Privacy Policy

Your privacy and data security are fundamental to everything we do. Learn how Doctat by Cypher MD protects your healthcare information.

Last updated: November 2024

1. Introduction

Doctat is a healthcare management platform developed by Cypher MD that provides Electronic Medical Records (EMR), billing, prescription, and patient monitoring services to healthcare providers across India.

This Privacy Policy explains how we collect, use, protect, and handle your personal and health information when you use our platform. We are committed to maintaining the highest standards of data protection and privacy.

2. Information We Collect

Personal Information

  • Name, contact details, and identification documents
  • Professional credentials and medical licenses
  • Clinic and practice information
  • Billing and payment information

Health Information

  • Medical history, diagnoses, and treatment records
  • Prescriptions and medication lists
  • Test results and medical reports
  • Clinical notes and observations

Technical Information

  • Device information and app usage metrics
  • Login activities and system interactions
  • Performance and error logs

Consent-Based Collection

We collect all information through explicit user consent and platform interactions. You have full control over what information you share with us.

3. How We Use Your Information

  • Healthcare Service Delivery: Providing EMR, prescription, and clinic management services
  • Billing and Transactions: Processing payments and managing financial records
  • AI-Powered Clinical Support: Providing intelligent alerts and decision support
  • Communication: Sending important notifications and updates
  • Service Improvement: Analyzing usage patterns to enhance our platform
  • Legal Compliance: Meeting regulatory and legal requirements

4. Data Security Measures

End-to-End Encryption

All data is encrypted in transit and at rest using industry-standard encryption protocols.

Security Infrastructure

  • Role-based access control ensuring only authorized personnel access data
  • Secure AWS cloud storage in Mumbai region for data sovereignty
  • Regular security audits and vulnerability assessments
  • Multi-factor authentication for all user accounts
  • Automated backup and disaster recovery systems

Compliance Standards

  • Digital Personal Data Protection Act, 2023
  • Information Technology Act, 2000
  • Medical Council of India regulations
  • International healthcare data protection standards

5. Your Data Rights

You have the following rights regarding your personal and health information:

  • Right to Access: Request access to your personal data stored in our systems
  • Right to Correction: Request corrections to inaccurate or incomplete information
  • Right to Withdraw Consent: Withdraw consent for data processing at any time
  • Right to Data Portability: Export your data in a commonly used format
  • Right to Deletion: Request deletion of your data (subject to legal and regulatory limitations)
  • Right to Opt-Out: Unsubscribe from marketing communications

Exercising Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the contact information provided below.

6. Data Sharing and Disclosure

We respect your privacy and only share information in specific circumstances:

With Your Consent

  • Sharing with other healthcare providers involved in patient care
  • Integration with third-party medical services you authorize
  • Research participation (anonymized data only)

Service Providers

  • Cloud hosting and infrastructure providers
  • Payment processing services
  • Technical support and maintenance partners

Legal Requirements

  • Compliance with court orders and legal processes
  • Regulatory reporting requirements
  • Public health and safety emergencies

No Selling of Personal Information

We never sell your personal or health information to third parties for commercial purposes.

7. Data Retention

We retain your information only as long as necessary to:

  • Provide ongoing healthcare services
  • Meet legal and regulatory retention requirements
  • Resolve disputes and enforce agreements
  • Maintain business continuity and records

Medical records are typically retained for a minimum of 7 years as per Indian healthcare regulations, or longer if required by law.

8. Children's Privacy

Our platform is intended for users 18 years and above. For medical services provided to minors, we require explicit parental or guardian consent and maintain special protections for children's health information.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of any significant changes through:

  • Email notifications to registered users
  • In-app notifications
  • Updates on our website

Continued use of our services after policy updates constitutes acceptance of the revised terms.

Data Protection Contact

For questions about this Privacy Policy, data protection concerns, or to exercise your rights, please contact us:

Data Protection Officer

Rajan Verma
contact@cyphermd.com

Privacy Helpline

+91 88472 29036
Available Mon-Fri, 9 AM - 6 PM IST

10. Grievance Redressal

If you have any concerns about how we handle your personal information, please contact our Grievance Officer:

  • Email: contact@cyphermd.com
  • Phone: +91 88472 29036
  • Address: Cypher MD, Rajguru Nagar, Ludhiana, Punjab, India

We will respond to all grievances within 30 days and work to resolve any privacy concerns promptly and fairly.