Send a scan
Send a scan

Legal

Privacy Policy

Last updated: 18 May 2026

This Privacy Policy explains how Medsee AI Private Limited ("Medsee", "we", "us") collects, uses, shares, and protects information about you when you use our radiology workflow software. We are committed to handling personal data and patient data lawfully, fairly, and transparently.

1. Who we are

Medsee is operated by Medsee AI Private Limited, registered at Aspire Coworks, No. 17, 2nd Floor, 7th Main Road, Indira Nagar II Stage, Hoysala Nagar, Indiranagar, Bangalore, Karnataka – 560038. For any privacy-related inquiries, contact our Data Protection contact at privacy@medsee.ai.

2. Data we collect

2.1 Account information

  • Name, email address, phone number, professional credentials, organisation affiliation.
  • Authentication identifiers (e.g., Google or Microsoft single sign-on identifiers, where used).
  • Billing contact details.

2.2 Usage telemetry

  • Pages visited, features used, time spent, device and browser information.
  • Error logs and diagnostic information needed to operate and improve the service.

2.3 Clinical / report data

  • Imaging studies (DICOM) and study metadata that you or your organisation upload.
  • Report drafts, structured findings, impressions, and signed reports that you author within Medsee.
  • AI-generated outputs derived from the above (e.g., LLM-generated impressions).

Patient data is processed on behalf of your organisation, which acts as the data controller. Medsee acts as a data processor for this data and processes it only on documented instructions from your organisation.

2.4 Payment information

Payment card and UPI details are collected and processed by our payment processor, Razorpay. We do not store full payment instrument details on our servers.

3. How we use your data

  • To provide, maintain, and improve the service.
  • To authenticate users and prevent abuse.
  • To process payments and manage subscriptions.
  • To send service-related communications (e.g., billing, security, product updates).
  • To improve our AI models — only on data that you or your organisation has explicitly authorised for this use, and never including patient-identifying fields.
  • To comply with legal obligations.

4. Third parties we share data with

We share data only with service providers we rely on to operate Medsee. Each is bound by data-protection obligations.

  • Razorpay — payment processing.
  • Amazon Web Services (AWS) — cloud hosting and storage.
  • PostHog — product analytics (anonymised where possible).
  • Google / Microsoft — for users who sign in via Google or Microsoft SSO.
  • Email delivery providers — for transactional emails.

We do not sell your personal data. We disclose data to law enforcement only when legally compelled to do so and only to the extent required.

5. Where your data is stored

Data is stored in AWS data centres. We may transfer data internationally subject to appropriate safeguards. Organisations with specific data-residency requirements should contact us to discuss available options.

6. Data retention

  • Account data: retained while your account is active and for up to 24 months after closure, then deleted unless we are legally required to retain it longer.
  • Clinical / report data: retained per your organisation's instructions. On request, we will delete or return all such data within 30 days of contract termination, subject to legal obligations.
  • Payment records: retained as required by tax and accounting law.
  • Logs: typically retained for up to 12 months.

7. Your rights

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws, you have the right to:

  • Access the personal data we hold about you.
  • Request correction or erasure of inaccurate or unlawfully processed data.
  • Withdraw consent, where processing is based on consent.
  • Lodge a grievance with our Data Protection contact (see Section 11).
  • Nominate another individual to exercise your rights in the event of incapacity or death.

Where Medsee processes patient data on behalf of your organisation, requests from data principals (patients) should be directed to your organisation, who will engage us as needed.

8. Security

We implement reasonable technical and organisational measures to protect personal data, including encryption in transit, role-based access controls, audit logging, regular vulnerability assessments, and least-privilege infrastructure access. No system is fully secure; we encourage you to use a strong password and to report suspected security issues to security@medsee.ai.

9. Cookies and tracking

We use strictly necessary cookies to operate the service (e.g., authentication) and analytics cookies (e.g., PostHog) to understand usage. You can control cookies through your browser settings.

10. Children's data

Medsee is not intended for use by individuals under 18. We do not knowingly collect personal data from children. Note: patient data processed via Medsee may include data of minors; such data is processed on behalf of your organisation under the safeguards described in Section 2.3.

11. Contact and grievance redressal

Data Protection contact: privacy@medsee.ai
Postal address: Medsee AI Private Limited, Aspire Coworks, No. 17, 2nd Floor, 7th Main Road, Indira Nagar II Stage, Hoysala Nagar, Indiranagar, Bangalore, Karnataka – 560038

We aim to acknowledge grievances within 7 days and resolve them within 30 days.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-product notice at least 14 days before they take effect.