PRIVACY POLICY — CLINICSATHI

Effective Date: 21/5/2026
Company: ClinicSathi Private Limited
Contact Email: privacy@clinicsathi.com

1. Introduction

ClinicSathi Private Limited operates the ClinicSathi clinic management platform. We are committed to protecting the privacy and security of all personal data processed through our platform.

This Privacy Policy describes how we collect, use, store, and protect personal data in compliance with The Information Technology Act 2000, SPDI Rules 2011, DPDP Act 2023, and EHR Standards for India 2016.

2. Who We Collect Data From

a) Clinic Users (Doctors and Receptionists): Individuals who register and operate the platform. Data collected includes name, mobile number, password (hashed), clinic details, and specialization.

b) Patients: Individuals registered into the system by a clinic user. Data collected includes name, age, gender, mobile number, chief complaint, vitals, diagnosis, prescribed medicines, and uploaded documents.

3. Legal Basis for Processing

• Consent: Patient data is collected and stored only after explicit consent at registration.
• Legitimate Interest: Clinic operational data is processed to deliver the contracted service.
• Legal Obligation: Certain data may be retained to comply with healthcare regulations.

4. How We Use Personal Data

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. Data is used strictly for authentication, service delivery, EHR maintenance, and system alerts.

5. Data Sharing

We share personal data only with secure cloud infrastructure providers (e.g., Cloudinary for documents) and legal authorities when strictly required by law.

6. Data Security

We implement TLS/HTTPS encryption, bcrypt password hashing, encryption at rest, and strict role-based access control. In the event of a breach, we will notify affected parties within 6 hours of discovery.

7. Data Retention

Patient health records are retained for a minimum of 7 years in accordance with MCI/NMC guidelines. Upon written request, administrators may request deletion of clinic data after account closure.

8. Your Rights

Under the DPDP Act 2023, you have the right to Access, Correct, Erase, and seek Grievance Redressal. Contact privacy@clinicsathi.com to exercise these rights.

9. Children's Data

For patients under 18, we require a parent or guardian to provide consent on the child's behalf at registration.

10. Contact & Grievance Officer

Data Protection / Grievance Officer
ClinicSathi Private Limited
Email: privacy@clinicsathi.com