Privacy Policy

Last updated: 25 May 2026

This policy applies to all patients, visitors, and users of our HMS portal and healcelldisorders.com. By using our services, you agree to the terms described below.

1. Information We Collect

We collect the following categories of information to provide you with safe and effective Ayurvedic care:

• Personal Identifiers: Patient name, age, gender, phone number, and email address.
• Health & Medical Data: Health history, presenting symptoms, diagnosis, prescriptions, and treatment records.
• Payment Details: Transaction amounts and payment status. Online payments are processed exclusively by Razorpay (PCI-DSS compliant). We do not store card numbers, CVV, or bank credentials on our servers.
• Appointment Records: Consultation dates, times, type (in-person / teleconsultation), and appointment IDs.
• Technical Data: Device type, browser version, and IP address, collected only for securing portal access and preventing unauthorized logins.

2. How We Use Your Information

Your data is used solely for the following legitimate clinical and operational purposes:

• Booking, confirming, and managing your appointments.
• Maintaining your Electronic Medical Record (EMR) for continuity of care.
• Processing payments through Razorpay.
• Sending appointment confirmations and reminders via WhatsApp and email (reminder sent 24 hours before your appointment).
• Facilitating insurance pre-authorization requests — only with your explicit written or digital consent.
• Improving our clinical protocols through de-identified, aggregate analysis.

3. Data Storage & Security

• Patient data is stored on a local server at the HEAL clinic premises in Kharghar, Navi Mumbai.
• Electronic records (emr_store.json and appointments.json) are encrypted on the server and access-controlled.
• Payment data is handled exclusively by Razorpay and governed by their PCI-DSS compliance framework.
• Medical records are retained for a minimum of 5 years in accordance with the Central Council of Indian Medicine (CCIM) guidelines.
• We implement access controls, password protection, and regular security audits to prevent unauthorized access.

4. Data Sharing

Your information may be shared only in these specific circumstances:

• Within HEAL Clinic: Shared with your treating Ayurvedic physician for the purpose of your care.
• Insurance TPA: Shared only with your Insurance Third-Party Administrator (TPA) with your prior written or digital consent for pre-authorization purposes.
• Legal Obligation: Disclosed to regulatory or judicial authorities only when required by a valid court order or statutory obligation under Indian law.

5. Your Rights Under the DPDP Act, 2023

As a data principal, you have the following rights under the Digital Personal Data Protection Act, 2023:

• Right to Access: Request a summary of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data, subject to applicable medical record retention laws and regulatory obligations.
• Right to Withdraw Consent: Withdraw consent for non-essential data processing at any time.
• Right to Nominate: Nominate another individual to exercise your rights in the event of your incapacitation or death.
• Right to Grievance Redressal: Lodge a complaint with us or with the Data Protection Board of India.

To exercise any of these rights, contact us at the details in Section 7.

6. Cookies

• Session Cookies: Used only to keep you securely logged into the Patient Portal. These expire when your browser closes.
• No Tracking Cookies: We do not use Google Analytics, Facebook Pixel, or any advertising or cross-site tracking cookies.
• Razorpay Cookies: Razorpay may set cookies during the payment process for fraud prevention. These are governed by Razorpay's own Privacy Policy and are deleted after the transaction.

For full details, see our Cookie Policy.

7. Contact & Grievance Officer