Privacy Policy

1. Scope

This policy applies to personal data collected through our website, mobile applications, telemedicine services and other services we operate under the SaathiMed brand. It covers both general personal data and health/medical information where applicable.

2. Data we collect

We collect information needed to deliver healthcare services safely and to operate our platform.

• Identity & contact: name, email, phone number, postal address, emergency contact.
• Account & credentials: username, hashed password, profile settings.
• Health & medical data: medical history, prescriptions, lab reports, symptoms, clinical notes, images or other health-related information you or your healthcare provider share.
• Payment & billing: billing address, payment instrument metadata (we do not store full card numbers — processed by our payment processor).
• Usage & device: device identifiers, IP address, browser/OS, logs, analytics data, crash reports.
• Communications: messages, call logs, appointment notes created within our system.
• Derived information: anonymized or aggregated statistics and care-related inferences.

We avoid collecting unnecessary sensitive data. When we do collect special categories (e.g., health data), we will do so only with explicit consent or another lawful basis described below.

3. Legal bases for processing

Where required by applicable law, we rely on one or more lawful bases to process personal data:

• Performance of a contract: to provide medical consultations, bookings, prescriptions and related services.
• Consent: for optional features such as marketing communications or certain analytics.
• Legal obligation: to comply with healthcare, tax, court, or regulatory requirements.
• Vital interests: to protect life or safety in emergency medical situations.
• Legitimate interests: for fraud prevention, platform improvement and secure operations, balanced against individual rights.

4. How we use personal data

We use personal data for purposes including:

• Providing and managing healthcare services, consultations, prescriptions and clinical records.
• Scheduling and delivering telemedicine appointments and reminders.
• Processing payments, invoicing and insurance claims.
• Customer support and communications about your care or account.
• Improving, testing and securing our products and services (analytics, quality assurance).
• Legal compliance, investigations, and responding to lawful requests from authorities.
• De-identifying and aggregating data for research or product development when permitted.

5. Sharing & third parties

We may share personal data with:

• Healthcare providers: doctors, clinics and labs needed to deliver care.
• Service providers: payment processors, hosting and analytics vendors, teleconferencing providers, identity verification providers who act as processors under contract.
• Business transfers: in connection with mergers, acquisitions or sales — with contractual safeguards and notice to users where required.
• Legal & safety: law enforcement, regulators or courts when required by law or to protect safety and legal rights.

We require third parties to implement appropriate technical and organizational safeguards and limit their use of personal data to specified purposes.

6. International transfers

If personal data is transferred outside your country (for example to cloud providers or our partners), we implement legally recognized safeguards such as standard contractual clauses, binding corporate rules or transfers to jurisdictions with adequate protections.

7. Data retention

We retain personal data only as long as necessary for the purposes described (e.g., to provide care, comply with legal retention periods, resolve disputes). Criteria for retention include: nature of the data, regulatory requirements, and whether you have requested deletion.

8. Security

We employ administrative, technical and physical safeguards such as:

• Encryption in transit (TLS) and at rest where applicable.
• Access controls, role-based permissions and multi-factor authentication for staff.
• Audit logging, monitoring and incident response processes.
• Regular security assessments and third-party audits / penetration testing where appropriate.

However, no system is completely secure — if a breach occurs, we will follow applicable notification laws and inform affected individuals as required.

9. Your rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Portability: request a machine-readable copy of data you provided.
• Erasure: request deletion of your data where we are not required to retain it by law.
• Restriction: request limitation of processing in certain situations.
• Object: object to processing based on legitimate interests or direct marketing.
• Withdraw consent: where processing is based on your consent, you can withdraw it (this will not affect processing prior to withdrawal).

To exercise rights, contact us at the details below. We may ask for identity verification and will respond within legal timeframes.

10. Children's privacy

Our services are not directed to children under 16 (or local equivalent). We do not knowingly collect data from children without parental consent. If you believe we have unintentionally collected data from a child, contact us to request deletion.

11. Cookies & tracking

We use cookies and similar technologies for essential functionality, analytics and preferences. You can manage cookie preferences through your browser or our cookie settings where provided.

Third-party analytics providers may set their own cookies — see their privacy policies for details.

12. Links to other sites

Our services may contain links to third-party sites. We are not responsible for their privacy practices — review their policies before sharing personal information.

13. Changes to this policy

We may update this policy from time to time. When changes are material, we will provide prominent notice (email, in-app or on the site) and update the "Last updated" date above.

14. Contact & data protection officer

If you have questions, want to exercise your rights, or wish to report a privacy concern, contact:

If you remain unsatisfied after contacting us, you may lodge a complaint with your local data protection authority.

15. How to request deletion or data export

To request deletion or a copy of your data: email privacy@saathimed.example with subject line "Data Subject Request" and include:

• Your full name and registered email/phone
• Clear request (e.g., "Please delete my account" or "Please provide my data export")
• Proof of identity (we may request this to protect your data)

We will respond in accordance with applicable law and may retain limited records to meet legal obligations.