Privacy Policy

1. Information We Collect

We collect information you provide directly to us, including:

• Account information (email, name, phone number)
• Authentication credentials (password hash, OAuth tokens)
• Profile information (user type, plan, preferences)
• Health records and consultation data you choose to store
• Payment information (processed securely through Razorpay)
• Usage data (login history, IP addresses, device information)

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our healthcare services
• Authenticate your identity and manage your account
• Process payments and send transaction confirmations
• Send you technical notices and security alerts
• Respond to your comments and questions
• Detect and prevent fraud and abuse
• Monitor and analyze trends and usage

3. Data Security

We implement industry-standard security measures to protect your data:

• AES-256 encryption for all stored health data
• TLS 1.3 for all data in transit
• Passwords hashed using bcrypt with 12 rounds
• Session tokens stored in HTTP-only, secure cookies
• All authentication tokens have expiration times
• Payment information processed through secure Razorpay gateway
• Regular security audits and penetration testing

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. You can request deletion of your account and data at any time by contacting us. Audit logs are retained for security purposes for up to 90 days.

5. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and session management
• Security Cookies: Help detect and prevent security threats
• Preference Cookies: Remember your settings and preferences

6. Third-Party Services

We integrate with the following third-party services:

• Razorpay: Payment processing (subject to their privacy policy)
• Twilio: SMS verification (subject to their privacy policy)
• Google/GitHub/Microsoft: OAuth authentication (subject to their privacy policies)
• MinIO: File storage (self-hosted on our infrastructure)

7. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Opt-out of marketing communications
• Lodge a complaint with a supervisory authority

8. Children's Privacy

Our services are not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us: