PRIVACY POLICY

1. Definitions

1.1 ‘Personal Data’ refers to any information that can identify an individual.

1.2 ‘Sensitive Personal Data’ includes health records, medical history, lab reports, diagnosis, prescriptions, Aadhaar, biometrics and child developmental history.

1.3 ‘Patient Health Records (PHR)’ refers to all medical records generated through Platform.

1.4 ‘Data Fiduciary’ refers to GrannyDr.

1.5 ‘Data Principal’ refers to User/Doctor.

1.6 ‘Consent’ refers to Explicit approval (click-wrap, OTP, signature, audio-recorded or guardian consent).

1.7 ‘Data Processor’ refers to Third-party service providers such as storage, payment, analytics.

2. TYPES OF DATA WE COLLECT

2.1 From Users (Parents / Caregivers):

• • Name, gender, DOB, relationship to child
• • Contact info (email, phone, address)
• • Child’s medical history, developmental records
• • Uploaded lab reports, prescriptions, screening results
• • Payment information (UPI, Google Pay, Razorpay, wallet)
• • Health screening assessments (Autism, ADHD, Speech Delay, BMI, etc.)

2.2 From Doctors (Web Panel + Doctor App):

• • Identity and verification documents (Medical registration ID, Aadhaar, PAN, qualifications)
• • Professional credentials, license validity, specialization
• • Consultation records, prescriptions, call logs, patient case notes
• • Device information (IMEI, IP, browser logs, OS, timestamp)

3. CONSENT FRAMEWORK

• • Consent is mandatory before collecting or processing any personal/medical data.
• • For minors under 18, parental/guardian consent is mandatory.
• • Doctor consent is required for professional credential verification and digital profile public listing.
• • Consent may be withdrawn anytime under DPDP Act 2023 guidelines.

4. Purpose of Data Collection

We collect data to provide medical consultations, prescriptions, screening, payment processing, user experience personalization, legal compliance and dispute resolution.

5. Data Storage & Security

Data is stored using AES-256 encryption, SSL/TLS and hosted on HIPAA-equivalent cloud servers. Access is role-restricted. We retain data for 3-7 years as per Telemedicine Guidelines.

6. Patient Data Use by Doctors

Doctors may access only required patient data for consultations. They are prohibited from saving, exporting or reusing patient data outside the platform.

7. Data Sharing Conditions

We only share data with trusted third parties such as labs, payment providers and diagnostic services on a need basis with consent. We do not sell or rent data.

8. User Rights under DPDP Act

Users have rights to data access, correction, deletion, consent withdrawal and grievance filing under DPDP Act 2023.

9. Data Breach & Incident Response

In case of a breach, affected parties will be notified within 72 hours and authorities will be informed. Data recovery, isolation and security audits will be performed.

10. Third-Party Integrations

We integrate with payment gateways, lab partners, AWS/Azure and identity verification platforms. All third parties comply with legal data protection requirements.

11. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of India. The courts in New Delhi, India hold exclusive jurisdiction.

12. Grievance Redressal