Privacy Policy

1. Introduction

("we," "our," or "us") operates the platform ("Platform"). We are committed to protecting your privacy and ensuring the security of your personal and medical information.

This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our Platform. By using our services, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

When you register on our Platform, we collect:

• Full name
• Email address
• Mobile number
• Date of birth
• Gender
• Password (encrypted)
• User role (patient or doctor)

2.2 Medical Information (For Patients)

• Medical history and conditions
• Symptoms and complaints
• Prescription information
• Consultation records
• Health-related queries

2.3 Professional Information (For Doctors)

• Medical registration number
• Medical qualifications and certifications
• Specialization
• Availability status
• Razorpay fund account information (the Platform collects the doctor's bank account details to create and manage the fund account; information is securely stored with Razorpay, not on our servers)

2.4 Payment Information

• Payment transaction details
• Payment method information (processed by Razorpay)
• Transaction history
• Note: We do NOT store credit card, debit card, or bank account details on our servers. All payment processing is handled securely by Razorpay

2.5 Technical and Usage Information

• IP address
• Device information (type, model, operating system)
• Browser type and version
• Usage patterns and interactions with the Platform
• Log data and analytics
• Cookies and similar tracking technologies

2.6 Video Consultation Data

• Video and audio recordings (if enabled and with consent)
• Consultation duration and timestamps
• Technical quality metrics
• Note: Video calls are conducted through Jitsi, which has its own privacy policy

3. How We Use Your Information

3.1 Primary Uses

• To create and manage user accounts
• To facilitate consultations between patients and doctors
• To process payments and maintain transaction records
• To verify doctor credentials and qualifications
• To communicate with users about their consultations and account
• To provide customer support

3.2 Platform Improvement

• To improve and optimize Platform functionality
• To analyze usage patterns and trends
• To develop new features and services
• To ensure technical stability and security

3.3 Legal and Safety

• To comply with legal obligations and regulations
• To prevent fraud and abuse
• To resolve disputes and enforce our Terms and Conditions
• To protect the rights, property, and safety of users

3.4 Communication

• To send important notifications about consultations
• To provide updates about Platform changes
• To send promotional communications (with your consent)
• To respond to inquiries and support requests

4. How We Share Your Information

4.1 With Consulting Doctors

Patient medical information is shared with doctors who accept consultation requests to enable proper diagnosis and treatment.

4.2 With Service Providers

We share information with trusted third-party service providers:

• Razorpay: For payment processing and doctor fund accounts
• Jitsi: For video consultation services
• Cloud storage providers: For secure data storage
• Analytics providers: For Platform performance monitoring
• Email service providers: For sending notifications

4.3 Legal Requirements

We may disclose information when required by law:

• To comply with legal processes (court orders, subpoenas)
• To respond to government requests
• To protect against legal liability
• To investigate potential violations of our Terms

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your information:

• End-to-end encryption for sensitive data
• Secure Socket Layer (SSL/TLS) technology for data transmission
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Secure cloud storage with encryption at rest
• Regular data backups

5.2 Payment Security

• All payment processing is handled by Razorpay, which is PCI DSS compliant
• We do NOT store sensitive payment information on our servers
• Doctor bank account details are stored securely with Razorpay's fund account system

5.3 User Responsibility

• Keep your password secure and confidential
• Do not share your account credentials with others
• Log out after using shared devices
• Report any suspicious activity immediately

6. Data Retention

6.1 Retention Periods

• Account Information: Retained while your account is active to provide services, and for 3 years after account closure or prolonged inactivity for legal and compliance purposes. This includes personal details, login credentials, and account settings.
• Medical Records: Retained for 3 years from the date of consultation, in accordance with Indian medical record-keeping guidelines
• Consultation Recordings: Deleted after 6 months unless required for dispute resolution or quality purposes
• Transaction Records: Retained for 8 years as per Indian financial and tax regulations
• Log Data: Retained for 6 months for security and analytics purposes

6.2 Data Deletion

You may request deletion of your data by contacting us. However, some information may need to be retained for legal, regulatory, or legitimate business purposes.

7. Your Privacy Rights

7.1 Access and Correction

You have the right to:

• Access your personal and medical information
• Correct inaccurate or incomplete information
• Update your account details at any time
• Download your data in a portable format

7.2 Withdrawal of Consent

• You can withdraw consent for marketing communications at any time
• Our Platform does not use non-essential cookies for tracking or marketing purposes.
• Essential data processing and cookies required for the Platform to function cannot be opted out, as disabling them may prevent you from using certain features of the Platform.

7.3 Account Deletion

You can request account deletion by contacting our support team. Some information may be retained as described in Section 6.

7.4 Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for Platform functionality, including user authentication, session management, and form submissions. These cookies cannot be disabled without affecting your ability to use the Platform.
• Performance, Functional, Analytics Cookies: The Platform does not use any non-essential cookies for performance tracking, preference storage, or analytics.

8.2 Managing Cookies

You can manage or block cookies through your browser settings. However, the Platform only uses essential cookies required for basic functionality, such as authentication and session management. Disabling these cookies may affect your ability to use certain features of the Platform. The Platform does not use any non-essential cookies for tracking, analytics, or marketing.

9. Children's Privacy

Our Platform is not intended for users under the age of 18 without parental or guardian consent. We do not knowingly collect personal information from children without proper consent.

If we become aware that we have collected information from a child without verification of parental consent, we will delete that information immediately.

10. Third-Party Links and Services

Our Platform may contain links to third-party websites or services (Razorpay, Jitsi, etc.). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10.1 Razorpay

Payment processing is handled by Razorpay. Their privacy policy governs how they collect, use, and protect payment information.

10.2 Jitsi

Video consultations are conducted through Jitsi. Their privacy policy and terms govern the video calling service.

10.3 Disclaimer and User Responsibility

Inclusion of any link on the Website does not imply that TapNcure endorses the linked site. Users may access these links and services at their own risk.

TapNcure assumes no responsibility and shall not be liable for any damages to, or viruses that may infect, User's equipment as a result of accessing, using, or browsing the Website, or downloading any material, data, text, images, video content, or audio content from the Website. If a User is dissatisfied with the Website, the sole remedy is to discontinue using the Website.

If TapNcure determines that you have provided fraudulent, inaccurate, or incomplete information, including through feedback, TapNcure reserves the right to immediately suspend your access to the Website or any of your accounts. TapNcure may make such declaration on the Website alongside your name or your clinic's name for the protection of its business and the interests of Users. You shall be liable to indemnify TapNcure for any losses incurred as a result of your misrepresentations or fraudulent feedback that adversely affects TapNcure or its Users.

Users are expected to read and understand this Privacy Policy to ensure they are aware of, among other things:

• The fact that certain information is being collected;
• The purpose for which the information is being collected;
• The intended recipients of the information;
• The nature of collection and retention of the information;
• The various rights available to Users in respect of such information.

11. Data Transfers

Your information may be stored and processed in servers located in India or other countries. We ensure that any international data transfers comply with applicable data protection laws and implement appropriate safeguards.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

• We will notify users of significant changes via email or Platform notification
• The "Last Updated" date at the top of this policy indicates when it was last revised
• Continued use of the Platform after changes constitutes acceptance of the updated policy

13. Grievance Redressal

In accordance with the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address privacy concerns.

14. Compliance with Indian Laws

This Privacy Policy complies with:

• Information Technology Act, 2000
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Digital Personal Data Protection Act, 2023
• Telemedicine Practice Guidelines issued by the Medical Council of India
• Other applicable healthcare and data protection regulations

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: