MedCoreLegal

Data Processing Notice

Effective 28 May 2026

This notice describes the technical and contractual arrangement under which MedCore Health (“Processor”) handles personal data on behalf of a treating hospital or clinic (“Fiduciary”) — including the sub-processors involved, the security controls in place, and the breach-notification commitments we make under the DPDP Act, 2023.

1. Roles

  • You are the data principal — the person whose data is being processed.
  • Your hospital is the data fiduciary — it determines why and how your medical record is created and maintained.
  • MedCore is the data processor — we operate the software platform under a written agreement with the hospital, and we process your data only on its documented instructions.

2. Categories of data processed

  • Identity + contact details (name, MRN, phone, email, address).
  • Clinical records (diagnoses, prescriptions, lab, imaging, vitals).
  • Financial records (bills, payments, claims).
  • Authentication and audit logs (login times, IP, device, actions taken).
  • When you opt in: ABHA number / address, linked under ABDM’s consent framework.

3. Purposes

  • Care delivery — bookings, consultations, prescriptions, diagnostics.
  • Revenue cycle — bills, payments, insurance claims.
  • Communication — appointment reminders, report-ready alerts, receipts.
  • Statutory compliance — record retention under NMC / NABH / DPDP.
  • Safety + integrity — audit logging, fraud detection, anomaly monitoring.

4. Sub-processors

The following third parties may process limited categories of data on our behalf, each under a written agreement that mirrors our own DPDP obligations:

  • AWS (ap-south-1, Mumbai) — infrastructure hosting and object storage. All data at rest is encrypted with AES-256.
  • Razorpay — payment processing for hospital bills. Card and UPI credentials never touch MedCore servers.
  • Sarvam AI (India) — Indian-region LLM used for triage, summarisation, and translation. Receives only de-identified content.
  • OpenAI (US) — vision-capable LLM used for radiology drafting. Identifiers (name, MRN, phone, address) are stripped before any image or text leaves our servers.
  • SendGrid (Twilio) — transactional email delivery (receipts, reminders).
  • Firebase Cloud Messaging (Google) — push notification delivery to the patient PWA.
  • Sentry — error and performance monitoring. PHI is scrubbed by the client SDK before transmission.
  • ABDM Gateway (Govt. of India) — only when you explicitly link your ABHA and consent to record exchange.

The current sub-processor list is maintained at this URL. We give at least 30 days’ notice before adding a new sub-processor in a way that materially changes the data flow.

5. Security measures

  • TLS 1.3 in transit; AES-256 at rest.
  • Role-based access control: every clinician sees only what their role + tenant context allows.
  • Multi-tenant isolation enforced at the database query layer (Prisma extension), not just at the application layer.
  • Append-only audit log — every read or write of clinical data is recorded and tamper-evident.
  • httpOnly JWT cookies + double-submit CSRF token on every mutation.
  • Automated dependency vulnerability scanning, with high/critical patches applied within 7 days.
  • Penetration testing by an independent firm at least annually; report summary available to enterprise customers on request.

6. Data location and transfers

Primary storage and backups are located in AWS ap-south-1 (Mumbai). Cross-border transfers occur only to the sub-processors listed in section 4 and only with the identifier stripping described there.

7. Retention

  • Clinical records: per your hospital’s NABH retention schedule.
  • Audit logs: 7 years.
  • Operational telemetry: 90 days.
  • On termination of the hospital’s contract with MedCore, data is exported back to the hospital within 60 days and then securely deleted from MedCore systems.

8. Personal data breach notification

If we become aware of a personal data breach affecting your information, we will notify the data fiduciary (your hospital) without undue delay, and in any event within 72 hours of awareness. The hospital is then responsible for notifying you and the Data Protection Board of India in line with section 8(6) of the DPDP Act.

9. Your rights — how requests are routed

Because the hospital is the fiduciary, DPDP rights requests (access, correction, erasure, withdrawal of consent, nomination) are usually directed to the hospital. If you contact MedCore directly we forward your request to the relevant hospital within 5 business days and confirm the routing back to you.

10. Contact


Email: support@medcore.software
Postal address: MedCore Health Technologies Pvt. Ltd., 4th Floor, Prestige Atlanta, Koramangala, Bengaluru 560034, India.