Apex Meridian Private Limited ("we," "us," or "our") operates the website https://www.apexmeridian.xyz (the "Service"). We collect information you voluntarily provide — including your email address, phone number, and clinic details — as well as Usage Data about how the Service is accessed. We collect only what is necessary to provide and improve the Service.
We use collected data to provide and maintain the Service, notify you about changes, offer customer support, and monitor usage patterns. We do not sell your personal data to third parties under any circumstance. Clinic patient records are never used for advertising, marketplace directories, or any commercial purpose beyond delivering the Service.
We recognise that conversations between doctors and patients are among the most sensitive data in existence. CURA is architected so that privileged clinical information — consultations, diagnoses, prescriptions — is accessible only to authorised members of your clinic team. We do not access, review, or process clinical notes for any purpose other than technical delivery of the Service.
Your information may be processed on infrastructure outside your state or country. All data in transit is encrypted using TLS 1.3, and data at rest is protected with AES-256-GCM encryption — the same standard used by global banking systems. Enterprise customers with a Private VPC hold their own encryption key, giving them full control over their data.
We implement commercially reasonable technical and organisational measures to protect your Personal Data. Plus and Enterprise plan customers receive a Private VPC with a dedicated encryption key — single-tenant infrastructure isolated from all other clinics. While no method of Internet transmission is 100% secure, we continuously audit and improve our security posture.
We work with trusted service providers including Supabase (database infrastructure), Razorpay (payment processing), and Meta (WhatsApp Business API). These providers access your data only to perform services on our behalf and are contractually obligated not to disclose or use it for any other purpose.
Your clinic owns your patient data. You may request deletion of your account and associated data at any time by contacting support@apexmeridian.xyz. We comply with India's Digital Personal Data Protection (DPDP) Act 2023. Data deletion requests are processed within 30 days.
We wrote this policy in plain language because we believe transparency earns trust. If you have any questions, contact us at support@apexmeridian.xyz or visit https://www.apexmeridian.xyz. We aim to respond to all privacy inquiries within 48 business hours.