Legal Document

Privacy Policy

Last updated: May 2026•Effective: January 2025•Pakistan Law

PECA 2016 CompliantGDPR PrinciplesDRAP Aligned

Introduction

MediScan+ (Private) Limited (“we”, “our”, “us”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you access or use the MediScan+ Platform — including our mobile application, web portal, and API services.

We have designed this Policy to be clear, specific, and honest. We do not sell your data. We do not use your health information for advertising. We do not share your data with anyone who does not need it to operate this Platform.

This Privacy Policy is designed to comply with and reflect:

Pakistan Electronic Crimes Act (PECA) 2016— Pakistan's primary digital data protection statute.
Pakistan Personal Data Protection Bill — the draft framework establishing rights over personal data, adopted as best practice in advance of enactment.
GDPR Principles — the international gold standard for privacy, including lawfulness, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and accountability.
DRAP Data Guidelines — for pharmacovigilance and adverse drug reaction reporting obligations.

By using the Platform, you consent to the practices described in this Policy. If you do not agree, please discontinue use and contact us to delete your account.

Data We Collect

2.1 — Account Data

When you create an account, we collect your full name, email address, optional phone number, and your role type (consumer, pharmacy, manufacturer, or government). For premium features, we may collect age verification data. Passwords are never stored in plain text — they are hashed using industry-standard cryptographic algorithms.

2.2 — Scan Data

We collect information generated when you scan a medicine, including:

Medicine barcode or QR code value.
Scan timestamp and session identifier.
AI verdict and confidence score (e.g., GENUINE, FAKE, SUSPECT).
Approximate city-level location derived from GPS — we collect city only, NOT your precise GPS coordinates or street address.
Pharmacy identifier, if you are scanning at a registered MediScan+ pharmacy location.

Note on scan images: Medicine photographs are processed in real-time by our AI pipeline and are NOT permanently stored unless you explicitly choose to save a scan as evidence within the app. Temporary image buffers are purged within minutes of processing.

2.3 — Health Data (Sensitive)

This is sensitive personal data. It is processed under strict access controls, never sold, and never shared with advertisers or insurance companies. DRAP receives only anonymized, aggregate statistical reports — never individual health data linked to your identity.

Prescription images you upload for AI analysis — retained for the duration of your prescription reminder period, then deleted.
Adverse Drug Reaction (ADR) reports you submit — retained for 7 years as required by pharmacovigilance regulations.
Medication reminders you set within the app.

2.4 — Device Data

Firebase Cloud Messaging (FCM) device token — used only to send push notifications you have consented to receive.
App version and operating system version — for compatibility and bug fixing.
Anonymized crash logs — automatically collected to identify and fix technical issues. Crash logs do not contain personally identifiable information.

2.5 — Usage Analytics

We collect anonymized, aggregated data about which features are used and how often. This data cannot be used to identify you individually and is used solely to improve the Platform.

2.6 — B2B Portal Data (Business Users)

Company registration name and number.
DRAP licence number and expiry date.
Batch upload records including timestamps and uploader identity.
API usage logs including endpoint, timestamp, and response codes.

How We Use Your Data

We use your data only for the purposes described below:

Data Type	Purpose	Legal Basis
Email address	Account authentication and service alerts	Contract performance
Scan history	Displaying your personal scan records	Contract performance
City-level location	Regional analytics and area safety reports	Consent
Health & ADR data	Safety reporting to DRAP (anonymized)	Public interest / Legal obligation
FCM device token	Push notifications (consent required)	Consent
API usage logs	Security monitoring and B2B billing	Legitimate interest
Crash logs	Platform stability and bug resolution	Legitimate interest

We do NOT use your data for:
❌ Targeted or behavioural advertising
❌ Sale to any third party, data broker, or advertiser
❌ Insurance risk profiling or credit scoring
❌ Automated decisions that produce legal or similarly significant effects on you
❌ Any purpose other than those explicitly listed above

Data Sharing

4.1 — DRAP (Drug Regulatory Authority of Pakistan)

We share only anonymized, aggregated pharmacovigilance data with DRAP. For example, we may report that “47 counterfeit scan alerts were triggered across Karachi in a given month” — this report contains zero individually identifiable data. DRAP does not receive your name, email, scan history, or any data that could identify you personally.

4.2 — Pharmaceutical Manufacturers

Manufacturers can view analytics dashboards for scans of their own products only. They see aggregated data such as genuine vs. suspicious scan counts and regional trends. They cannot see who performed any individual scan, nor any user's name, email, or account information.

4.3 — Technical Service Providers

We work with the following sub-processors, all bound by data processing agreements:

Processor	Purpose	Data Location
Supabase (via AWS)	Encrypted database hosting and authentication	ap-south-1 (Mumbai, India)
Google Gemini AI	Real-time medicine image analysis (not stored)	Google infrastructure
Firebase (Google)	Push notifications and anonymized analytics	Global
Railway / Render	Backend API server hosting	US / EU
Vercel	Web portal hosting	Global edge network

All processors are subject to contractual obligations requiring them to process data only on our instructions, implement appropriate security measures, and not sub-process without our approval.

4.4 — Law Enforcement

We will disclose personal data to Pakistani law enforcement or regulatory authorities only in response to a valid, lawful request — including a court order, PECA lawful intercept order, or equivalent legal instrument. We will notify you of such a request unless legally prohibited from doing so.

