Privacy Policy

ClearMed is a healthcare cost transparency platform operated in India. We help patients compare verified hospital costs, read patient reviews, and make informed healthcare decisions. Our registered address is available on request.

Data Controller: ClearMed Health Technologies Pvt. Ltd.

Contact: privacy@clearmed.online

We collect the following categories of personal data:

Account Data: Name, email address, phone number, and city when you register.

Bill Data: Hospital bill documents you upload. We immediately apply automated PII removal (strips name, Aadhaar, PAN, phone, address) before storing any extracted data. Original documents are deleted within 24 hours of processing.

Usage Data: IP address (hashed for analytics), device type, pages visited, search queries. We do not use persistent tracking cookies.

Review Data: Text reviews, ratings, and treatment feedback you voluntarily submit.

Referral Data: Referral codes used and referral relationships.

We use your data for:

• Providing the ClearMed platform and services

• Processing and anonymizing uploaded hospital bills

• Sending transactional notifications (bill status, points earned)

• Calculating aggregate cost statistics (your individual data is never shown)

• Improving platform accuracy and ClearMed Score algorithm

• Complying with legal obligations under the DPDP Act 2023

We do NOT use your data for targeted advertising. We do NOT sell your data to third parties. We do NOT share individually identifiable data with hospitals or insurers.

We retain data for the following periods:

• Verified bill data (anonymized): 5 years

• Patient reviews: 3 years

• Account data: Until deletion requested

• Symptom search queries: 12 months

• Notification logs: 90 days

• Audit logs: 7 years (regulatory requirement)

After retention periods expire, data is automatically purged during our weekly retention job.

As a data principal under India's DPDP Act 2023, you have the right to:

• Access: Request a copy of all personal data we hold about you

• Correction: Request correction of inaccurate data

• Erasure: Request deletion of your personal data (processed within 30 days)

• Grievance Redressal: Contact our Data Protection Officer

• Nominee: Designate a nominee to exercise rights in the event of death or incapacity

Exercise your rights at: privacy@clearmed.online or via the Data Erasure Request form on our platform.

When you upload a hospital bill, our automated system immediately applies multi-layer PII detection and removal before any data is stored:

• Patient name detection (title-based NLP)

• Phone number patterns (Indian formats)

• Aadhaar number detection

• PAN card numbers

• Email addresses

• Patient IDs and medical record numbers

• Insurance policy numbers

• Date of birth

• Street addresses

The original uploaded file is used only for OCR processing and deleted within 24 hours. Only the anonymized, structured cost data is retained.

We implement security measures including:

• HTTPS/TLS 1.3 encryption in transit

• Encrypted database storage

• Admin 2FA (TOTP) for all staff accounts

• OWASP Top 10 security controls

• Rate limiting and DDoS protection

• File type validation and malware scanning

• Role-based access control with audit logging

• Regular security reviews

We use minimal, essential cookies only:

• Session cookie: Keeps you logged in during a visit

• Preference cookie: Remembers your selected city

We do NOT use advertising cookies, tracking pixels, or third-party analytics cookies that profile you across websites. You can disable cookies in your browser, though some features may not work.

Data Protection Officer: grievance@clearmed.online

General Privacy: privacy@clearmed.online

Response time: 72 hours acknowledgement, 30 days resolution

If unsatisfied with our response, you may file a complaint with India's Data Protection Board (once operational under DPDP Act 2023).