Important: This is an operational summary for transparency and does not constitute legal advice. Clinics should consult legal counsel for their specific compliance program.

1) Data roles in the MyGleeo model

• Clinic/Pediatrician: Typically determines purpose and means of processing for patient follow-up workflows and is responsible for clinical governance.
• MyGleeo: Provides the technology platform and operational safeguards to process data for delivering the configured workflows.

2) Lawful use, notice & consent

• Parents/guardians provide information for a child under the pediatrician’s continuity program.
• Where required, consent/notice flows should be presented in-app or during onboarding (clinic QR/app link/provider code).
• Clinics should ensure appropriate consent is obtained for processing health-related information and communications.

3) Purpose limitation

MyGleeo processes personal data for continuity workflows: structured follow-ups, reminders, uploads (reports/photos), documentation, alerts, and triage escalation as configured by the pediatrician.

4) Data minimization

Workflows can be configured to collect only what is needed for the selected bundle (Comfort/Tender/Nurture) and follow-up objective.

5) Accuracy & correction

Clinics and users can update certain profile data. Corrections to clinical records may be subject to recordkeeping policies and applicable law.

6) Reasonable security safeguards

• Access controls and role-based permissions (where applicable).
• Secure transmission and operational monitoring.
• Auditability/documentation of follow-ups and outcomes (where applicable).
• Vendor management and confidentiality obligations for sub-processors.

7) Retention & deletion

Retention is based on service delivery needs, clinic policies, and legal/medical record obligations. Deletion requests are handled subject to applicable law and clinical recordkeeping requirements.

8) Grievance & support

For privacy/compliance queries, contact: support@mygleeo.com

9) Notes on certifications

DPDPA does not mandate a single “DPDPA certificate.” Compliance is demonstrated through policies, contracts, governance, and reasonable security safeguards. Clinics may additionally adopt recognized security standards (as appropriate) to strengthen assurance.

This page may be updated as India’s implementation rules evolve and as our platform safeguards are enhanced.