DATA PRIVACY

Would we
store our
own parents' medical
records here?

That's the standard we hold ourselves to.
When you're uploading your father's
cardiac reports
or your daughter's
vaccination records,
you're trusting us with your family's story.

BUILT FOR TRANSPARENCY AND TRUST
India-only data residencyEnd-to-end encryptionNo ads. No data selling. EverDPDP compliant
BUILT FOR TRANSPARENCY AND TRUSTIndia-only data residencyEnd-to-end encryptionNo ads. No data selling. EverDPDP compliantBUILT FOR TRANSPARENCY AND TRUSTIndia-only data residencyEnd-to-end encryptionNo ads. No data selling. EverDPDP compliant

Your records are handled by software —
not viewed by people

Your documents are processed by software and AI systems so they can be organised and searchable. No one at Maatra can casually browse your medical records.

If you explicitly ask for help on a specific item, you may grant temporary access. That access is logged and removed once resolved.

If you send documents through email or WhatsApp, they pass through those platforms before reaching us. Once received, they are encrypted and moved into secure storage. They are never handled by humans. All temporary processing copies are discarded.

We don't sell or advertise on your data

Maatra is subscription-funded. This means we work for you, not for advertisers

We do not sell your data. We do not share it with advertisers, insurance companies, or hospitals. We do not run ads. Your health information is not a marketing asset.

We only share data with carefully selected service providers (like Google and AWS) who help us operate the platform. They act strictly on our instructions and are bound by contractual confidentiality and data protection obligations.

Encrypted and secured by default

Your information is encrypted when it travels and when it is stored. We use established, industry-standard security practices to protect your data. Access to our systems is restricted and monitored.

All data is stored within India.

Our infrastructure runs on AWS with private subnets, VPC peering, and no public access to application servers. MongoDB Atlas provides encrypted-at-rest storage with AWS KMS-managed keys. All traffic is HTTPS-enforced through CloudFront with WAF protection. We conduct biannual penetration testing by certified third-party security firms.

AI is used with clear boundaries

AI helps understand and organise your documents. It reads prescriptions, identifies report types, and creates searchable records from scanned pages.

Your information is not used to train third-party AI models. External processing services, where used, act only to perform specific tasks on our behalf under strict confidentiality safeguards.

You control who sees what

You decide who in your family can see each profile. You can share access with specific family members and revoke it at any time.

If you delete your account, your health records are removed from our systems. We retain only limited account and consent logs as required by Indian law for compliance and legal obligations.

Independent verification

We work with experts to get this right

Maatra's privacy and security architecture is reviewed by independent specialists — not just our own team.

Privacy Law
Technology focused law and policy firm
renowned for expertise in data privacy
and cybersecurity.
ikigailaw.com →
Cybersecurity
A multi-award-winning global cybersecurity firm that conducts independent security assessments and validates platform resilience.
accorian.com →

Trust is not a
feature for us —
it is the foundation

We are building Maatra for the long term. This is how your family's health story stays organised, accessible, and completely private.

If you have questions, you can always reach us directly.

support@maatra.health →