← Back to CME Wallet

Privacy Policy

Last updated: 16 April 2026

1. Introduction

CME Wallet ("we", "us", "our") operates the website cmewallet.in and related services. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and the IT (Reasonable Security Practices and Procedures) Rules, 2011.

By using CME Wallet, you consent to the collection and use of your data as described in this policy.

2. Data We Collect

Data TypePurposeLegal Basis
Full nameAccount identification, compliance reportsConsent (DPDPA S.6)
Phone numberAuthentication (OTP login), account lookupConsent (DPDPA S.6)
Email addressNotifications, compliance reportsConsent (DPDPA S.6)
Medical registration numberProfessional identificationConsent (DPDPA S.6)
Qualification, specialty, state councilProfile, event matchingConsent (DPDPA S.6)
CME certificates and credit recordsCredit tracking, compliance reportsConsent (DPDPA S.6)
Event interest markersEvent recommendations, remindersConsent (DPDPA S.6)

We do not collect health/patient data, Aadhaar numbers, financial/bank details, or biometric data.

3. How We Use Your Data

  • Track and display your CME credits and certificates
  • Generate compliance reports for state medical council submission
  • Send email notifications (event reminders, renewal alerts, approval/denial updates)
  • Match you with relevant CME events based on specialty and location
  • Maintain automated daily backups for data safety

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Storage and Security

  • Data is stored on Supabase (PostgreSQL) with encryption at rest and in transit (TLS 1.2+)
  • Application hosted on Cloudflare Workers with DDoS protection
  • Authentication via phone OTP (Supabase Auth)
  • Admin access requires separate API key authentication
  • Automated backups run twice daily (6:00 AM and 6:00 PM UTC)
  • No data is stored in browser localStorage — all data is server-side

We implement reasonable security practices as required under Section 43A of the IT Act, 2000 and the IT (Reasonable Security Practices) Rules, 2011.

5. Your Rights (Data Principal Rights under DPDPA)

Under the Digital Personal Data Protection Act, 2023, you have the right to:

  • Access — Request a summary of your personal data we hold
  • Correction — Request correction of inaccurate data via your profile settings
  • Erasure — Request deletion of your account and all associated data
  • Grievance Redressal — Contact our Data Protection Officer for any data concerns
  • Nominate — Nominate another person to exercise your rights in case of death or incapacity

To exercise any of these rights, email us at nalluruj@gmail.com with subject "Data Request — CME Wallet".

6. Data Retention

  • Account data is retained as long as your account is active
  • Upon account deletion, all personal data is erased within 30 days
  • Backup copies are overwritten in the next backup cycle (within 12 hours)
  • Notification logs are retained for 90 days for duplicate prevention

7. Third-Party Services

ServicePurposeData Shared
SupabaseDatabase, authenticationAll account data
CloudflareHosting, CDN, securityRequest metadata
ResendEmail deliveryEmail address, name

8. Cookies and Tracking

CME Wallet does not use tracking cookies, analytics tools, or advertising pixels. Session tokens are stored in browser memory only and cleared on sign-out.

9. Children's Data

CME Wallet is intended for licensed medical professionals (18+ years). We do not knowingly collect data from minors. If we discover data from a person under 18, it will be deleted immediately.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance.

11. Governing Law

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000. Disputes shall be subject to the exclusive jurisdiction of courts in Hyderabad, Telangana.

12. Contact Us

Data Protection Officer: CME Wallet Team

Email: nalluruj@gmail.com

Subject line: "Data Request — CME Wallet"

© 2026 CME Wallet. All rights reserved.