Privacy Policy

We collect information necessary to provide our healthcare platform services. This includes:

Personal Information: Name, email, phone number, date of birth, gender, and address when you create an account.

Health Information: Medical records, prescriptions, lab results, consultation notes, and other clinical data generated through the platform. This constitutes Sensitive Personal Data under DPDPA 2023.

ABHA Information: When you link your ABHA ID, we verify your identity through ABDM APIs and store your ABHA address for record exchange.

Usage Data: Device information, IP address, browser type, pages visited, and interaction patterns to improve our services.

Communication Data: Messages between patients and doctors, support tickets, and feedback.

We collect health information only with explicit consent and for the specific purpose of providing healthcare services.

Payment Information: When you subscribe to a paid plan, your payment is processed by Razorpay. We store transaction IDs, subscription status, billing interval, and coupon usage. We do NOT store card numbers, bank account details, UPI PINs, or CVV codes.

We use your information for the following purposes:

Healthcare Services: To enable consultations, maintain medical records, process prescriptions, send appointment reminders, and facilitate communication between patients and doctors.

AI Features: Voice-to-SOAP note generation, smart patient briefs, drug interaction checking, and task extraction. All AI-processed data requires doctor review before saving.

ABDM Compliance: To share health records with other ABDM-certified providers when you provide explicit consent through the Consent Manager.

Platform Improvement: Anonymized, aggregated data analysis to improve our services, features, and user experience.

Legal Compliance: To comply with applicable laws including DPDPA 2023, IT Act 2000, and ABDM regulations.

We never sell your personal or health data. We do not use your health data for advertising or marketing purposes.

We share your data only in the following circumstances:

With Your Doctor: Your health records are accessible to the healthcare provider you consult with.

ABDM Network: When you grant consent, your records may be shared with other ABDM-certified HIP/HIU participants.

Service Providers: We use trusted third-party services who are contractually bound to protect your data:

• AWS: Cloud hosting and data storage
• Razorpay: Clinic-subscription billing only. We share the clinic admin's name, email, and phone number with Razorpay to process the clinic's subscription charges. We do not process patient consultation fees; those are paid directly to the clinic via the clinic's own payment provider. See Razorpay's privacy policy at razorpay.com/privacy
• SendGrid: Transactional email delivery

Legal Requirements: We may disclose information if required by law, court order, or government request.

De-identified Data: We may share anonymized, aggregated data for research purposes. This data cannot be traced back to you.

We never share your data with advertisers, data brokers, or any party for purposes unrelated to your healthcare.

We implement comprehensive security measures to protect your data:

Encryption: AES-256-GCM encryption for data at rest. TLS 1.3 for data in transit. Field-level encryption for sensitive PII and PHI.

Access Control: Role-based access control (RBAC) with principle of least privilege. Multi-factor authentication for all accounts.

Infrastructure: Hosted on AWS Mumbai (ap-south-1) ensuring data residency in India. VPC isolation, WAF protection, and DDoS mitigation.

Audit Trails: 7-year immutable audit logs recording all data access and modifications.

Tenant Isolation: Each clinic's data is logically isolated with separate encryption keys.

Incident Response: Documented incident response plan with breach notification within 72 hours as required by DPDPA.

We retain your data as follows:

Health Records: Retained for the duration of your account plus 7 years after account closure, as required for medical records in India.

Account Data: Retained while your account is active and for 30 days after deletion request to allow for recovery.

Audit Logs: Retained for 7 years for compliance and forensic purposes.

Communication Data: Retained for 3 years from the date of communication.

Usage Data: Retained for 2 years in identifiable form; indefinitely in anonymized form.

You may request data deletion at any time through your account settings or by contacting our Data Protection Officer. We will process deletion requests within 30 days, subject to legal retention requirements.

As a Data Principal under DPDPA 2023, you have the following rights:

Right to Access: Request a copy of all personal data we hold about you.

