Privacy Policy

Last updated: 29 May 2026

Medrita ("Medrita", "we", "our") is a product operated by Antrika Technologies LLP, registered in India and based in Noida, Uttar Pradesh. This policy explains what data we collect, how we use it, and your rights.

1. Who this policy covers

This policy applies to:

  • Clinic operators and staff — anyone who manages a clinic through the Medrita admin portal.
  • Patients — individuals who book appointments through a clinic's public Medrita-powered website.

2. Data we collect

Clinic operators and staff

  • Account information: name, work email, role, and mobile number.
  • Clinic and branch details entered during setup.
  • Activity logs: actions taken in the admin portal, timestamped and attributed to your user account.
  • Device and session data: IP address, browser, and session tokens for authentication.

Patients (via clinic booking websites)

  • Name, mobile number, email (optional), age, gender, and notes provided during booking.
  • Medical profile data entered by clinic staff: allergies, pre-existing conditions, and visit history.
  • Prescription data where prescriptions are written by a doctor within Medrita.

3. How we use data

  • To deliver and operate the Medrita platform and its clinic websites.
  • To send booking confirmation emails to patients.
  • To provide audit trails for compliance and clinic governance.
  • To monitor and improve platform performance and reliability.
  • To meet legal obligations.

We do not sell personal data. We do not use patient data to train AI models.

4. Data sharing

We share data only with subprocessors required to operate the platform (cloud infrastructure, email delivery via AWS SES, error monitoring via Sentry). Patient data entered by a clinic is visible only to that clinic's authorised staff. Strict tenant isolation prevents one clinic from ever accessing another's data.

5. Data retention

Account and clinic data is retained for the duration of your subscription and a limited period thereafter as required by law. Patient data is retained as long as the clinic subscription is active. You may request deletion at any time.

6. Security

Medrita uses encryption in transit (HTTPS) and at rest for all sensitive data. Access controls, JWT sessions in HttpOnly cookies, MFA support, and full audit logging are built into the platform. We conduct periodic security reviews.

7. Your rights

You have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email us at privacy@medrita.com. Clinic admins can manage patient records directly through the admin portal.

8. Contact

Questions about this policy can be sent to privacy@medrita.com.
Postal address: Antrika Technologies LLP, D-5 Sector-59, Noida, Uttar Pradesh — 201301, India.