Medidesh Logoমেডিদেশ
ফিচারসমাধানপ্রাইসিংপ্রশ্নোত্তর

Privacy Policy for Medidesh

Medidesh (“we”, “our” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Medidesh (“the App"), which includes Inventory Management, Point of Sale (POS), and Medicine Search functionalities.

This Policy is drafted in accordance with the Digital Security Act 2018 (Bangladesh), the Personal Data Protection Act (Bangladesh), and the General Data Protection Regulation (GDPR) for international users.

1. Data Controller

The entity responsible for the processing of your data is: Medidesh, Gazipur, Bangladesh, info.support@medidesh.com

2. Information We Collect

We collect data to facilitate business operations (Inventory/POS) and healthcare accessibility (Medicine Search)

2.1. Personal Identification Information (PII)

  • Account Registration: Name, Phone Number, Email Address, Pharmacy/Business Name, Trade License Number (for pharmacists/merchants).
  • Verification Data: National ID (NID) or Passport copies (if required for regulatory compliance for pharmacy owners).

2.2. Business & Financial Data (Inventory & POS)

  • Inventory Data: Drug names, stock levels, batch numbers, expiry dates and supplier details entered into the system.
  • Transaction Data: Sales records, customer receipts, pricing margins, and profit/lost statements generated via the POS system.
  • Customer Data (Third-Party): If you (the Pharmacist/Merchant) enter your customer’s details (e.g. for invoicing or credit purchase), you warrant that you have obtained their consent to process this data.

2.3. Health & Sensitive Data (Medicine Search)

  • Search Queries: Keywords used in the medicine search bar (e.g., specific drug names, symptoms).
  • Prescription Data: If the App allows uploading prescriptions, we collect images and metadata of these documents.
  • Health Usage: Frequency of searches for specific therapeutic categories.

2.4. Device & Technical Data

  • Device Information: IP address, device model, Android OS version, unique device identifiers (IMEI/ADID).
  • Location Data: Coarse location (City/Town/Region) for analytics; Precise location (GPS) only if required for delivery features with explicit permission.

3. How we use your information

We use your data for the following “Lawful Purposes”

  • Service Provision: To sync inventory across devices, calculate POS totals, and return accurate medicine search results.
  • Safety & Verification: To verify that the entity using the POS is a legitimate business/pharmacy (preventing illicit drug trade).
  • Analytics: To analyze demand for specific medicines in different regions (aggregated and anonymized).
  • Legal Compliance: To comply with Bangladesh Drug Administration regulations regarding the sale of scheduled drugs.

4. Device Permissions

To provide specific features, Medidesh app requires certain permissions on your device:

4.1. Camera Permission

Medidesh app uses your device's camera to allow you to capture and upload images of prescriptions, medical reports, or your profile picture directly within the app. We do not record or store images without your explicit action.

4.2. Bluetooth Permission

The app utilizes Bluetooth connectivity to pair with and print receipts via compatible thermal printers and to connect with supported medical devices for health data integration. Bluetooth is used solely for these connection purposes.

5. Data Sharing and Disclosure

We do not sell your personal data. We disclose information only in the following strict circumstances:

  • Service Providers: We may share data with cloud hosting providers (e.g., AWS, Google Cloud) and payment gateways (e.g., bKash, Nagad, SSL Commerz) solely to process payments and host data.
  • Legal Requirements: We may disclose information if required to do so by the Bangladesh Cyber Tribunal, Law Enforcement Agencies (under Section 30 of the Digital Security Act), or a court order.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business to another company.

6. Data Retention Policy

  • Active Accounts: We retain your inventory and POS data for as long as your account is active to ensure business continuity.
  • Deleted Accounts: Upon account deletion request, we will permanently delete your personal data within 30 days, unless a longer retention period is required by tax law (for POS transaction records).
  • Health Data: Search history is anonymized after 90 days.

7. Data Security

We implement robust security measures:

  • Encryption: All data transmitted between the App and our servers is encrypted using TLS 1.2/1.3 protocols. Database entries for sensitive health data are encrypted at rest.
  • Access Control: Strict role-based access control (RBAC) ensures only authorized personnel can access server data.

8. International Data Transfers

For users outside Bangladesh:

  • We process data in compliance with the GDPR.
  • If we transfer data outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) or adequacy decisions.
  • By using the App, you consent to the transfer of your data to servers located in Bangladesh, Dhaka.

9. Your Rights (User Control)

Depending on your jurisdiction, you have the following rights:

  • Right to Access: You can request a copy of the inventory/sales data we hold.
  • Right to Rectification: You can edit incorrect inventory or profile details directly in the App.
  • Right to Erasure: You can request the deletion of your account and associated data via [Settings > Delete Account] or by emailing us.
  • Right to Withdraw Consent: You may revoke camera/storage permission in your device settings at any time.

10. Children’s Privacy

This App is intended for businesses and adults. We do not knowingly collect data from children under the age of 13 (or 18 in jurisdictions where the age of majority is older). If we discover a child has provided us with personal data, we will delete it immediately.

11. Change to this Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting new policy on this page and update the “Effective Date”. Continued use of the App constitutes acceptance of the changes.

12. Contact us & Grievance officer

In accordance with the Information Technology laws of Bangladesh, if you have any questions or grievances, please contact: info.support@medidesh.com

Designation: Privacy Compliance Officer