LEGAL

Privacy Policy

Last updated: January 1, 2025  ยท  Effective immediately

Summary: CHIKITSHA Online respects your privacy. We collect only what's necessary to provide our services, protect it with industry-standard security, and never sell your personal data to third parties. Read on for details.

01 Information We Collect

We collect information you provide directly and data generated by your use of the platform:

  • Identity Data: Name, date of birth, gender, profile photo.
  • Contact Data: Mobile number, email address, home address.
  • Health Data: Medical history, prescriptions, lab reports, symptoms disclosed during consultations.
  • Transaction Data: Payment method details (tokenised), booking history, invoices.
  • Technical Data: Device ID, IP address, app version, crash logs, usage patterns.
  • Location Data: City/pincode for home collection and doctor matching. Precise GPS only with your permission.

02 How We Use Your Data

Your data is used solely to deliver and improve our healthcare services:

Provide teleconsultations and lab bookings
Match you with the right doctors
Process payments and generate invoices
Send appointment and medication reminders
Improve app performance and features
Comply with legal and regulatory obligations

03 Sharing of Information

We do not sell your personal data. We share data only in these circumstances:

  • With Doctors/Labs: Health information shared with the healthcare provider you specifically book.
  • With Payment Processors: Tokenised payment data with RBI-compliant payment gateways only.
  • With Service Providers: Cloud hosting, analytics, SMS providers under strict data processing agreements.
  • Legal Requirements: If required by law, court order, or government authority.

04 Data Security

We implement multiple layers of security to protect your data:

  • 256-bit AES encryption for stored health records
  • TLS 1.3 encryption for all data in transit
  • Two-factor authentication (2FA) for account access
  • Regular security audits and penetration testing
  • Role-based access controls within our team

05 Cookies & Tracking

We use essential cookies to keep you logged in and session-management cookies to improve performance. We also use anonymous analytics cookies to understand usage patterns. You can disable non-essential cookies via your browser settings. The app uses device identifiers for push notifications, which can be disabled in device settings.

06 Data Retention

We retain your personal data for as long as your account is active. Health records are stored for a minimum of 7 years as required by Indian medical regulations (MCI guidelines). You may request deletion of non-medical personal data at any time. Transaction records are retained for 8 years for GST compliance.

07 Your Rights

Under applicable Indian data protection laws, you have the right to:

Access your personal data
Correct inaccurate data
Request data deletion
Withdraw consent
Data portability
Lodge a complaint

To exercise any right, email us at privacy@chikitsha.com. We respond within 30 days.

08 Children's Privacy

Our platform is not directed at children under 13. We do not knowingly collect personal data from children under 13 without verified parental consent. If you believe your child's data was collected without consent, contact us immediately for deletion.

09 Policy Changes

We may update this policy from time to time. Material changes will be communicated via email and an in-app notification at least 30 days before they take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

10 Contact Us

For privacy-related queries, contact our Data Protection Officer:

CHIKITSHA Online โ€“ Data Protection Officer

privacy@chikitsha.com

Salt Lake, Kolkata, West Bengal โ€“ 700064