Privacy Policy
Last Updated: November 07, 2025
Welcome to Medicine AI Identifier
Your privacy matters to us. This AI Privacy Policy explains how we collect, use, store, and protect your personal and non-personal information when you use our mobile application, website, and services (collectively, the “Service”). By accessing or using the Service, you agree to the terms of this Privacy Policy and consent to the collection and use of your information in accordance with this document and applicable laws such as GDPR, HIPAA, and India’s DPDP Act 2023.
The purpose of this policy is to ensure transparency and trust in how your data is handled. We recognize that healthcare information is extremely sensitive, and we are committed to upholding the highest standards of healthcare data protection through encryption, anonymization, and responsible AI governance.
Our platform provides AI-driven medicine identification and educational medical insights. We do not provide medical diagnosis or treatment. All collected data is processed strictly to deliver accurate AI results and improve our Service performance — nothing more.
A. User-Provided Data
- Images: Upload a photo of a pill, package, or label.
- Text Inputs: Medicine names, dosage details, or brand text.
- Country & Language Preferences: For localized results.
- Account Info (if applicable): Email, profile name.
We do not collect medical records, prescriptions, or personally identifiable health data.
B. Automatically Collected Data
- Device information (model, OS, browser)
- IP address (security & fraud prevention)
- Usage analytics (page views, clicks, errors)
All data is anonymized and used solely for performance monitoring and AI improvement.
- To Identify Medicines: AI processes your image/text.
- To Deliver Personalized Results: Country & language preferences.
- To Improve AI Accuracy: Aggregated, anonymized data.
- To Maintain System Security: Prevent misuse & spam.
- To Communicate Updates: Security alerts (never ads without consent).
We never sell, rent, or share your personal data for marketing.
Zero-retention model for sensitive data:
- Uploaded images → deleted immediately after analysis.
- AI results → cached for display, then auto-cleared.
- Anonymous usage stats → stored without user identity.
1. Encryption
All user data is encrypted in transit with TLS 1.3, and AES-256 at rest. Uploaded images and AI outputs are deleted after session ends.
Bank-grade encryption. Zero exposure. Full control.
2. Secure AI Processing
All AI analysis runs in Google Vertex AI isolated sandboxes — no human access, no external sharing, no training reuse.
3. Access Controls
- Users see only their own saved data.
- Admins manage system settings — no health data access.
- All access uses Firebase Auth with secure tokens.
4. Audits & Compliance
- Quarterly penetration testing
- GDPR, HIPAA, ISO 27001 compliant
- Real-time monitoring & alerts
Nebliu Digiminds ensures that all data processing within the Pill Pal – AI Medicine Identifier platform complies with globally recognized data protection regulations. We respect regional privacy laws, uphold user rights, and maintain transparency and consent across jurisdictions.
GDPR (EU)
For EU users, Pill Pal follows all GDPR principles with full transparency and control.
- • Right to access, rectify, erase, restrict, object
- • Data minimization — only essential data collected
- • Processing based on explicit consent
- • Export or delete data via account or DPO contact
Complete GDPR logs and documentation maintained.
HIPAA (US)
U.S. users are protected under HIPAA Privacy & Security Rules — no PHI stored without consent.
- • No identifiable health data stored or linked
- • AI runs in HIPAA-compliant Google Vertex AI
- • Access limited to user + authorized systems only
Confidentiality, integrity, and availability guaranteed.
DPDP Act (India)
Indian users are covered by the DPDP Act 2023 with clear consent and minimal data use.
- • Explicit consent before any data collection
- • Only minimal data for medicine identification
- • Full rights to withdraw, delete, opt-out
- • Data stored in region-specific servers
Privacy notices in regional languages.
At Nebliu Digiminds, user consent is the foundation of all AI and data operations in Pill Pal – AI Medicine Identifier. We believe in transparent, ethical, and user-controlled data handling — you are always in charge.
Explicit Permission
Before any upload, Pill Pal shows a clear consent dialog explaining:
- What data is collected (photo, text)
- Purpose: AI identification only
- Duration: deleted after analysis
No upload occurs until you tap “Allow”.
