee details if requesting nomination). Identity verification: For security and to prevent unauthorized requests, we may need to verify your identity before processing certain requests (especially access/export, nomination, or deletion requests). For nomination-related requests (or requests made by a nominee), we may require proof appropriate to the request (for example, documentation supporting authority in the event of death or incapacity). Response timing: We aim to acknowledge requests promptly (typically within 48 hours). We aim to complete most access/copy/correction requests within 14 days, and no later than 30 days unless a longer period is permitted by applicable law due to complexity or volume; if an extension applies, we will notify you. Verified account deletion requests are handled under the timing described in Section 8.10.

8.14Grievance / escalation

If you are not satisfied with how we addressed a privacy request, you can escalate by emailing management@devrecon.in with “PRIVACY ESCALATION” in the subject line. For the purposes of the Digital Personal Data Protection Act, 2023, the designated Grievance Officer is:

Grievance Officer: Rama Sundari Kari (Director, DEVRECON Softwares Private Limited) Email: management@devrecon.in Postal Address: 402, 4th floor, Sri Sai Raghava Residency, Balaji Nagar, Kukatpally, Hyderabad, Telangana 500072, India

9.CHILDREN AND MINORS

9.1Adults-only Service (18+)

MyMedicals is intended for adults. You must be at least 18 years old to create an account or use the Service. We do not permit anyone under 18 to register for or use MyMedicals. If you are under 18, do not use the Service and do not provide any personal data or health-related information through it.

9.2Age assurance at sign-up (date-of-birth check)

To enforce the adults-only requirement, we ask for your date of birth during registration and use it to confirm you meet the minimum age requirement. If the date of birth entered indicates you are under 18, account creation is blocked. If we become aware (or reasonably suspect) that an account is being used by someone under 18, we may suspend the account to prevent further processing while we take steps to resolve the issue, including deletion as described below.

9.3If we learn a minor has provided personal data

If we learn that we have collected or processed personal data of a person under 18 (including health-related information), we will take appropriate steps to stop processing and delete the account and associated data in accordance with this Privacy Policy’s retention and deletion terms, subject only to limited retention where strictly necessary for security, fraud/abuse prevention, or legal compliance.

9.4No child-directed advertising or tracking

MyMedicals is not designed or marketed for children. We do not sell personal data, and we do not use personal data for targeted advertising or cross-app tracking. We do not run child-directed advertising experiences.

9.5Contact for child-related concerns (parents/guardians)

If you are a parent or legal guardian and believe that a person under 18 has used MyMedicals or provided personal data, contact us so we can investigate and take appropriate action (including deletion). You can reach us at support@mymedicals.life or management@devrecon.in. For security, we may need to verify the requester’s identity and relationship to the account holder before taking action on sensitive requests.

10.INTERNATIONAL DATA TRANSFERS

10.0Overview

MyMedicals is operated by DEVRECON Softwares Private Limited. Because the Service uses cloud infrastructure and support operations that may span multiple jurisdictions, your personal data (including health-related information you choose to store) may be stored, accessed, and processed in countries other than the country where you live.

10.1Primary hosting location and your acknowledgement/consent to transfer

As of the Effective Date / Last Updated date of this Privacy Policy, we store and process most user data on cloud infrastructure hosted in AWS EU-West (Europe / Ireland region).

Some information may also exist locally on your device (for example, cached content or locally stored images), depending on how you use the App and your device settings.

By creating an account or using the Service, you acknowledge that your personal data may be transferred to, stored in, and processed in the locations described in this Section 10, including outside India. Where applicable law requires it, you consent to such cross-border transfer and processing for the purposes described in this Privacy Policy.

10.2Cross-border access by DEVRECON (operations and support)

To operate, secure, and support the Service, authorized DEVRECON personnel may access production systems remotely from locations where they work (including India). When such access occurs, it may involve cross-border transfer or remote access to personal data. We limit and monitor access using role-based permissions, least-privilege principles, and access logging where appropriate, as described in the Security Safeguards section.

10.3International processing by service providers

Some of our service providers operate global infrastructure. Even where our primary hosting region is in the EU (Ireland), certain processing may occur in other countries depending on provider architecture, routing, redundancy, and service configuration.

Examples include: delivery of push notifications through platform notification services (APNs for iOS and FCM for Android), authentication events through sign-in providers when you choose those options, and optional prescription scanning/extraction processing when you initiate scanning.

