Privacy Policy
Privacy Policy for Medirove
Effective date: May 8, 2026
This Privacy Policy explains how CUES SIMPLIFY IT SERVICES PRIVATE LIMITED, a private limited company registered in India, collects, uses, discloses, stores, and protects personal information when you use Medirove. Medirove helps users organize family medical reports, generate AI-assisted summaries, chat about saved reports, and prepare doctor-ready PDF summaries.
1. Who we are
Operator and Data Fiduciary: CUES SIMPLIFY IT SERVICES PRIVATE LIMITED. Registered address: Innov8 UCP, 9th Floor, Tower D, Unitech Cyber Park, Sector 39, Gurugram, Haryana - 122001, India. Contact: anil@csimplifyit.com.
2. Medical notice
Medirove is not a medical device and does not diagnose, treat, cure, or prevent any medical condition. Medirove does not replace advice from a qualified healthcare professional. Always consult a qualified doctor or healthcare professional for medical advice, diagnosis, or treatment. If you may be experiencing a medical emergency, contact local emergency services or go to the nearest emergency medical facility.
3. Personal data we collect
We may collect account information such as name, email address, profile image, login provider, authentication identifiers, and security/session information when you sign in with Google or Apple.
We collect information you provide in Medirove, including family member names, relationships, dates of birth, notes, uploaded medical reports, report images, report metadata, extracted report context, generated summaries, report chat messages, selected summary types, PDF downloads, and sharing actions you initiate.
Uploaded reports and report chats may contain health information, medication details, diagnoses, test results, appointment notes, provider details, and other sensitive personal information. Please upload only information you are authorized to upload.
We may collect technical and security information such as device type, browser type, IP-derived region, pages viewed, referrer, cookie choices, app version, API requests, error logs, and security/audit events.
4. How we use personal data
We use personal data to create and secure accounts, organize family profiles, store and retrieve reports, generate summaries, enable report chat, create PDF downloads, detect duplicate uploads, send service emails, respond to support requests, troubleshoot errors, protect the service, comply with law, and honor privacy requests.
We do not sell medical reports or health data. We do not use private medical report content for advertising.
5. Health-data consent
We ask for consent before processing medical reports, health information, and AI-related features. Where you upload records for another person, you must confirm that you have permission or legal authority to manage that person's records. For children under 18, a parent or lawful guardian must provide consent.
More detail is available in our Health Data Consent Notice.
6. AI processing
Medirove may send uploaded report files, extracted text, prompts, and related context to AI service providers, including OpenRouter or configured model providers, to generate summaries, embeddings, provider extraction, and report chat answers. AI outputs may be incomplete or incorrect and are not medical advice, diagnosis, treatment, or a substitute for a qualified clinician.
We do not permit AI providers to train general models on Medirove patient data unless that future use is clearly disclosed, consented to, and reviewed by our legal and security teams.
7. Cookies, analytics, and ads
Essential cookies support sign-in, security, fraud prevention, and user choices. Optional analytics and advertising cookies are controlled by the cookie banner and the Cookie Policy. We configure Google consent signals so optional analytics and advertising storage are denied until you make a choice.
Where you allow optional cookies, Google Tag Manager, analytics, and advertising technologies may help us understand site performance and support ads on public and selected dashboard surfaces. Health content should not be sent to analytics or advertising systems.
8. Sharing and service providers
We may share personal data with service providers that help operate Medirove, including hosting, secure storage, authentication, AI model access, email delivery, payments, analytics, advertising, security, and support tools. Hosting and storage are intended to run on AWS in the India region, such as ap-south-1 Mumbai or another India region. Other providers may process data in India, the United States, or other countries where they operate.
Our current service-provider overview is available at Subprocessors and Service Providers. We may also disclose information when required by law, to protect users or Medirove, to enforce our terms, or in connection with a business transfer.
If you choose to share a report or summary by email or your device share sheet, you are responsible for choosing recipients carefully. Once shared outside Medirove, the recipient's handling of that information may be outside our control.
9. Retention and deletion
We keep account, family member, report, summary, chat, consent, support, and security data only as long as needed to provide the service, comply with law, protect security, resolve disputes, and honor user rights. We may retain backups and logs for a limited period after deletion requests.
Account and data deletion details are available at Account and Data Deletion.
10. Service shutdown
If Medirove plans to permanently shut down the service or stop storing user medical records, we will make reasonable efforts to give users at least 30 days' notice by email, in-app notice, website notice, or another appropriate channel. During the notice period, users should download or export available records and may request deletion of their account and associated data.
After shutdown, we will delete or de-identify medical reports, report metadata, extracted report text, AI summaries, report chats, generated PDFs, and other health workspace data from active systems unless limited retention is required for legal, security, fraud prevention, dispute, payment, audit, deletion proof, backup expiry, or similar obligations. We will not sell user medical records as a standalone asset.
11. Your choices and rights
Depending on applicable law, you may request access, correction, deletion, withdrawal of consent, information about processing, or grievance review. Contact anil@csimplifyit.com or use in-app privacy controls where available.
Marketing and newsletter emails include an unsubscribe link. You may still receive essential account, security, billing, or service messages.
12. Security
We use administrative, technical, and organizational safeguards designed for sensitive health data, including encryption in transit, access controls, secure token handling, audit logs, restricted staff access, and vendor review. No online service is completely secure. You are responsible for keeping your login account and device secure.
More detail is available in our Security Overview.
13. Children
Medirove is intended for adults. A parent or lawful guardian may manage family records for a child where lawful and authorized. We do not knowingly allow children to create independent accounts without an appropriate child account and consent flow.
14. International transfers
We are based in India, and core hosting/storage is intended for AWS India regions such as ap-south-1 Mumbai or another India region. Some authentication, AI, email, payment, analytics, advertising, support, or security providers may process information in other countries where they operate. These countries may have data protection laws different from your country. We use contractual, technical, and organizational safeguards appropriate for health data.
15. Changes
We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users or highlight the updated policy.
16. Contact
Questions, requests, or complaints can be sent to CUES SIMPLIFY IT SERVICES PRIVATE LIMITED at anil@csimplifyit.com or by mail to Innov8 UCP, 9th Floor, Tower D, Unitech Cyber Park, Sector 39, Gurugram, Haryana - 122001, India.