Clear Purpose & Duration
Every consent screen clearly states:
- Why we need your data
- How long it’s kept
- What happens after (deletion)
Aligned with GDPR Article 7 & DPDP Section 5.
Withdraw Anytime
Revoke consent in Settings → Privacy:
- Delete all data instantly
- Erase account + AI history
- Full purge within 24 hours
Your right to be forgotten — GDPR Article 17.
Our Commitment to User Control
Pill Pal never uses implied consent or background collection. Every upload, AI call, and save is explicitly authorized by you. Consent is freely given, informed, and fully reversible — anytime, anywhere.
Your data. Your rules. Always.
At Nebliu Digiminds, we never sell, rent, or trade your personal or medical data. Sharing occurs only when strictly necessary — for service functionality, legal compliance, or business continuity — and always under ironclad confidentiality agreements.
Trusted Service Vendors
We use Google Firebase and Google Vertex AI — industry-leading, GDPR & HIPAA-compliant processors.
- Firebase: secure auth, storage, communication
- Vertex AI: real-time AI analysis
- Contractually restricted — no reuse or training
TLS 1.3 + AES-256 encryption at every step.
Legal Compliance
Disclosure only when required by law (court order, subpoena).
- Minimal data shared
- User notified when possible
- Compliant with GDPR Art. 6(1)(c), DPDP Sec. 8
Transparency and necessity — always.
Business Continuity
In case of merger or acquisition:
- Receiving entity bound by this policy
- Advance user notification
- Option to opt-out or delete data
Your data stays protected — always.
Data Protection Agreements
Every partner signs a Confidentiality & DPA:
- No resale, reuse, or analysis
- Full HIPAA, GDPR, DPDP compliance
- Mandatory staff privacy training
Trust is contractual — and enforced.
Summary of Sharing Principles
| Type | Purpose | Safeguard |
|---|---|---|
| Trusted Vendors | Core functionality | Encrypted, contract-bound |
| Legal Compliance | Lawful orders | Minimal data, user notice |
| Business Continuity | Mergers | Opt-out + policy transfer |
Our Commitment
Pill Pal will never share your data for ads, profiling, or marketing. All third-party relationships are bound by data protection standards equal to or greater than our own.
Your trust is our foundation.
Pill Pal uses minimal, privacy-safe cookies to ensure smooth functionality, measure performance, and personalize your experience. No ads, no profiling, no tracking across sites. All usage complies with GDPR, CCPA, and DPDP Act.
Essential Cookies
Required for core app functionality:
- User login & session management
- Secure Firebase Auth persistence
- Language & region settings
- Temporary AI result caching
Cannot be disabled — needed for app to work.
Performance & Analytics
Anonymous stats to improve stability:
- Error & crash detection
- AI response speed tracking
- User flow & engagement
IP & device IDs anonymized via Firebase Analytics.
Preference Cookies
Optional personalization:
- Default language (Hindi, English, etc.)
- Dark mode, text-to-speech
- UI layout preferences
Fully optional — can be turned off anytime.
No Third-Party Tracking
- No advertising or behavioral cookies
- No cross-site tracking or remarketing
- AI logs contain no personal data
- All third-parties under Google DPA
Manage Your Cookies
- In-App: Privacy Settings → Toggle analytics
- Browser: Settings → Privacy → Block cookies
- Essential cookies stay on for functionality
Core AI features always work — even with analytics off.
Our Commitment
Pill Pal uses only essential, anonymized, and user-controlled cookies. No data is sold, shared, or used for AI training. You’re informed via banners and policy updates.
Your privacy. Your control. Always.
Pill Pal is not intended for children under 13 (or the local digital consent age, e.g., 16 in some EU regions). We do not knowingly collect or process minors’ data — and take immediate action if any is detected.
No Intentional Collection
We never collect data from children under 13 (or local consent age).
- App designed for adult use only
- Age gates and UI discourage minors
- If detected: immediate deletion
Account disabled + parent notified.
Parental Responsibility
Parents: contact us immediately if your child used Pill Pal.
- Email: privacy@nebliudigiminds.com
- We verify identity & delete all data
- Confirmation sent within 72 hours
We encourage monitoring online activity.
Global Compliance
We comply with:
- COPPA (U.S.) – No child data
- GDPR Art. 8 (EU) – Consent age 16
- DPDP Act (India) – Parental control
No exceptions. No compromises.