10.4What international transfers mean for you, and who remains responsible

If your data is processed in another country, the data protection laws of that country may differ from the laws of your home jurisdiction. DEVRECON remains responsible as the operator of the Service (and, where applicable, the Data Fiduciary/Data Controller) for the processing described in this Privacy Policy regardless of where the processing takes place, and we require appropriate safeguards to protect your data consistent with this Policy.

10.5Compliance with India cross-border transfer rules

Transfers of personal data outside India are subject to applicable Indian law. Where required, we will comply with any restrictions or conditions notified by the Government of India relating to cross-border transfers.

10.6Changes to hosting regions and transfer practices

If we make material changes to our primary data hosting location(s) or to how international transfers occur, we will update this Privacy Policy and revise the “Last Updated” date.

10.7Contact

If you have questions about where your data is stored or how international transfers work, contact us at support@mymedicals.life or management@devrecon.in.

11.CHANGES TO THIS PRIVACY POLICY

11.1Why we update this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our privacy practices, the features available in the Service, the service providers/SDKs we use to operate the Service, our security controls, or applicable legal requirements. Our goal is to keep this Privacy Policy accurate, clear, and consistent with how MyMedicals actually works.

11.2How we publish updates (where to find the latest version)

When we update this Privacy Policy, we will publish the updated version at our public Privacy Policy URL: https://mymedicals.life/privacy-policy, and we will update the “Last Updated” date at the top of the Policy. We will also keep the in-app link to this Privacy Policy current so you can review it from within the App.

11.3Notice of material changes

If we make material changes, we will provide notice in a reasonable way before the change takes effect (or as required by law). Material changes typically include changes such as collecting new categories of personal data (especially health-related or other sensitive data), sharing data with new types of third parties, using data for new purposes that are not compatible with the purposes described in this Policy, making significant changes to retention/deletion practices, or making significant changes to international transfers.

Notice may be provided by in-app notice and/or email to the address associated with your account (if available and deliverable). Where applicable law requires it, we will obtain any required consent before processing your personal data in a materially different way. If you do not want to continue under an updated Privacy Policy, you can stop using the Service and request account deletion as described in this Privacy Policy.

11.4Keeping app store disclosures consistent

App stores require that developer disclosures remain accurate and up to date. When our privacy practices change, we will also update relevant store disclosures where applicable, including Apple App Store privacy details (App Store Connect “App Privacy Details”) and Google Play disclosures (including the Play Console privacy policy link and related disclosures), so they remain consistent with how the App accesses, collects, uses, and shares user data.

11.5Effective date and your continued use

Unless we state otherwise, an updated Privacy Policy becomes effective on the “Last Updated” date shown at the top of the Policy and when it is published at https://mymedicals.life/privacy-policy.

12.CONTACT, GRIEVANCE REDRESSAL, AND GOVERNING LAW

12.1Contact details (DEVRECON Softwares Private Limited)

If you have questions about this Privacy Policy, want to exercise your choices/rights, need support, want to report a security issue, or want to raise a privacy concern, you can contact us at:

Support: support@mymedicals.life Privacy & escalations: management@devrecon.in Postal address (Registered Office):

DEVRECON Softwares Private Limited 402, 4th floor, Sri Sai Raghava Residency Balaji Nagar, Kukatpally Hyderabad, Telangana 500072 India To help us respond faster, please include the email address (and phone number, if applicable) associated with your MyMedicals account and a clear description of your request (for example: access request, correction request, deletion request, portability/export request, nomination request, or privacy concern). For security and to prevent unauthorized requests, we may need to verify your identity before processing certain requests, especially access/export, nomination, and deletion requests.

12.2Grievance redressal (India)

If you have a complaint or grievance about how we process your personal data, you may contact us by emailing management@devrecon.in with the subject line: “PRIVACY GRIEVANCE – MyMedicals”.

Designated Grievance Officer: Rama Sundari Kari (Director, DEVRECON Softwares Private Limited) Email: management@devrecon.in Postal address: DEVRECON Softwares Private Limited, 402, 4th floor, Sri Sai Raghava Residency, Balaji Nagar, Kukatpally, Hyderabad, Telangana 500072, India We aim to acknowledge grievances within 48 hours and to resolve them as promptly as possible; complex cases may take longer. Where applicable law prescribes a specific response timeline for grievances, we will respond within that prescribed timeframe.

Where applicable, you may have the right to escalate an unresolved grievance to the appropriate authority after you have first used our internal grievance redressal process.

12.3Governing law and jurisdiction

This Privacy Policy is governed by the laws of India. Subject to applicable law, the courts located in Hyderabad, Telangana, India will have jurisdiction over matters arising out of or relating to this Privacy Policy.