Right to Correction: Request correction of inaccurate or incomplete personal data.

Right to Erasure: Request deletion of your personal data. You can initiate erasure in-app via Settings > Account > Delete Account, or by contacting our Data Protection Officer.

• 30-day grace period: Erasure requests are held for 30 days before being executed. During this window you can cancel the request at any time, which lets you recover from an accidental deletion.
• What gets anonymized: Your name, phone, email, ABHA ID, address, emergency contacts, insurance details, and profile photo are scrubbed. Your date of birth is coarsened to the birth year only.
• What is retained (and why): Indian medical-record law requires clinics to retain clinical records for defined periods: Clinical Establishment Act and IMC 2002 §1.3 (3 years adults, up to age 21 for minors), PCPNDT Form F (2 years), Dental Council of India (3 years), Mental Healthcare Act (3 years). The clinical content of your consultations, prescriptions, lab results, and imaging therefore stays linked to the anonymized patient record for as long as the law requires. No identifying information is retained alongside it.

Right to Withdraw Consent: Withdraw consent for data processing at any time. This does not affect the lawfulness of processing before withdrawal.

Right to Grievance Redressal: File a complaint with our Data Protection Officer or the Data Protection Board of India.

Right to Nominate: Nominate another person to exercise your rights in case of your incapacity or death.

Exercising Your Rights

To exercise any of the rights above, email [email protected] with a clear description of your request. We acknowledge requests within 5 business days and fulfill them within 30 days, in line with DPDPA 2023 timelines. Identity verification may be required for sensitive requests (deletion, full export). Use [email protected] instead if you have a complaint about how we handled a prior request.

You may also initiate rights requests through your account settings.

Our platform integrates with the Ayushman Bharat Digital Mission (ABDM) ecosystem:

ABHA Integration: When you link your ABHA ID, we verify your identity and enable interoperable health record sharing.

Consent-Based Sharing: All health record sharing through ABDM requires your explicit consent through the Consent Manager. You can view, grant, or revoke consent at any time.

HIP Role: As a certified Health Information Provider, we share your records (created on our platform) with other ABDM participants only when you consent.

HIU Role: As a Health Information User, we can pull your records from other ABDM providers for your doctor's review, only with your consent.

Data Standards: All health records exchanged through ABDM use FHIR R4 standard, ensuring interoperability and data integrity.

ABHA Data Deletion: You can unlink your ABHA ID at any time. This revokes future ABDM sharing but does not affect records already shared.

Different clinical specialties generate additional categories of sensitive data. When you use specialty workspaces, the following apply in addition to the general protections in Section 4:

Dental: Clinical imaging including intraoral radiographs (bitewings, periapicals, panoramic), intraoral photographs, and odontogram charts. Images and associated clinical records are retained for a minimum of 3 years in line with Dental Council of India (DCI) record-keeping guidance, stored in clinic-scoped encrypted object storage.

Orthopaedics: Diagnostic imaging references (X-ray, MRI, CT reports and uploaded DICOM/PDF files), range-of-motion measurements, and post-operative assessments. Imaging files are stored in clinic-scoped encrypted S3 buckets and are not pooled across clinics.

ENT (Otorhinolaryngology): Audiology results (pure-tone audiograms, speech audiometry), tympanometry traces, and endoscopic still images or video captures from nasal / laryngeal / otoscopic examinations.

Paediatrics: Where the patient ("Data Principal") is under 18 years of age, processing is conducted under DPDPA 2023 §9, which requires verifiable parental or lawful-guardian consent. We do not use children's data for tracking, behavioural monitoring, or targeted advertising. Parents or guardians may exercise all Data Principal rights on the child's behalf.

Obstetrics & Gynaecology (OB-GYN): Pregnancy and obstetric records, antenatal visit data, labour and delivery notes, and fetal ultrasound imagery. In compliance with the Pre-Conception and Pre-Natal Diagnostic Techniques (PCPNDT) Act, 1994, the platform does not surface or export fetal sex information and blocks any workflow that would disclose it. Records related to Medical Termination of Pregnancy (MTP) are handled in line with the MTP Act confidentiality obligations: access is restricted to the treating clinician and the patient, and these records are excluded from routine clinic-wide exports.

