Medic Retail – Privacy Policy

1. Information We Collect

Depending on your interactions with the App, we may collect the following categories of data:

• Account & Profile Data: Name, phone number, email address, password (hashed), gender, and profile image.
• Order & Transaction Data: Items added to cart, purchase history, delivery addresses, coupons, loyalty/cashback balances, and Razorpay transaction tokens.
• Location Data: GPS coordinates or selected map location to show nearby stores, serviceability, and delivery instructions.
• Device & Technical Data: Device identifiers, OS version, app version, IP address, crash logs, and diagnostic information.
• Usage Data: Screens visited, search queries, wishlist/favourites, QR scans, and interactions with notifications.
• Media & Files: Photos or documents you upload to update your profile, share prescriptions, or provide proof of delivery.
• Support Communications: Messages, attachments, and metadata when you contact our support channels or WhatsApp helpline.

2. How We Use Your Information

• Authenticate your account, maintain sessions, and personalize your in-app experience.
• Process orders, manage deliveries, handle payments, and provide self-checkout/QR workflows.
• Recommend products, flash sales, and brands based on your activity and preferences.
• Send transactional communications (order status, payment confirmations) and service notifications.
• Provide customer support, troubleshoot issues, and respond to feedback or disputes.
• Analyze aggregated usage metrics to improve performance, reliability, and security.
• Comply with legal obligations, prevent fraud, and enforce our Terms of Use.

3. Legal Bases for Processing (EEA/UK Users)

We process personal data when one of the following applies: (i) performance of a contract (fulfilling your orders), (ii) legitimate interests (app analytics, fraud prevention), (iii) consent (marketing communications, optional permissions), or (iv) legal obligation (tax and accounting compliance).

4. Sharing Your Information

• Service Providers: Cloud hosting, analytics, push notification, and customer support vendors under confidentiality obligations.
• Payment Partners: Razorpay and other gateways receive the minimal information necessary to process payments securely.
• Logistics & Retail Partners: Warehouses, delivery agents, and in-store staff receive address and order details to fulfil your purchases.
• Maps & Location Providers: Google Maps Platform processes location data to display maps and calculate serviceability.
• Legal & Compliance: Courts, regulators, or law enforcement when required by applicable law or to protect our rights.

We do not sell your personal information. Aggregated or anonymized data may be shared for analytics or business insights.

5. Permissions & Device Access

The App may request the following Android permissions to deliver specific features:

• Location (Approximate & Precise): To show nearby stores, check delivery coverage, and track self-checkout sessions.
• Camera & Barcode Scanner: To scan QR codes, capture prescriptions, and upload profile photos.
• Photos/Media/Files: To let you upload images for support or order verification and to cache product assets for faster browsing.
• Notifications: To send order updates, promotions, and system alerts. You can manage notification preferences in Android settings.
• Vibration: To provide haptic feedback for barcode scans and critical alerts.

You may deny permissions, but certain features may become unavailable.

6. Data Retention

We retain personal data for as long as your account remains active or as needed to provide services. Order and transactional records may be kept longer to comply with tax, regulatory, or dispute-resolution requirements. When data is no longer required, it is securely deleted or anonymized.

7. Security

We implement administrative, technical, and physical safeguards such as HTTPS transport, tokenized payment flows, role-based access controls, and regular audits. Nevertheless, no mobile or internet transmission can be guaranteed 100% secure; you use the App at your own risk.

8. Children’s Privacy

Medic Retail is not intended for children under 13 years of age (or the minimum age required by your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided personal information, please contact us so we can delete it.

9. Your Rights & Choices

Depending on local laws, you may have the right to:

• Access, review, or update your account information within the App.
• Request correction or deletion of your personal data by contacting support.
• Withdraw consent for marketing communications or optional permissions.
• Request a copy of the data you provided to us in a portable format.
• Lodge a complaint with your supervisory authority if you believe your rights were violated.

We may verify your identity before completing certain requests.

10. International Data Transfers

Your information may be stored and processed on servers located outside your home country. We ensure appropriate safeguards, such as Standard Contractual Clauses, are in place before transferring data internationally.

11. Third-Party Services & Links

The App may integrate with third-party services such as Google Maps, Razorpay, WhatsApp, or external web views. Their privacy practices are governed by their own policies. We encourage you to review those policies before engaging with the services.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be highlighted within the App or via email. Continued use after an update signifies your acceptance of the revised policy.

13. Contact Us

If you have questions or requests about this Privacy Policy, contact us at:

XLayer Technologies Private Limited
Support: contact@xlayer.in