Effective Date: 2026-02-26 · Last Updated: 2026-02-26
This page supplements our Privacy Policy and explains how we handle health-related information with enhanced safeguards. If you have questions, contact us at hello@carevie.com.
Carevie is a platform that helps users store, organize, and access medical records (such as lab reports, prescriptions, bills, and appointment details). We are committed to protecting the privacy, confidentiality, and security of health-related information.
Carevie is not a healthcare provider and does not provide medical advice, diagnosis, or treatment. For medical decisions, consult a qualified healthcare professional.
Health-related information is sensitive. We aim to handle personal and health data responsibly, transparently, and securely. Our practices are designed to align with applicable Indian laws and generally accepted security practices, including:
• Digital Personal Data Protection Act, 2023 (India)
• Information Technology Act, 2000
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (where applicable)
“Health data” may include, but is not limited to:
• Medical history and symptoms
• Diagnostic reports, lab results, and medical documents
• Uploaded images and files related to health
• Appointment details and prescriptions
• (If available) user interactions that include health information, such as messages or notes
We treat such information as sensitive and apply enhanced protection measures.
We process health data when you voluntarily provide it through the platform and when processing is necessary to provide the services you request (for example, storing and displaying your medical records).
Where consent is required, you may withdraw consent at any time. Withdrawing consent may limit or prevent your ability to use certain features of the platform. We may retain certain information if required by law or for legitimate purposes such as security, fraud prevention, or dispute resolution.
Care Circle / Family Profiles
If you add or manage health data for a family member or another person, you confirm that you have their valid consent or lawful authority to do so. You are responsible for ensuring that any data you upload or manage for others is accurate and shared lawfully.
We process health data for legitimate, clearly defined purposes, including:
• Providing features to store, organize, and retrieve health records
• Generating summaries or insights from user-uploaded documents (where such features are enabled)
• Supporting user requests and troubleshooting
• Improving platform reliability, security, and user experience
• Preventing misuse, fraud, and unauthorized access
We do not use health data for advertising or marketing purposes.
We follow data minimization and least-privilege principles:
• We collect only the data needed to provide the service
• Access to health data is restricted to authorized systems and processes
• Internal access is limited, logged, and reviewed where appropriate
• Health data is not accessed unless required for functionality, support, or security
Carevie implements reasonable technical and organizational safeguards, which may include:
• Secure authentication and authorization controls
• Encryption in transit (for example, HTTPS/TLS) and encryption at rest where applicable
• Protected infrastructure, secure storage, and network controls
• Monitoring and logging of access and system events
• Regular review of security practices and access permissions
No system can guarantee absolute security. However, we continuously work to protect data against unauthorized access, loss, misuse, or disclosure.
We do not sell health data.
Health data may be shared only:
• With trusted service providers that help us operate the platform (for example, secure hosting, database, storage, email delivery, error monitoring, or analytics if enabled)
• When required to comply with law, legal process, or a lawful request by public authorities
We require our service providers to follow confidentiality and appropriate security obligations consistent with this page and our Privacy Policy.
Cross-border processing
Depending on the infrastructure we use, your data may be processed or stored in locations outside India. When we do so, we take steps intended to ensure an appropriate level of protection consistent with applicable law and our contractual safeguards with service providers.
We retain health data for as long as your account is active or as needed to provide the services you request. You may request deletion of your account and associated data.
After deletion, we may retain limited information where required by law or for legitimate purposes such as security, fraud prevention, backups, or resolving disputes. Backup copies, if any, may persist for a limited period based on our backup and retention cycles.
Subject to applicable laws, you may have the right to:
• Access your personal data and health data
• Correct inaccurate or incomplete information
• Request deletion of your personal data
• Withdraw consent where applicable
• Request information about how your data is used
Requests can be made through the platform (if supported) or by contacting us at hello@carevie.com. You may also contact our grievance email at hello@carevie.com.
Some features of Carevie may use automated systems to summarize or extract information from user-provided documents. Outputs are informational and may be incomplete or inaccurate.
Carevie does not provide medical diagnosis or treatment. Do not rely on AI-generated outputs for medical decisions. Always consult a qualified healthcare professional.
We may update this Health Data Privacy & Security page from time to time to reflect changes in law, technology, or our practices. Updates will be posted here with a revised “Last Updated” date.