Part I – General provisions
1. Preamble and acceptance
These Terms of Service form a legally binding agreement between Quantumed Global Private Limited, operating as “Medlio”, and each user of the Medlio Platform, including practitioners and patients.[file:3]
The Terms govern access to the Medlio website, mobile applications, ambient clinical intelligence tools, practice management system, and ABDM integrations, and acceptance occurs when the user creates an account or activates ambient listening features.[file:3]
2. Definitions and interpretation
The document defines key concepts such as Ambient Listening, ABHA, AI Output, Clinical Data, Data Fiduciary, Data Principal, PRMS, and Sensitive Personal Data or Information, aligning with DPDP Act and Indian IT Act terminology.[file:3]
3. Eligibility and account registration
Users must be at least 18 years old, with minors only onboarded via a parent or legal guardian, and healthcare providers must hold valid registration with the National Medical Commission or relevant State Medical Council.[file:3]
Users are responsible for maintaining credential confidentiality and promptly reporting unauthorized access, with Medlio disclaiming losses resulting from failure to secure account details.[file:3]
Part II – Service-specific terms
4. Module A – Ambient Clinical Documentation (Voice AI)
Medlio provides an AI-powered assistant that listens to doctor–patient interactions and generates structured clinical notes, with AI outputs treated as drafting aids that require practitioner review and verification before being included in official records.[file:3]
Liability for medical errors arising from unverified AI outputs is expressly disclaimed, and practitioners must obtain necessary consent to record audio from all participants before using the module.[file:3]
5. Module B – Practice Management System (PRMS) & ABHA
The PRMS module supports appointment scheduling, billing, inventory, and patient communication, and must be used in line with tax and medical record-keeping requirements.[file:3]
As an ABDM-compliant Health Information Provider and Locker, Medlio facilitates ABHA-based data fetching and sharing subject to consent artifacts managed via the official ABDM Consent Manager and NHA policies.[file:3]
6. Module C – Telemedicine and patient communication
Telemedicine features extend Medlio’s documentation and communication capabilities to virtual consultations, which must comply with relevant telemedicine ethics and regulations applicable to practitioners.[file:3]
Part III – User obligations and conduct
7. Practitioner responsibilities – Data Fiduciary
Practitioners act as Data Fiduciaries under the DPDP Act for their patients’ data, and must obtain valid consent, maintain transparency about AI usage, ensure accuracy of records, and follow professional ethics under NMC regulations.[file:3]
8. Patient responsibilities – Data Principal
Patients agree to provide accurate health information, respect Medlio intellectual property, and use consent tools to manage their data processing preferences.[file:3]
9. Acceptable Use Policy (AUP)
The AUP prohibits unlawful use, unauthorized recording, attempts to bypass security, and misuse of the platform to generate fraudulent insurance claims or medical certificates.[file:3]
Part IV – Consent framework (DPDP Act compliance)
10. Ambient Listening consent protocol
Patients are informed that consultations may be assisted by Medlio’s ambient AI, with audio recording, processing, and transcription used to generate medical records and prescriptions in accordance with the Privacy Policy.[file:3]
Explicit consent covers voice recording, AI processing, and transcript storage, and clarifies that voice data is treated as biometric data used solely for clinical documentation rather than biometric surveillance or tracking.[file:3]
11. ABHA data sharing consent
Users linking their ABHA ID consent to demographic data sharing with the National Health Authority and authorize Medlio to act as a Health Information User and Provider subject to consent artifacts.[file:3]
12. Withdrawal of consent
Patients can withdraw consent for ambient listening or data processing at any time by notifying the practitioner or contacting the Grievance Officer, after which Medlio stops processing and deletes raw audio while retaining finalized transcripts where legally required.[file:3]
Part V – Financial terms
Subscription fees for practitioner plans are billed in advance, may be updated with 30 days’ notice, and are generally non-refundable except for limited service failure scenarios where credits or refunds may be offered at Medlio’s discretion.[file:3]
All fees are exclusive of GST and other applicable levies, and cancellation takes effect at the end of the current billing cycle without pro-rata refunds for partial periods.[file:3]
Part VI – Data protection, security, and intellectual property
Medlio maintains ISO/IEC 27001:2022-aligned controls, uses AES-256 encryption for clinical data and voice recordings at rest, and TLS 1.3 for data in transit, with data localization in secure Indian cloud infrastructure.[file:3]
Medlio retains ownership of the platform, AI models, and source code, while patients and practitioners own clinical records, and grant Medlio a license to use anonymized and de-identified data for training, research, and analytics.[file:3]
Part VII – Legal disclaimers and liability
Medlio clarifies that it is a technology provider and does not offer medical advice or form a doctor–patient relationship, and limits aggregate liability to the lesser of INR 1,000 or fees paid in the prior one-month period.[file:3]
Exclusions cover unverified clinical documentation, force majeure events, and breaches resulting from users not securing their credentials, while practitioners agree to indemnify Medlio for violations of Terms, consent failures, and professional negligence.[file:3]
Part VIII – Dispute resolution
The Terms are governed by Indian law with exclusive jurisdiction for courts in Mumbai, and disputes are subject to arbitration before a sole arbitrator appointed by Quantumed Global Pvt. Ltd., conducted in English in Mumbai.[file:3]
A grievance redressal mechanism is provided, including contact details for a designated Grievance Officer and response timelines for complaints.[file:3]
Annexure A – Service Level Agreement (SLA)
Medlio targets 99.5% monthly platform uptime excluding scheduled maintenance, commits to rapid response for critical incidents, and notifies users at least 48 hours before planned maintenance windows.[file:3]
Annexure B – Data Processing Agreement (DPA)
The DPA identifies the healthcare provider or clinic as Data Controller or Fiduciary and Medlio as Data Processor, sets processing-on-instruction requirements, mandates confidentiality, authorizes vetted subprocessors, and requires prompt breach notification within defined timeframes.[file:3]