Secure Deletion
If child data is found:
- Quarantined instantly
- Deleted from all systems in 72 hours
- Only privacy officers access
- Full audit trail logged
Zero tolerance. Zero retention.
Our Commitment
Pill Pal is built for adults and caregivers. We uphold the highest global standards to ensure no child’s data is ever collected, stored, or processed.
Safe for families. Ethical by design.
Pill Pal may include links to external websites, educational resources, or pharmacy networks for your convenience. These are not controlled by Nebliu Digiminds — their privacy policies apply once you leave our platform.
Independent Privacy
Once you click a third-party link, our Privacy Policy no longer applies.
- Drug databases, pharmacy sites
- Embedded YouTube videos
- External AI or translation tools
Always review their privacy policy before sharing data.
No Liability
We are not responsible for:
- Accuracy of external content
- Your data shared with them
- Their cookies or tracking
We link to reputable sources — but verify yourself.
Secure Integrations
Our core services (Firebase, Vertex AI) are:
- Under strict DPAs
- GDPR, HIPAA, DPDP compliant
- Encrypted end-to-end
But external links follow their own rules.
Your Responsibility
Before clicking:
- Don’t share sensitive health data
- Read their privacy notice
- Verify the site is secure (HTTPS)
You control what you share — always stay cautious.
Our Commitment
We only integrate trusted, compliant third-party tools within Pill Pal. For external links, we prioritize reputable sources — but you remain in control of your data.
Transparency. Safety. Your choice.
While we use enterprise-grade security to prevent breaches, Nebliu Digiminds has a rapid, transparent, and compliant response plan in place — ensuring 72-hour notification and full user protection.
Immediate Detection
24/7 monitoring with automated alerts.
- Firebase, Firestore, Vertex AI scanned
- System isolated instantly
- Incident Response Team (IRT) activated
Containment in minutes.
72-Hour Notification
We notify you and regulators within 72 hours.
- In-app alerts
- Email to registered users
- Public notice if large-scale
Compliant with GDPR, HIPAA, DPDP.
Forensic Investigation
Full root cause analysis:
- What data was affected
- How it happened
- How to prevent it
Report filed with authorities.
User Assistance
You receive:
- Clear breach summary
- Action steps (e.g., change password)
- Support via privacy@nebliudigiminds.com
Updates until fully resolved.
Regulatory Cooperation
Full cooperation with:
- Data protection agencies
- Cybersecurity regulators
- Third-party auditors
Transparency is non-negotiable.
Prevention First
Ongoing safeguards:
- TLS 1.3 + AES-256 encryption
- Quarterly pen testing
- Security training
Breaches are rare — but we’re ready.
Our Commitment
In a breach, we act with speed (72 hours), transparency (full disclosure), and accountability (permanent fixes). Your trust is protected — no matter what.
We don’t just respond. We prevent.
Nebliu Digiminds may update this Privacy Policy to reflect new features, technology, or legal requirements. We are committed to transparency — significant changes are proactively notified via in-app alerts and email.
Clear Notification
Updates are posted with a new “Last Updated” date.
- In-app banners & push alerts
- Email to registered users
- Website & app “Privacy” section
Material changes get advance notice.
Your Choice
Continued use = acceptance. But you can:
- Withdraw consent
- Delete account
- Email: privacy@nebliudigiminds.com
Full control under GDPR Art. 7 & DPDP Sec. 6.
Version Control
Reviewed at least annually or after major changes.
- Versioned & archived
- DPO-approved
- Audit-ready history
Compliance never sleeps.
Contact Us
Questions about updates?
- Email: privacy@nebliudigiminds.com
- Office: Bengaluru, India
- Hours: Mon–Fri, 9 AM – 6 PM IST
Response within 5 business days.
Our Commitment
We evolve with transparency, accountability, and user control. Every update is clear, accessible, and respectful of your rights.
Your trust. Our responsibility. Always.
Our Commitment to Responsible AI
The Medicine AI Identifier stands for innovation with responsibility. We believe technology can empower people — but only when built on trust, ethics, and strong privacy safeguards.
Your data. Your consent. Your control — Always.