Confirm Logout

Are you sure you want to log out?

PRIVACY AND DATA USE

A clearer privacy policy, tailored to Doctor Maitrey Clinic.

This notice explains how Doctor Maitrey Clinic collects, uses, stores, shares, retains, and protects personal data through its appointment, records, and communication platform for patients, staff, and clinic operations.

Effective date

April 10, 2026

Version

1.0

Clinic

Doctor Maitrey Clinic

Contact officer

Doctor Maitrey Clinic

1

POLICY SECTION

Identity and scope

This Privacy Policy applies to the portal, appointment platform, patient and staff login surfaces, and associated services operated by Doctor Maitrey Clinic.

The primary registered contact address currently associated with this practice is Registered clinic address available on request..

This policy explains how data is handled when a patient or staff member accesses the service under the current doctor or clinic domain.

2

POLICY SECTION

Data collection

Account and identity information

  • Name, phone number, password, and verified contact details.
  • Optional email address and profile details such as age.
  • Login, session, OTP, lockout, and account-security metadata.

Appointment and care-related information

  • Appointment bookings, visit history, location selection, and scheduling records.
  • Uploaded medical reports, external prescriptions, and clinic-issued prescriptions.
  • Patient history records and appointment-linked notes made available through the platform.

Operational, payment, and compliance information

  • Manual payment-status records and payment QR configuration where relevant to clinic operations.
  • Rights requests, grievance requests, deletion requests, and related resolution records.
  • Audit logs, incident-review records, and service-delivery metadata required for security and compliance.
3

POLICY SECTION

Purposes of processing

Account creation and authentication

To register users, verify identity, manage login access, protect accounts, and prevent misuse or unauthorized access.

Appointment and care delivery

To schedule, manage, modify, and document appointments, and to allow the clinic and doctor to review records relevant to care delivery.

Documents and prescriptions

To store, retrieve, and provide controlled access to uploaded reports, prescriptions, and related clinical files.

Service communications

To send OTPs, appointment communications, document notifications, prescription notices, and related operational messages.

Compliance, security, and legal obligations

To maintain audit evidence, investigate incidents, review rights requests, preserve required records, and comply with applicable legal or regulatory requirements.

4

POLICY SECTION

Communication policy

The platform employs automated communications for security and clinical operations. By using the service, you agree to receive essential messages on the following channels:

SMS

OTP and account-security communications.

WhatsApp

Same-day appointment reminders, where enabled by the clinic.

Email

Appointment, payment, document, and prescription-related service updates.

5

POLICY SECTION

Security measures

Private object-storage design for reports, prescriptions, and related uploaded files.

Short-lived signed URLs for controlled file access.

Authentication and authorization checks before sensitive access is granted.

Upload validation, storage-key minimization, and audit-oriented handling for document operations.

Operational monitoring, access controls, and incident-response procedures appropriate to the clinic environment.

6

POLICY SECTION

Retention and deletion

OTP metadata may be retained for 90 days.

Auth action-token evidence may be retained for 30 days after expiry or use.

Failed-login and lockout metadata may be retained for 180 days.

Appointments, notes, reports, and prescriptions may be retained for a minimum of 3 years.

Payment evidence may be retained for a longer accounting or audit window, including up to 8 years where required by clinic policy.

Notification records may be retained for 365 days.

Audit logs and deletion-request evidence may be retained for a minimum of 3 years.

Where deletion is permitted after the relevant retention period, related records and eligible stored files may be removed through controlled and auditable cleanup processes.

7

POLICY SECTION

Your rights

Access information made available through the patient-facing surfaces of the platform.

Request correction of profile or record information, subject to clinic review.

Raise a grievance relating to privacy, records, communications, or platform use.

Request deletion review, subject to applicable retention, audit, payment, clinical, or security holds.

Contact the clinic’s grievance or privacy contact using the details published with this notice.

8

POLICY SECTION

Contact information

Grievance and support

Clinic

Doctor Maitrey Clinic

Address

Registered clinic address available on request.

Officer

Doctor Maitrey Clinic

Email

ptlmaitrey@gmail.com

Phone

+917760378269