Privacy Policy

Last updated: January 1, 2024

1. Introduction

SwasthyaAI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare management platform.

We comply with the Digital Personal Data Protection Act (DPDP) 2023, HIPAA guidelines, and other applicable data protection regulations.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly to us, including:

  • Name, email address, phone number, and contact details
  • Healthcare facility information and medical license details
  • Billing and payment information
  • Login credentials and account preferences

2.2 Patient Health Information

As a healthcare platform, we process Protected Health Information (PHI) on behalf of healthcare providers, including:

  • Patient demographics and contact information
  • Medical history, diagnoses, and treatment records
  • Laboratory and diagnostic test results
  • Prescription and medication information
  • Billing and insurance claims data

2.3 Automatically Collected Information

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • Log data and analytics

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and regulatory requirements

4. Data Security

We implement industry-standard security measures including:

  • 256-bit SSL/TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication (MFA)
  • Role-based access control (RBAC)
  • Regular security audits and penetration testing
  • 24/7 security monitoring and incident response
  • Data stored in ISO 27001 certified data centers in India

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We also retain data as necessary to comply with legal obligations (including medical record retention requirements), resolve disputes, and enforce agreements.

6. Your Rights

Under DPDP Act 2023, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure of your data (subject to legal retention requirements)
  • Withdraw consent for data processing
  • Nominate a person to exercise your rights
  • Lodge a complaint with the Data Protection Board

7. Third-Party Services

We may share information with trusted third-party service providers including:

  • Cloud hosting providers (AWS, Google Cloud)
  • Payment processors (Razorpay, Stripe)
  • Communication services (Twilio, WhatsApp Business)
  • Analytics providers (Google Analytics)

All third parties are contractually bound to maintain confidentiality and security of your data.

8. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. You can control cookie preferences through your browser settings.

9. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect personal information from children without parental consent.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us:

  • Email: privacy@swasthyaai.com
  • Phone: 1800-123-4567
  • Address: 123 Healthcare Avenue, Bandra Kurla Complex, Mumbai 400051, India

Data Protection Officer: dpo@swasthyaai.com