MAP CARE Privacy Policy

Effective Date: 2026-03-11

Last Updated: 2026-03-28

MAP CARE is operated by SAMYA PRABH HEALTHCARE PRIVATE LIMITED.

This Privacy Policy explains how MAP CARE collects, uses, stores, shares, protects, retains, and deletes personal data when a person uses MAP CARE public surfaces, onboarding flows, authentication flows, the logged-in extension, protected workspaces, emergency entry flows, support channels, and related platform services.

By accessing or using MAP CARE, you acknowledge that you have read this Privacy Policy.

1. MAP CARE Platform Role

MAP CARE is a technology platform and governed workflow surface.

MAP CARE:

  • is not itself a hospital, clinic, laboratory, pharmacy, ambulance operator, blood bank, or homecare provider
  • does not itself provide diagnosis, treatment, prescriptions, or clinical judgment
  • does not replace licensed professionals, emergency numbers, or statutory healthcare obligations
  • may facilitate visibility, workflow coordination, protected workspace activation, emergency facilitation, and payment initiation or payment-status visibility for eligible flows

Healthcare services remain the responsibility of the relevant healthcare professional or entity.

2. People Covered By This Policy

This Privacy Policy applies to:

  • SmartUsers
  • people using public onboarding or emergency entry surfaces
  • professionals and partner-side operators who access MAP CARE through governed access roles and protected workspaces
  • MAP CARE staff who use the same governed identity and access system where applicable
  • guardians, caregivers, or authorized representatives acting for another person where lawfully permitted

3. Categories of Data MAP CARE May Process

Depending on the surface used and the role involved, MAP CARE may process:

3.1 Identity and Contact Data

  • full name
  • mobile number
  • email address
  • date of birth
  • address details
  • relationship or representative details where applicable

3.2 Authentication and Security Data

  • password hashes and authentication state
  • OTP dispatch and verification records
  • login attempts, session events, and device-linked security metadata
  • browser, device, and IP-related security signals

3.3 Verification and Eligibility Data

  • verification state
  • KYC references or outcomes where applicable
  • access eligibility records
  • professional or entity linkage status where applicable

3.4 Healthcare and Operational Visibility Data

  • appointment, encounter, prescription, investigation, report, consultation, homecare, ambulance, blood-request, and related health-service records that become visible through MAP CARE workflows
  • emergency case information
  • audit and traceability records linked to access or workflow actions

3.5 Payment and Billing-Related Data

  • bill visibility data
  • payment initiation metadata
  • payment-status visibility data
  • external payment reference values where applicable
  • invoice and attribution references where applicable

MAP CARE does not store full card credentials, UPI PINs, or bank passwords.

3.6 Support and Communication Data

  • support requests
  • issue descriptions and screenshots voluntarily shared by the user
  • communication history required for resolution, audit, or compliance

3.7 Technical and Usage Data

  • device, browser, and operating-environment metadata
  • page or surface access logs
  • protected workspace activation logs
  • timestamped operational events
  • local browser state or similar technical storage required for continuity, security, or session behavior

4. Why MAP CARE Uses Data

MAP CARE may use data to:

  • create and maintain accounts
  • authenticate identities and secure access
  • determine and activate eligible access roles and protected workspaces
  • display governed dashboards and visibility surfaces
  • facilitate healthcare-related workflows between users and providers
  • support emergency facilitation flows
  • display billing or payment-status information where applicable
  • maintain auditability, traceability, and fraud or misuse protection
  • operate support, grievance, and platform administration channels
  • comply with legal, safety, tax, audit, or regulatory obligations

MAP CARE does not use platform data to independently make clinical decisions.

5. How Data Becomes Visible

MAP CARE follows governed visibility rules.

This means:

  • not every stored field is shown to every user
  • visibility depends on identity, role, protected workspace, and applicable workflow rules
  • public surfaces, the logged-in extension, SmartUser surfaces, professional surfaces, entity surfaces, and internal surfaces are intentionally different
  • access and visibility events may be logged for audit and security purposes

6. Consent and Related Legal Grounds

MAP CARE uses explicit consent where the product flow requires it, including for:

  • signup and account creation
  • OTP verification
  • medical-data visibility and related health-data handling
  • KYC or identity verification where required
  • emergency override or emergency facilitation scenarios

MAP CARE may also process data where reasonably necessary for:

  • platform access and service continuity
  • security and fraud prevention
  • compliance with applicable law
  • protection of users, providers, staff, or the platform in urgent situations

7. Sharing and Disclosure

MAP CARE may disclose relevant data:

  • to the user who is lawfully entitled to see it
  • to healthcare professionals or entities involved in the relevant workflow
  • to service providers assisting with hosting, messaging, authentication, verification, or payment-status infrastructure
  • to auditors, regulators, law-enforcement bodies, or courts when required by law or lawful process
  • during emergency facilitation where limited and necessary disclosure is required

MAP CARE does not sell personal data as a commercial data marketplace.

8. Payment and Financial Boundary

MAP CARE may facilitate payment initiation or payment-status visibility for eligible platform flows.

However:

  • healthcare-service pricing remains the provider's responsibility unless explicitly stated otherwise
  • payment execution may rely on external providers or external rails
  • custody of funds does not automatically shift to MAP CARE merely because a status is shown inside the product
  • refund, cancellation, and payment-failure handling is subject to the relevant payment, partner, or service lane and the applicable MAP CARE policy set

9. Emergency Handling

Emergency flows are facilitative only.

During an emergency or life-threatening situation, MAP CARE may process and disclose limited data required for emergency facilitation, situational awareness, safety, and auditability. This does not mean MAP CARE guarantees dispatch, admission, blood availability, or clinical outcome.

10. Data Retention

MAP CARE retains data only for as long as reasonably required for:

  • platform operation
  • continuity of records
  • legal or regulatory requirements
  • audit, dispute, or security handling
  • archival and traceability where deletion is not permitted or not operationally appropriate

Different categories of data may have different retention periods. Some records may remain archived, restricted, or read-only even after account closure.

11. Deletion and Account Closure

A person may request account closure or deletion subject to applicable workflow, security, and legal constraints.

MAP CARE may refuse full deletion, or may instead archive or restrict records, where retention is necessary for:

  • audit trails
  • fraud and abuse prevention
  • financial and tax records
  • emergency traceability
  • medical, safety, or compliance records
  • dispute resolution or legal obligations

For deletion and closure handling, see the MAP CARE Account Deletion and Account Closure Policy and the MAP CARE Data Retention and Data Deletion Policy.

12. Security

MAP CARE uses reasonable technical and operational safeguards intended to protect data from unauthorized access, misuse, alteration, or loss.

No internet or software system can promise absolute security. Users remain responsible for protecting their credentials, devices, and account access.

13. Children's and Dependent Data

If MAP CARE is used for a child, dependent, or another represented individual, the person using the platform for that purpose must have lawful authority to do so. MAP CARE may require relationship or authority confirmation where the workflow demands it.

14. Cross-Surface Consistency

This Privacy Policy should be read together with:

  • Terms of Service
  • Platform Disclaimer
  • Medical Non-Liability Statement
  • Emergency Disclaimer
  • consent wording used in MAP CARE flows
  • account deletion, retention, grievance, and payment-failure policies published by MAP CARE

15. Contact and Grievance Routing

For privacy, grievance, or policy questions related to MAP CARE, contact:

  • mapcare.in@gmail.com

16. Policy Updates

MAP CARE may update this Privacy Policy when the platform, workflows, or compliance needs change. The latest repository-approved and product-published version supersedes earlier wording.

17. Governing Law

This Privacy Policy is governed by the laws of India. Courts within India will have jurisdiction, subject to any mandatory legal requirement to the contrary.