Privacy Policy

1. Introduction

Neural Healthcare Solutions Private Limited ("Company", "we", "us", or "our"), a company incorporated under the Companies Act, 2013, with its registered office at Gurgaon, Haryana, 122018, operates the PatX platform ("Platform").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform. This policy is compliant with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

By using our Platform, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our Platform.

2. Information We Collect

2.1. Information from Healthcare Providers

When you register as a Healthcare Provider, we collect:

• Personal Information: Full name, email address, phone number, profile photograph
• Professional Information: Medical degree, specialization, registration number, years of experience, professional bio
• Clinic/Practice Information: Clinic name, address, city, state, pincode
• Business Information: Organization name, GSTIN (if applicable)
• Banking Information: Bank account details for receiving payments (processed securely via Razorpay)

2.2. Information from Patients

When you use our Platform as a Patient, we collect:

• Personal Information: Full name, email address, phone number
• Demographic Information: Date of birth, gender, address (city, state, pincode)
• Health Information: Medical notes and health information shared with Healthcare Providers (classified as Sensitive Personal Data under SPDI Rules)
• Payment Information: Payment method details (processed securely via Razorpay; we do not store full card numbers)

2.3. Information Collected Automatically

When you access our Platform, we may automatically collect:

• Device Information: Device type, operating system, browser type, unique device identifiers
• Usage Information: Pages visited, features used, time spent on Platform, clickstream data
• Log Information: IP address, access times, referring URLs
• Location Information: General geographic location based on IP address

3. Sensitive Personal Data or Information (SPDI)

Under Indian law, certain categories of personal information are classified as Sensitive Personal Data or Information (SPDI). This includes:

• Passwords and authentication credentials
• Financial information such as bank account, payment instrument details
• Physical, physiological, and mental health condition (medical/health information)
• Medical records and history
• Biometric information

We collect SPDI only with your explicit consent and process it in accordance with the SPDI Rules and DPDP Act. You have the right to withdraw consent at any time by contacting us at support@patx.in.

4. Purpose of Data Collection

We use your information for the following purposes:

• Platform Operations: To provide, maintain, and improve our Platform and Services
• Account Management: To create and manage your account, verify your identity
• Service Delivery: To facilitate subscription programs between Healthcare Providers and Patients
• Payment Processing: To process payments and manage billing
• Communications: To send service-related notifications, reminders, and updates via email, SMS, or WhatsApp
• Customer Support: To respond to inquiries and provide assistance
• Analytics: To analyze usage patterns and improve user experience
• Legal Compliance: To comply with applicable laws and regulations
• Security: To detect, prevent, and address fraud, security issues, and technical problems

5. Legal Basis for Processing

Under the DPDP Act, we process your personal data based on:

• Consent: Your explicit consent provided during registration or when using specific features
• Contractual Necessity: Processing necessary to perform our contract with you (Terms of Service)
• Legal Obligation: Processing necessary to comply with applicable Indian laws
• Legitimate Interests: Processing necessary for our legitimate business interests, provided they do not override your fundamental rights

6. Data Sharing and Disclosure

We may share your information with:

6.1. Healthcare Providers and Patients

Patient information is shared with Healthcare Providers as necessary for service delivery. Healthcare Provider profiles are visible to Patients.

6.2. Service Providers

We engage third-party service providers to perform functions on our behalf:

• Razorpay Software Private Limited: Payment processing (PCI-DSS compliant)
• Clerk: Authentication and identity management
• WhatsApp (Meta Platforms): Messaging and notifications
• Resend: Email communications
• PostHog: Analytics services
• Sentry: Error monitoring and debugging
• Cloud hosting providers: Data storage and infrastructure

These service providers are contractually obligated to protect your information and use it only for the purposes specified.

6.3. Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, including to:

• Comply with court orders or legal process
• Respond to lawful requests from public authorities
• Protect the rights, property, or safety of the Company, our users, or others
• Enforce our Terms of Service and other agreements

6.4. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.

7. Data Storage and Security

7.1. Storage Location: Your data is stored on secure servers. We may use cloud service providers with servers located in India and other jurisdictions that provide adequate data protection.

7.2. Security Measures: We implement reasonable security practices and procedures as mandated by the SPDI Rules, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication mechanisms
• Access controls and authorization procedures
• Regular security assessments and audits
• Employee training on data protection
• Incident response procedures

7.3. Payment Security: Payment information is processed by Razorpay, which is PCI-DSS compliant. We do not store complete credit/debit card numbers on our servers.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, and as required by applicable laws:

• Medical/Health Records: Retained for a minimum of 8 years as per Medical Council of India guidelines and applicable healthcare regulations
• Financial/Tax Records: Retained for a minimum of 7 years as per Income Tax Act, 1961, and GST regulations
• Account Information: Retained while your account is active and for a reasonable period thereafter
• Communication Logs: Retained for 3 years for audit and dispute resolution purposes

After the retention period, data is securely deleted or anonymized in accordance with our data retention procedures.

9. Your Rights under Indian Law

Under the DPDP Act and SPDI Rules, you have the following rights:

• Right to Access: Request information about your personal data being processed
• Right to Correction: Request correction or updating of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
• Right to Withdraw Consent: Withdraw your consent for data processing at any time
• Right to Grievance Redressal: Lodge complaints regarding data processing
• Right to Nominate: Nominate another person to exercise your rights in case of your death or incapacity

To exercise these rights, please contact us at support@patx.in. We will respond to your request within 30 days.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Necessary for Platform functionality and authentication
• Analytics Cookies: Help us understand how users interact with our Platform
• Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Platform functionality.

11. Cross-Border Data Transfers

Some of our service providers may be located outside India. When we transfer data internationally, we ensure:

• Transfers comply with applicable Indian data protection laws
• Adequate safeguards are in place to protect your data
• Receiving parties maintain security standards equivalent to or better than those required under Indian law

12. Children's Privacy

Our Platform is intended for users who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal data from a minor without appropriate consent, we will take steps to delete such information.

13. Third-Party Links

Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending you an email notification for significant changes

Your continued use of the Platform after any changes indicates your acceptance of the updated Privacy Policy.

15. Grievance Officer

In accordance with the Information Technology Act, 2000, and the DPDP Act, 2023, we have appointed a Grievance Officer to address any concerns or grievances regarding your personal data:

The Grievance Officer will acknowledge your complaint within 48 hours and resolve it within 30 days from the date of receipt.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: