Privacy Policy

1. Introduction

OPD Digital ("we," "our," or "us") is committed to protecting the privacy and security of your personal and medical information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our OPD management platform.

We comply with the Digital Personal Data Protection Act, 2023 (DPDPA) as mandated by the Government of India, and follow industry best practices for healthcare data protection.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Name, email address, and phone number
• Professional credentials (for healthcare providers)
• Clinic or organization details
• Billing and payment information

2.2 Patient Health Information

When healthcare providers use our platform, the following patient data may be stored:

• Patient demographics (name, age, gender, contact details)
• Medical history and consultation records
• Prescriptions and medication history
• Laboratory reports and diagnostic images
• Appointment and follow-up records
• Vitals and health measurements

2.3 Technical Information

We automatically collect certain technical data:

• Device information and browser type
• IP address and approximate location
• Usage patterns and feature interactions
• Error logs for troubleshooting

3. Data Storage and Security

3.1 Encryption

We employ enterprise-grade security measures to protect your data:

• Data at Rest: All stored data is encrypted using AES-256 encryption
• Data in Transit: All communications use TLS 1.3 encryption
• Database Security: Encrypted database instances with automated backups
• Access Controls: Role-based access control (RBAC) and multi-factor authentication

3.2 Security Practices

• Regular security audits and vulnerability assessments
• Automated threat detection and monitoring
• Secure development lifecycle practices
• Employee security training and background verification

4. How We Use Your Information

We use your information solely for the following purposes:

• Providing and improving our OPD management services
• Processing appointments and consultations
• Sending appointment reminders and notifications
• Generating reports and analytics for healthcare providers
• Customer support and communication
• Billing and payment processing
• Complying with legal obligations

5. Data Sharing and Disclosure

We may share information only in the following limited circumstances:

• With your consent: When you explicitly authorize sharing
• Service providers: Trusted vendors who assist in operating our platform (e.g., payment processors, cloud infrastructure), bound by strict confidentiality agreements
• Legal requirements: When required by law, court order, or government authority
• Emergency situations: To protect the health and safety of individuals when legally permitted

6. Your Rights Under DPDPA

As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

• Right to Access: Request a summary of your personal data and processing activities
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
• Right to Grievance Redressal: Lodge complaints regarding data processing practices
• Right to Nominate: Nominate another person to exercise your rights in case of death or incapacity

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Active accounts: Data is retained while your account is active
• Medical records: Retained as per applicable medical record retention requirements in India
• After account deletion: Data is purged within 30 days, except where legal retention is required
• Backup data: Removed from backup systems within 90 days of deletion request

8. Request Data Deletion

You have the right to request deletion of your personal data at any time. To exercise this right:

• Contact us via email at privacy@opddigital.com
• Submit a deletion request through your account settings
• We will process your request within 30 days
• You will receive confirmation once deletion is complete

Please note that certain data may be retained if required by law or for legitimate medical record-keeping purposes.

9. AI and Automated Processing

Our platform uses artificial intelligence for features such as lab report extraction. Regarding AI processing:

• AI-extracted data is always subject to review by healthcare professionals
• Automated processing does not make medical decisions without human oversight
• AI models are trained on anonymized datasets and do not retain individual patient data
• You may request human review of any AI-processed information

10. Cookies and Tracking

We use essential cookies to ensure proper functioning of our platform. These include:

• Authentication cookies to keep you logged in
• Session cookies for application functionality
• Preference cookies to remember your settings

We do not use third-party advertising or tracking cookies.

11. Children's Privacy

Our services are intended for healthcare professionals and adult patients. We do not knowingly collect personal information from children under 18 without parental or guardian consent. Patient records for minors are managed by their healthcare providers in accordance with applicable laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes:

• We will notify you via email or in-app notification
• The "Last Updated" date at the top will be revised
• Continued use of our services constitutes acceptance of the updated policy

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about our data practices, please contact us:

14. Grievance Redressal

In accordance with the DPDPA, if you are not satisfied with our response to your data protection concerns, you may escalate the matter to the Data Protection Board of India.