Privacy Policy
Last updated: July 2026 · Effective immediately
FitScript takes your privacy seriously. We never sell your personal or medical data. This policy explains what we collect, why, and how we protect it.
1. Information We Collect
We collect the following categories of information:
- Identity data: Name, date of birth, gender
- Contact data: Phone number, email address, delivery address
- Health data: Medical history, current medications, weight, height, health conditions disclosed during intake
- Consultation data: Notes from your doctor consultation, prescription details
- Payment data: Transaction reference numbers (we do not store card numbers or UPI credentials)
- Usage data: How you interact with our website (pages visited, time spent)
2. How We Use Your Information
Your information is used to:
- Connect you with an NMC-registered doctor for your consultation
- Enable your doctor to prescribe appropriate treatment
- Fulfil and deliver your prescription medication
- Send you appointment reminders and follow-up communications
- Improve our services and clinical outcomes
- Comply with applicable laws and regulatory requirements
3. Who We Share Your Data With
We share your data only with:
- Your assigned doctor: For the purpose of clinical assessment and prescription
- Licensed pharmacies: To fulfil your prescription order
- Delivery partners: Name and address only, for medication delivery
- Payment processors: Transaction data only, under strict data agreements
We never sell your data to advertisers, data brokers, or third parties for marketing purposes.
4. Health Data Protection
Your medical information is treated as sensitive personal data under the Digital Personal Data Protection Act, 2023. It is stored encrypted, accessible only to your assigned doctor and authorised FitScript clinical staff, and is never used for advertising or profiling.
5. Data Retention
We retain your medical records for a minimum of 7 years as required by the Telemedicine Practice Guidelines 2020. You may request deletion of non-medical personal data at any time by contacting us.
6. Your Rights
Under the DPDPA 2023, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Withdraw consent for non-essential processing
- Request deletion of your personal data (subject to legal retention requirements)
- Nominate a representative for data decisions
7. Cookies
We use essential cookies for session management and analytics cookies to understand how our website is used. We do not use advertising or tracking cookies. You can disable cookies in your browser settings.
8. Security
We use 256-bit SSL encryption for all data transmission, encrypted databases for health records, and strict access controls. We conduct regular security audits and penetration testing.
9. Contact
To exercise your rights or for any privacy questions, contact our Data Protection Officer at dpo@fitscript.in or hello@fitscript.in.