Legal

Privacy Policy

Last updated: January 15, 2026

Chikitshalaya ("we", "our", or "us") is committed to protecting the privacy of clinic owners, doctors, and patients who use our platform. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

1.1 Information you provide directly

  • Clinic & Account Data: Name, email address, phone number, clinic name, address, and payment information when you sign up or update your profile.
  • Doctor Profiles: Name, qualifications, specialty, profile photo, and consultation fees.
  • Patient Data: Name, phone number, email, age, gender, and appointment history — submitted when patients book appointments through your clinic's page.
  • Communications: Messages you send us through support, email, or contact forms.

1.2 Information collected automatically

  • Usage Data: Pages visited, features used, click patterns, and session duration.
  • Device Data: IP address, browser type, operating system, and device identifiers.
  • Cookies: See our Cookie Policy for details on how we use cookies.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Chikitshalaya platform
  • Send appointment confirmations and reminders to patients
  • Process payments and manage your subscription
  • Send product updates, newsletters, and marketing (you can opt out anytime)
  • Respond to support requests and troubleshoot issues
  • Comply with legal obligations and enforce our Terms of Service
  • Detect and prevent fraud, abuse, or security incidents

We never sell your data to third parties. Patient data is never used for advertising purposes.

3. Data Sharing

We share your information only in the following circumstances:

  • Service Providers: We use trusted third-party providers (e.g., Supabase for database, Razorpay for payments, Twilio for SMS) who are contractually bound to protect your data.
  • Legal Requirements: We may disclose data if required by law, court order, or government authority.
  • Business Transfers: In the event of a merger or acquisition, your data may be transferred to the acquiring entity, subject to the same privacy commitments.
  • With Your Consent: We share data in any other circumstance only with your explicit consent.

4. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription:

  • You have 30 days to export your clinic and patient data.
  • After 30 days, all personal data is permanently deleted from our systems.
  • Anonymised, aggregated usage data may be retained indefinitely for analytics.

5. Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, regular security audits, and multi-factor authentication for admin accounts. No system is 100% secure — if you discover a vulnerability, please report it to security@chikitshalaya.com.

6. Your Rights

Under applicable Indian data protection laws and GDPR (for international users), you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Receive your data in a machine-readable format.
  • Opt-out: Unsubscribe from marketing communications at any time.

To exercise any of these rights, email privacy@chikitshalaya.com.

7. Children's Privacy

Chikitshalaya is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by posting a notice on our website at least 14 days before the changes take effect. Your continued use of Chikitshalaya after the effective date constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions or requests, contact our Data Protection Officer at:
Email: privacy@chikitshalaya.com
Address: Chikitshalaya Technologies Pvt. Ltd., WeWork BKC, Bandra Kurla Complex, Mumbai, Maharashtra 400051, India