We NEVER share personal data with:
❌ Advertising networks or data brokers
❌ Insurance companies
❌ Political organisations
❌ Any buyer — your data is not for sale, under any circumstances

Data Retention

We retain your data only for as long as necessary for the purpose it was collected, or as required by law:

Data Type	Retention Period	Reason
Account data (name, email)	Until deletion + 30 days	Account operation
Scan history	2 years, then anonymized	Your records; aggregated analytics
Prescription scan images	1 year or until deleted by you	Prescription reminder cycle
ADR reports	7 years	Pharmacovigilance legal requirement
API usage logs	1 year	Security, billing disputes
Crash & diagnostic logs	90 days	Bug resolution; anonymized after
FCM device tokens	Until logout or app uninstall	Notification delivery

When retention periods expire, data is either permanently deleted or irreversibly anonymized. You may request early deletion by exercising your rights as described in Section 6.

Your Rights

You have the following rights in relation to your personal data. To exercise any right, contact us at privacy@mediscanplus.com. We will respond within 30 calendar days.

📋

Right of Access

Request a complete copy of all personal data we hold about you, including scan history, account data, and ADR reports. We will provide this in a readable format within 30 days.

✏️

Right to Correction

Request correction of any inaccurate or incomplete personal data. You may also update most account data directly via the app under Settings → Profile.

🗑️

Right to Deletion (Right to be Forgotten)

Delete your account at any time via Settings → Account → Delete Account. All personal data will be deleted within 30 days. Exception: ADR reports are retained for 7 years as required by pharmacovigilance law — these will be anonymized if deletion is requested.

📤

Right to Data Portability

Request an export of your personal data in machine-readable JSON format. Email privacy@mediscanplus.com with the subject line “Data Export Request”.

🚫

Right to Object

Object to our processing of your data for analytics or any non-primary purpose. Manage analytics preferences via Settings → Privacy in the app.

⏸️

Right to Restriction

Request that we restrict processing of your data while a complaint or correction request is being resolved.

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the relevant Pakistani data protection authority or initiate legal proceedings in the courts of Lahore, Pakistan.

Children's Privacy

The Platform is not directed at, and we do not knowingly collect personal data from, children under 13 years of age. Users between 13 and 17 years of age may use the Platform with verified parental or guardian consent.

If we become aware that we have inadvertently collected personal data from a child under 13 without appropriate consent, we will immediately delete that account and all associated data without notice.

Parents and guardians who believe their child under 13 has created an account should contact us immediately at privacy@mediscanplus.com.

Data Security

We implement technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, and destruction. Our security controls include:

🔒AES-256 encryption at rest

🔐TLS 1.3 encryption in transit

🛡️Row Level Security (Supabase RLS)

🔑API key hashing (SHA-256)

✍️HMAC request signing on all API calls

📱Jailbreak & root detection (mobile)

🔏Certificate pinning (Android)

🔍Regular third-party security audits

Data Breach Notification: In the event of a personal data breach, we will notify all affected users within 72 hours of becoming aware of the breach — via email and in-app notification. We will also report to relevant Pakistani authorities as required by law and take immediate steps to contain the breach.

While we implement robust security measures, no system is completely immune from threats. We encourage you to use a strong, unique password and notify us immediately at security@mediscanplus.com if you suspect unauthorised access to your account.

Cookies & Tracking

Web Portal

The MediScan+ web portal uses a minimal set of cookies:

Cookie Type	Purpose	Can be disabled?
Essential session cookie	Maintains your authenticated login session	No — required for login
CSRF token	Protects against cross-site request forgery	No — required for security
Theme preference	Remembers your dark/light mode choice	Yes — clears on browser reset

We do NOT use advertising cookies, cross-site tracking cookies, or third-party analytics cookies that report to external marketing platforms.

Mobile Application

No HTTP cookies are used in the mobile application.
Local device storage is used to store your preferences, cached scan history, and authentication tokens — all on your device only.
Firebase Analytics is used in anonymized mode. No advertising identifier (IDFA/GAID) is collected or transmitted. Analytics can be opted out via Settings → Privacy → Analytics.

International Transfers

Your data is primarily stored on Supabase infrastructure hosted on AWS in the ap-south-1 region (Mumbai, India). This means your data may be processed outside Pakistan. We ensure that such transfers are protected by:

Contractual data processing agreements with all sub-processors, incorporating equivalent data protection standards.
Encryption of all data in transit and at rest, as described in Section 8.
Limiting sub-processor access to the minimum data necessary for the service they provide.

Pakistan Data Residency Commitment: We are committed to migrating to Pakistan-based or Pakistan-adjacent server infrastructure as soon as commercially viable, compliant options become available in the region. We will update this Policy and notify users when such a migration occurs.

Google Gemini AI processes medicine images in real-time. Images are sent to Google's API, processed, and the result is returned — images are not stored by Google as part of this transaction under our API agreement.

Changes to Policy

We may update this Privacy Policy from time to time. Where changes are material — affecting how we collect, use, or share your personal data — we will provide advance notice of at least 30 days via:

Email to your registered email address.
An in-app notification in the MediScan+ mobile application.
A prominent notice on this page showing the new effective date.

For non-material changes (such as formatting updates or clarifications that do not change our data practices), we may update the Policy without advance notice, updating the “Last updated” date at the top of this page.

Your continued use of the Platform after the effective date constitutes your acceptance of the changes. If you do not agree, you may delete your account before the change takes effect.

Contact Us

We take privacy enquiries seriously and will respond to all requests within 30 calendar days.

Data Controller:: MediScan+ (Private) Limited, Islamic Republic of Pakistan
Privacy queries:: privacy@mediscanplus.com
Security issues:: security@mediscanplus.com
Legal notices:: legal@mediscanplus.com

Response time: within 30 calendar days for standard requests; within 72 hours for security breach notifications. If you are unsatisfied with our response, you may escalate to the relevant Pakistani data protection authority or seek legal remedy through the courts of Lahore, Pakistan.

Was this helpful?

← Back to MediScan+Terms of Service →