Privacy Policy

Last updated: March 2026

MedStore App ("we", "our", "us") is a pharmacy and medical store management platform operated by Progalaxy eLabs. This Privacy Policy explains what data we collect, why we collect it, and how we protect it. This policy applies to our website (www.medstoreapp.in), web portal (portal.medstoreapp.in), and Android application.

1. Information We Collect

1.1 Account and Authentication Data

When you register for an account, we collect:

  • Email address
  • Password (stored as a one-way cryptographic hash; we cannot read your password)
  • Last login date and time
1.2 Business Information

When you set up your store, we collect:

  • Business name, type (medical store, pharmacy, clinic, hospital, or diagnostic center), and a unique business identifier
  • Business address, city, state, and pincode
  • Primary contact person's name, phone number, and email
  • GSTIN and drug license number (if provided)
  • Subscription and billing details
1.3 Data You Enter About Your Customers

As a pharmacy management tool, MedStore App allows you to record information about your customers. This may include:

  • Customer name, phone number, email, and address
  • GSTIN (for business customers)
  • Date of birth and gender
  • Medical history (free-text notes you choose to enter)

You are the data controller for your customer data. We process it solely to provide the service to you and do not use it for any other purpose.

1.4 Vendor and Supplier Data

You may store your suppliers' names, addresses, phone numbers, email, GSTIN, and drug license numbers.

1.5 Financial and Inventory Data

The app stores invoices, customer bills, payment records, stock transactions, and inventory details that you create during normal use of the platform.

1.6 Automatically Collected Data
  • Audit trail of actions performed within the app (for your own accountability)
  • Anonymous usage statistics via Google Analytics (page visits, navigation patterns, button clicks)
  • Cookies for session management and authentication

2. Device Permissions (Android App)

Our Android app requests the following permissions:

  • Internet — Required to connect to the MedStore App service.
  • Camera — Used to scan barcodes and capture images of invoices or prescriptions when you choose to do so. The camera is never activated without your action.
  • File/Storage Access — Used to upload invoice attachments and documents from your device.

No data from your camera or files is accessed without your explicit action within the app.

3. How We Use Your Information

  • To provide, operate, and maintain the MedStore App platform
  • To authenticate your identity and secure your account
  • To process your subscription and billing
  • To provide customer support when you contact us
  • To send important service-related communications (e.g., subscription expiry, system updates)
  • To improve our platform based on anonymous usage patterns

We do not use your data or your customers' data for advertising, profiling, or selling to third parties.

4. Health Data

MedStore App allows you to optionally record medical history notes about your customers. This data:

  • Is entered voluntarily by you (the store operator)
  • Is stored in your isolated tenant database accessible only by your account
  • Is never shared with other tenants, third parties, or used by us for any purpose beyond providing the service
  • Is never used for research, analytics, or marketing
  • Can be deleted by you at any time through the app

5. Data Storage and Security

  • Your data is stored on servers located in India
  • Each business tenant has an isolated database; your data is never mixed with other tenants' data
  • Passwords are stored using one-way cryptographic hashing (bcrypt) and cannot be reversed
  • All communication between your device and our servers is encrypted using TLS/HTTPS
  • Authentication uses industry-standard JSON Web Tokens (JWT) with RS256 signatures
  • We conduct regular access reviews to limit who can access production systems

6. Third-Party Services

We use the following third-party services:

  • Google Analytics — For anonymous website usage statistics. Google's privacy policy applies to this data.
  • Razorpay — For payment processing. We do not store your payment card or bank details. Razorpay's privacy policy governs payment data.

We do not sell, rent, or share your personal data with any other third party.

7. Data Retention

7.1 While Your Account is Active

Your account and business data is retained for as long as your account is active. You can download all your data at any time through the "Download My Data" feature in your account settings.

7.2 Account Deletion Process

When you request to delete your account:

  • Your account is marked for deletion, and a 60-day scheduled deletion window begins
  • During these 60 days, all your personal data, business information, customer records, and store data are retained
  • You can cancel the deletion request within 30 days of submitting it, which will restore your account immediately
  • After 60 days have passed, all personal data and store data is permanently deleted and cannot be recovered
7.3 Subscription Cancellation

If you cancel your subscription (without requesting account deletion), your data is retained for 90 days in case you wish to reactivate, after which it is permanently deleted.

7.4 Audit Trail and Logs

Audit trail records of actions performed within your account are retained for the lifetime of your account. These are deleted when your account is permanently deleted.

7.5 Immediate Deletion

You may request immediate deletion of your data (without the 60-day waiting period) by contacting us with a written request (see Section 10).

8. Your Rights

You have the right to:

  • Access your personal data at any time through your account dashboard
  • Download My Data — Export all your store data, customer records, and business information from your account at any time using the "Download My Data" feature available in your account settings
  • Correct any inaccurate information through the app settings
  • Delete your account and all associated data through the account deletion request (60-day retention period applies), or request immediate deletion by contacting us at info@medstoreapp.in
  • Withdraw consent for optional data processing (such as analytics cookies)

To exercise any of these rights, contact us using the details in Section 10.

9. Geographic Scope

MedStore App is available only in India. All data is stored and processed on servers located in India in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:

Operated by: Progalaxy eLabs, India

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the revised policy.