Dermatology: Clinical photographs of skin conditions and lesions, including before/after images. Photographs are stored encrypted at rest, scoped to the capturing clinic, and are never used to train AI models unless you provide separate, explicit opt-in consent for research use.

Ophthalmology: Retinal fundus photographs, Optical Coherence Tomography (OCT) scans, slit-lamp images, refraction records, and visual field test results.

Psychiatry & Mental Health: Psychiatric assessments, standardised rating scales (e.g., PHQ-9, GAD-7, HAM-D), therapy notes, and session summaries. In line with the Mental Healthcare Act (MHCA) 2017, mental health records are held to a stricter confidentiality standard than general health data: they are not shared via ABDM without a distinct, per-record consent, are excluded from default clinic-wide search, and require elevated access controls within the treating team.

Beyond specialty-specific categories, the following cross-cutting categories apply wherever you use the relevant features:

Telemedicine (video consultations): When you join a video consultation, we process audio and video streams, screen-shared content, in-call chat messages, and network metadata (IP address, device type, browser/app version, and connection-quality telemetry). Sessions are not recorded by default. If a clinician enables recording, both patient and clinician see an explicit on-screen indicator, and the recording is stored encrypted in clinic-scoped storage and retained per the clinic's configured retention policy (default: 90 days, maximum: 7 years to match medical record retention). You may request deletion of a recording at any time via the Data Protection Officer.

Consultation audio capture and voice-to-SOAP: Where a clinician uses the voice-to-SOAP feature, raw audio is captured from the clinician's microphone during the encounter. A visible microphone-on indicator is shown in the practice portal throughout capture, and the patient is prompted to provide explicit consent before recording begins. Raw audio is transcribed, used to draft SOAP notes for clinician review, and is retained for 30 days to support correction and appeal workflows, after which it is permanently deleted. Only the clinician-approved SOAP note is retained long-term as part of the medical record.

Patient-uploaded files: Documents you upload yourself (lab reports, prior prescriptions, imaging PDFs, referral letters, insurance documents) receive the same protections as clinician-created records: encrypted at rest, scoped to the clinic you share them with, covered by audit logging, and subject to the same retention periods in Section 5.

AI chat and AI-assisted features: Our AI features use large language models provided by Anthropic (Claude). When you interact with an AI feature, the prompt content (which may include de-identified clinical context) is sent to the model provider for inference. Under our contractual terms with the provider, prompts and completions are not used to train their foundation models and are retained by the provider only for the minimum period required for abuse monitoring (currently 30 days) before deletion. Where the provider performs inference outside India, this constitutes a cross-border transfer under DPDPA 2023 §16-§17; by using AI features you consent to this transfer, and you may opt out of AI features at any time from Settings without losing access to core platform functionality.

We send the following transactional communications related to your subscription:

• Payment receipts after each successful charge
• Failed payment alerts when a billing attempt fails
• Trial expiry reminders 5 days before your trial ends
• Grace period warnings during the 7-day read-only period
• Subscription status changes (activation, cancellation, plan changes)

These are transactional communications necessary for the operation of your account and cannot be unsubscribed from while you have an active account. They are not marketing communications.

For privacy-related inquiries, concerns, or to exercise your rights:

Data Protection Officer Email: [email protected]

General Inquiries Email: [email protected] Phone: +91-XXXXXXXXXX

Registered Address Clinvo Health Pvt. Ltd. Mumbai, Maharashtra, India

Grievance Officer As required under IT Act 2000 and DPDPA 2023, our Grievance Officer can be reached at [email protected]. We acknowledge complaints within 24 hours and resolve within 30 days.

This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of courts in Mumbai, Maharashtra.