Privacy Policy

Last updated: March 15, 2026

AarogyaPractice ("we", "our", "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, and protect your data when you use our clinic management platform.

1. Information We Collect

Account Information

When you register, we collect your name, email address, phone number, clinic name, and professional details.

Patient Data

Clinic administrators and healthcare providers input patient data including names, contact details, medical records, prescriptions, lab results, and billing information. This data is owned by the clinic and processed by us as a data processor.

Usage Data

We automatically collect information about how you interact with our platform, including login times, features used, browser type, and IP address.

2. How We Use Your Information

• To provide and maintain the AarogyaPractice platform
• To process billing and payments
• To send appointment reminders and notifications (SMS, WhatsApp, Email)
• To improve our services and develop new features
• To provide customer support
• To comply with legal obligations

3. Data Security

We implement industry-standard security measures including:

• Encrypted data transmission (TLS/SSL)
• Encrypted storage for sensitive data
• Role-based access control (RBAC)
• Two-factor authentication (2FA) support
• Regular security audits and penetration testing
• Comprehensive audit logging
• IP-based rate limiting

4. HIPAA Compliance

AarogyaPractice is designed with HIPAA-aligned security controls. We maintain administrative, physical, and technical safeguards to protect Protected Health Information (PHI). Our audit trail tracks all access to patient records.

5. DPDP Act 2023 Compliance

We comply with India's Digital Personal Data Protection (DPDP) Act, 2023. As a Data Fiduciary, we:

• Process personal data only for lawful purposes with consent
• Maintain data accuracy and completeness
• Delete personal data when no longer needed
• Implement reasonable security safeguards
• Honor data principal rights including access, correction, and erasure
• Notify the Data Protection Board in case of data breaches

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Medical records are retained as per applicable Indian medical record retention laws (minimum 3 years). Upon account deletion, we anonymize or delete your data within 30 days, unless legally required to retain it.

7. Data Sharing

We do not sell your personal data. We may share data with:

• Payment processors (Razorpay, Stripe) for transaction processing
• SMS/WhatsApp providers for notifications
• Cloud hosting providers for infrastructure
• Law enforcement when legally required

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Withdraw consent for data processing
• Lodge a complaint with the Data Protection Board of India

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies. You can control cookie settings through your browser.

10. Contact Us

For privacy-related inquiries, contact our Data Protection Officer:

Email: privacy@aarogyapractice.com
Website: aarogyapractice.com