Effective Date: 30 April 2026 | Version 2.0
Medbed is a healthcare information platform operated by EmpathMed Solutions Pvt. Ltd. ("Company", "we", "us"), CIN: U62013MH2024PTC427092. This policy explains what data we collect, why, and the choices you have. We are committed to compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable data protection laws in India.
Patients do not create accounts. We do not ask for or store your name, email, phone number, Aadhaar number, or any government-issued identification. We do not sell personal data to any third party.
On first launch, the app generates a random unique identifier (UUID) stored locally on your device. This identifier is used to maintain your conversation session, manage booking requests, and record your consent. It is not linked to your identity, phone number, or any personal information. If you delete the app's data or uninstall the app, this identifier is permanently erased.
Before using the app, you are presented with a consent screen that explains our data practices. Your consent is recorded with a timestamp and version number. You may revoke consent at any time through Settings → Delete My Data, which will:
The app requests permission to access your device's GPS location to find hospitals near you and calculate distances. Location data is transmitted over HTTPS to our servers solely to process your hospital search query. We do not store your location history, track your movements, or collect background location data. You can deny or revoke location permission at any time in Android Settings. Without location permission, the app still functions but cannot show nearby hospitals.
The app offers voice input as an alternative to typing symptoms. When you hold the microphone button, audio is recorded locally on your device. Upon release, the audio is encoded, transmitted securely to our servers for speech-to-text processing, and immediately discarded after the transcript is generated. We do not store audio recordings. You can deny or revoke microphone permission at any time; text input remains fully available.
Your symptom descriptions (text or voice transcripts) are processed by AI to match you with appropriate hospitals. Conversation content is stored anonymously (linked to your device UUID, not your identity) to maintain multi-turn conversation context during a single session. Conversations are not used for advertising, profiling, or any purpose other than providing hospital recommendations during your active session.
If you submit a booking request through the app, we transmit the following to the relevant hospital: your device UUID (anonymous), booking type (IPD/OPD), a summary of your symptoms (as described to the AI), and a booking token number. No personal identity information is shared with the hospital through the Platform. The hospital may request personal information separately during the visit. Booking records are stored on our servers linked to your device UUID and can be deleted via Settings → Delete My Data.
Hospital phone numbers and contact information displayed in the app are sourced from publicly available government health directories, hospital websites, and information voluntarily provided by hospitals during onboarding. We do not display personal mobile numbers of hospital staff. Hospitals may request correction or removal of their contact information by emailing support@empathmed.in.
Hospital staff access the Platform through administrator accounts. Administrator data (name, email, hospital association) is collected during onboarding and is used solely for authentication and Platform access. Administrator accounts can be deactivated upon request from the registered institutional email.
On Android 13 and above, the app requests notification permission at first launch. If granted, we may send notifications related to booking status updates (for patients) and triage alerts or booking requests (for hospital administrators). No marketing or promotional notifications are sent. You can revoke notification permission at any time in Android Settings.
We use Firebase Crashlytics to detect and fix stability issues. Crash reports include technical information about your device (model, OS version) and the error that occurred. They do not include conversation content, location data, or personal information. We collect aggregate, anonymous usage metrics to improve the Platform. These metrics are not linked to individual users.
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase Crashlytics | Crash reporting | Device model, OS version, crash stack traces |
| Firebase Cloud Messaging | Push notifications | FCM device token (anonymous) |
| OpenAI (GPT-4o) | AI symptom processing | Anonymized symptom text (no personal identifiers) |
| OpenAI (Whisper) | Speech-to-text | Audio data (ephemeral, not stored) |
| Google Maps | Directions | Hospital coordinates (public data) |
Data handled by these providers is governed by their own privacy policies in addition to this policy.
All data transmitted between the app and our servers uses HTTPS/TLS encryption. Authentication tokens for hospital administrators are stored locally on the device and are not backed up to cloud services. We follow the principle of minimal data collection.
Under the Digital Personal Data Protection Act, 2023, you have the right to:
The Platform is not directed at children under 18. Minors may use the Platform under the supervision of a parent or legal guardian. We do not knowingly collect personal data from children.
We may update this policy from time to time. Changes will be reflected on this page with a revised effective date and version number.
For questions, data requests, or grievances: