Legal Document
Privacy Policy
How MedFind collects, uses, shares, and protects your personal and medical information.
Last Updated: April 26, 2026 | Version 2.0
Plain Language Summary: MedFind is a Bangladesh digital healthcare platform. We collect your health data only to connect you with doctors, hospitals, and services. We never sell your data. Your medical records are encrypted and private. You can delete your account at any time.
1 Information We Collect
We collect information to provide and improve our healthcare services:
| Category | Examples | Required? |
|---|
| Account Data | Name, email, phone, password hash, profile photo | Yes |
| Medical History | Diagnoses, prescriptions, lab results, allergies | Optional |
| Appointment Data | Doctor visited, date/time, symptoms discussed, notes | Auto-collected |
| Blood Donor Info | Blood group, last donation date, district, availability | If you register as donor |
| Location Data | District/division, GPS coordinates (for nearby doctors) | Optional |
| Payment Data | Transaction ID, amount, bKash/Nagad last 4 digits | If you make payments |
| Usage Data | Pages visited, features used, device type, IP address | Auto-collected |
Sensitive Data Notice: Medical information is considered sensitive personal data under Bangladeshi law. We apply the highest level of protection to all health-related information you share with us.
2 How We Use Your Data
Your data is used exclusively for the following purposes:
- Connecting you with licensed doctors, hospitals, and healthcare providers in Bangladesh
- Managing appointment bookings, video consultations, and follow-ups
- Maintaining your medical history and health records securely
- Processing payments and generating invoices for services
- Sending appointment reminders and health notifications (SMS/email)
- Enabling emergency blood donor matching services
- Improving our platform through anonymized usage analytics
- Complying with legal obligations under Bangladeshi law
- Fraud prevention and platform security
We Do NOT: Sell your personal data, share your medical records with insurers without consent, use your data for advertising, or share identifiable data with third parties for marketing purposes.
3 Data Sharing & Disclosure
We share your data only in these circumstances:
- With Healthcare Providers: Your treating doctors/hospitals receive only the medical data necessary for your care
- Emergency Services: In a life-threatening emergency, relevant health data may be shared with emergency responders
- Legal Requirements: If required by Bangladeshi court order, government regulation, or law enforcement
- Service Providers: Third-party processors (cloud hosting, payment gateway, SMS) under strict data processing agreements
- Blood Donors: If you register as a blood donor, your name, blood group, and district are visible to verified patients in need
- With Your Consent: Any other sharing requires your explicit, informed consent
All third-party data processors are contractually required to maintain data confidentiality and security equivalent to our own standards.
4 Medical Data Handling
Medical information receives special protection under our policies:
- All medical records are encrypted at rest using AES-256 encryption
- Access to medical records is logged and audited continuously
- Only your treating healthcare providers can view your medical history
- Medical data is stored on servers located within Bangladesh or compliant AWS regions
- You can request a complete export of your medical data at any time
- You can request deletion of medical data (subject to legal retention requirements)
Legal Retention: Bangladeshi healthcare regulations may require us to retain certain medical records for up to 10 years. We will inform you if deletion requests cannot be fully honored due to legal requirements.
5 Data Security
We implement comprehensive security measures:
- AES-256 encryption for data at rest; TLS 1.3 for data in transit
- Multi-factor authentication for all admin accounts
- Regular penetration testing and security audits
- Automated backups with encrypted storage (see Data Backup Policy)
- Role-based access control — staff only see data needed for their role
- Security incident response plan with 72-hour breach notification
- OWASP Top 10 vulnerability assessments
Despite these measures, no system is 100% secure. If you believe your account has been compromised, contact us immediately at medfindbd2026@gmail.com.
6 Cookies & Tracking
We use minimal cookies necessary for platform functionality:
- Essential Cookies: Session management, authentication tokens (required)
- Preference Cookies: Language, theme, accessibility settings (can disable)
- Analytics Cookies: Anonymized usage patterns to improve features (can disable)
We do NOT use advertising cookies, third-party tracking pixels, or social media trackers. You can manage cookie preferences in your account settings or browser settings.
7 Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of all data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your account and associated data
- Export: Download your data in a portable format (JSON/PDF)
- Restriction: Request we limit processing of your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent for non-essential processing at any time
To exercise your rights, contact us at medfindbd2026@gmail.com or use the Settings > Privacy section in your account. We will respond within 30 days.
8 Data Retention
- Account Data: Retained while your account is active + 6 months after deletion request
- Medical Records: Up to 10 years as required by healthcare regulations
- Appointment Data: 7 years for billing and legal purposes
- Payment Records: 7 years as required by Bangladesh financial regulations
- Usage Logs: 90 days (anonymized after 30 days)
- Blood Donor Data: Active until you opt out; deleted within 30 days of request
9 Children's Privacy
MedFind services are intended for users aged 18 and above. For minors under 18, a parent or legal guardian must register and manage the account. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe we have collected data from a minor without consent, please contact us immediately.
10 Contact Us
For privacy concerns, data requests, or questions about this policy:
This Privacy Policy is governed by the laws of Bangladesh. By using MedFind, you agree to this policy. We may update this policy periodically and will notify registered users of material changes via email.