PRIVACY POLICY

“MERAAPNADOCC.IN” ("we," "us," or "our") operates the “MERAAPNADOCC” mobile application. We are committed to protecting the privacy and security of your "Sensitive Personal Data or Information" (SPDI) as defined under the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

This policy describes how we collect, use, store, and protect information when Patients and Medical Practitioners ("Doctors") use our Platform.

2.1. Patient Data

• Registration Information: Name, age, sex, and phone number.
• Medical Records: Health history, clinical complaints, and uploaded diagnostic files including but not limited to X-rays, lab reports, and photographs.
• Communication Data: Chat logs and records of interactions with Doctors conducted through the App.

2.2. Doctor Data

• Professional Credentials: Name, Medical Registration Number (NMC/State Council), specialization, and clinic/hospital affiliation.
• Financial Information: UPI IDs and QR codes provided by the Doctor to facilitate direct peer-to-peer payments from Patients.
• Subscription Data: Record of onboarding fees and subscription plan payments made to the Company.

2.3. Automatically Collected Data

• Technical Logs: IP address, device type, operating system, and unique device identifiers.
• Usage Statistics: Information on how the App is accessed and used, including timestamps of consultations.

We process your information solely for the following purposes:

• Consultation Facilitation: To enable communication and file sharing between a Patient and their chosen Doctor.
• Prescription Management: To allow Doctors to generate and transmit digital prescriptions.
• Administrative Oversight: To manage Doctor subscriptions, payment verification, and account status.
• Service Improvement: To diagnose technical issues and optimize the user interface.

4.1. Encryption and Security

All Sensitive Personal Data is encrypted during transit and at rest using industry-standard protocols. We implement reasonable security practices to protect against unauthorized access, alteration, or disclosure.

4.2. The "Close and Delete" Architecture (STRICT POLICY)

Our Platform is designed with a privacy-first architecture regarding medical records:

• Session-Based Storage: Uploaded medical files (X-rays, reports) are stored temporarily for the duration of the active consultation.
• Doctor-Initiated Purge: Upon selecting the "Consult Complete (Yes/Close and Delete)" option, the Platform immediately archives the data for the current month. This data is then emailed to the individual doctor between the 3rd and 10th of the next month after which it will permanently delete the associated patient images, complaints, and diagnostic files from the servers.
• Irreversibility: Once the Doctor triggers this deletion, the data is unrecoverable. We do not maintain a "trash" or "recovery" folder for medical files once a session is closed.

4.3. Admin Panel Data Handling

The Company Admin Panel retains access to registration details and subscription statuses for audit and support purposes. However, the Admin Panel does not archive clinical medical files once they have been deleted by the Doctor at the end of a session.

We retain collected data only for as long as necessary to provide the Service, for legitimate business purposes, and to comply with legal obligations.

5.1. Doctor Data Retention

• Doctors have the option to voluntarily "Log Out" or use the "Delete My Account" feature.
• The Admin Panel also reserves the right to delete a Doctor's account.

5.2. Patient Data Retention and Deletion

• Registration Data: Patient registration data (Name, Age, Sex, WhatsApp Phone Number) is retained to maintain the account and recognition status.
• Consultation-Specific Data:
  • If a consultation is marked by the Doctor as "Consult Complete (Yes/Close and Delete)," all associated Consultation Data (complaints, uploaded files, and the prescription) is archived till the end of the month and email after which it is permanently deleted.
  • If a consultation is left "Open (On)," the associated data remains active on the Doctor's and the patient's dashboard and is retained until further action.
• Patient Account Deletion: Patients do not have a self-service option for account deletion on the Patient Panel. Deletion requests must be submitted to the Admin via the email: admin@meraapnadocc.in.

• No Sale of Data: We never sell, rent, or trade your personal or medical information to third-party marketers or data aggregators.
• Peer-to-Peer Sharing: Patient data is shared exclusively with the specific Doctor selected by the Patient.
• Legal Compliance: We may disclose information only if required by a court order or to comply with a legal obligation under Indian law.

7.1. Access and Correction

Users have the right to access their registration information and request corrections to any inaccuracies.

7.2. Data Withdrawal

Patients may withdraw their consent for data processing at any time by deleting their account. However, withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.

7.3. Grievance Officer

In accordance with the Information Technology Act, 2000, if you have any questions or complaints regarding this Privacy Policy, please contact our Grievance Officer:

By registering for an account or using the "Upload" features of the App, you provide your explicit and informed consent to the collection, storage, and processing of your Sensitive Personal Data as described in this Policy.

You acknowledge that you have read and understood the "Close and Delete" protocol and the unrecoverable nature of clinical data post-consultation.