PRIVACY POLICY — DIALDOCTOR

Last Updated: 06-06-2026 | Effective Date: 06-06-2026

Introduction

DialDoctor HealthTech, a partnership firm operating from Akola, Maharashtra, is committed to protecting the privacy, confidentiality, and security of your personal and medical information. This Privacy Policy outlines how we collect, store, handle, transfer, and protect the personal data and sensitive personal data of our users — including patients, guardians, and Registered Medical Practitioners.

This document is published in accordance with Section 43A of the Information Technology Act, 2000, and Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

By creating an account, accessing DialDoctor.in or our mobile applications, or booking an appointment, you explicitly consent to the collection, use, and sharing of your information as detailed in this Policy.

1. DATA WE COLLECT

We collect two categories of information: Personal Information (PI) and Sensitive Personal Data or Information (SPDI).

A. Information You Provide

For Patients & Guardians:

  • Full name, age, gender, date of birth
  • Active mobile number, email address, physical address
  • Relationship to minor (if booking for a dependent)
  • Scheduled appointment details
  • Self-reported reason for seeking medical visit
  • Diagnostic medical history or reports voluntarily uploaded

For Registered Medical Practitioners (RMPs) & Clinics:

  • Full name and professional registration numbers (NMC or State Medical Councils)
  • Academic qualifications and medical specializations
  • Clinic address and consultation fee structure
  • Digital signature tokens (where applicable)
  • Real-time appointment availability

B. Automatically Collected Technical Data

  • IP address, device OS, hardware model, unique device identifiers
  • Browser configurations, referring URLs, navigation paths, timestamps, crash logs

2. LAWFUL BASIS FOR PROCESSING

We process your data under three legally recognized grounds:

  1. Explicit Consent — You provide clear, revocable permission to match you with an RMP.
  2. Contractual Necessity — Processing is required to verify identity, handle booking requests, and send appointment confirmations.
  3. Legal Obligation — Retention of statutory transaction logs, tax invoices, and verification checks as required by healthcare authorities.

3. HOW WE USE YOUR INFORMATION

  • Facilitating Care Discovery: Sharing necessary patient data with your selected RMP so they can prepare for your consultation.
  • Authentication & Integrity: Using OTPs and contact tokens to prevent identity fraud and platform abuse.
  • Service Optimization: Running diagnostic analytics to reduce search and booking latency.
  • Transactional Updates: Sending booking receipts, status alerts, and rescheduling notices via SMS, WhatsApp, email, or push notifications.

4. MEDICAL & HEALTH DATA

  • DialDoctor acts purely as a technology intermediary. We do not author, analyze, or modify clinical records or diagnoses exchanged between you and your RMP.
  • Medical summaries or symptoms you document are encrypted in transit and accessible only to your chosen RMP.
  • We advise users not to upload unrelated or unnecessary sensitive medical records into unprompted text fields on the Platform.

5. DATA SHARING & THIRD-PARTY DISCLOSURES

DialDoctor does not sell, trade, rent, or lease your personal or medical data to third-party brokers, advertisers, or pharmaceutical marketing networks.

We share data only with:

  • Your Designated RMP: Name, age, gender, contact number, and stated reason for visit.
  • Infrastructure Partners: Secure cloud providers (e.g., AWS India), SMS/WhatsApp gateways, and RBI-authorized payment processors — all under independent NDAs.
  • Law Enforcement: Only when served an official statutory mandate under Section 69 of the IT Act or applicable Indian criminal procedures.

6. COOKIES & ANALYTICS

  • Google Analytics 4 / Mixpanel: Aggregates anonymized user movement data to improve platform speed and search layout.
  • Microsoft Clarity: Identifies UI bugs and dead links via anonymized click-stream maps.
  • You can configure your browser to reject cookies; however, this may disable session persistence and require OTP re-authentication on every page transition.

7. DATA RETENTION

  • Active Retention: Your account data is maintained as long as your account remains active.
  • Statutory Archival: Appointment histories, cancellation files, and payment receipts are retained for the mandatory period under the Consumer Protection (E-Commerce) Rules, 2020 and Indian tax legislation.
  • Anonymization: After the mandatory retention window, data is either purged or permanently stripped of all identifiers for historical analytics only.

8. SECURITY STANDARDS

In compliance with Rule 5 of the SPDI Rules, DialDoctor implements Reasonable Security Practices and Procedures:

  • Encryption: All communication channels and API integrations run over HTTPS with Transport Layer Security (TLS).
  • Access Control: Role-based access restricts data view permissions. The engineering team cannot view individual user medical logs without explicit bypass authorization.
  • Inherent Risk Disclaimer: No electronic transmission over the internet can be guaranteed as 100% secure. By using our platform, you acknowledge these inherent digital risks.

9. YOUR RIGHTS

Under Indian data regulations, you have the following rights:

  • Right to Access: Request a summary of the personal and medical data we hold about you.
  • Right to Rectification: Update or correct inaccurate data via your account dashboard.
  • Right to Erasure: Withdraw consent and request account deletion. Non-statutory data will be wiped within standard operational windows, except where retention is legally mandated.

10. PROTECTION OF MINORS

DialDoctor does not knowingly collect or process data from individuals under the age of 18 without explicit guardian involvement. Parents or legal guardians must register their own account, create and manage the minor's profile, and retain legal responsibility over all data submission and consent.

11. POLICY AMENDMENTS

DialDoctor reserves the right to modify this Policy at any time to reflect changes in our product or updates to Indian data privacy regulations. The "Last Updated" date at the top of this page will be revised accordingly. We recommend reviewing this document periodically.


Contact & Grievance

For privacy-related concerns, data access requests, or grievance redressal, contact our Data Protection Officer.

📧 privacy@dialdoctor.in

🌐 DialDoctor.in

📍 Akola, Maharashtra, India

Governed under the Information Technology Act, 2000 and the SPDI Rules, 2011.

© 2026 DialDoctor HealthTech. All rights reserved.