Home/Privacy Policy

Privacy Policy

Your privacy matters. Here is exactly how DoctApp collects, uses, and protects your information.

Last updated: 21 May 2026

DoctApp is committed to protecting the privacy and security of the personal and health information of all users — hospital administrators, doctors, staff, and patients. This policy is written in plain language to ensure transparency.

1. Overview

DoctApp ("we", "our", or "us") is a smart hospital management platform operated by DoctApp Technologies Pvt. Ltd., headquartered in Hyderabad, Telangana, India. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our software platform, website at doctapp.in, and related services (collectively, the "Service").

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide

  • Hospital / Clinic registration details: name, address, contact information, and administrator credentials.
  • Doctor and staff profiles: name, qualification, specialisation, contact details, and login credentials.
  • Patient information entered via the platform: name, phone number, date of birth, gender, address, and medical history where applicable.
  • Appointment and queue data: scheduled times, visit reasons, vitals recorded during consultations.
  • Billing and payment information: invoice details, payment amounts, and payment method type (we do not store full card numbers or UPI credentials).
  • Communications submitted through our Contact / Demo Booking form: name, hospital name, phone, city, and message.

2.2 Information Collected Automatically

  • Log data: IP address, browser type, pages visited, timestamps, and referring URLs.
  • Device data: operating system, screen resolution, and browser version.
  • Cookies and similar tracking technologies used to maintain sessions and improve platform performance.
  • Usage analytics: feature interactions, queue throughput, and appointment volumes — used in aggregate form only.

2.3 Information from Third Parties

  • Payment gateway transaction status from Razorpay (we receive confirmation of payment, not raw financial data).
  • SMS/WhatsApp delivery status from communication gateway providers.

3. How We Use Your Information

  • To operate and maintain the DoctApp platform and its core features (appointments, queue management, billing, reports).
  • To create and manage user accounts for hospitals, doctors, staff, and patients.
  • To send appointment confirmations, reminders, and queue notifications via SMS or WhatsApp.
  • To process payments and generate billing records.
  • To generate analytics and reports that help hospital administrators make informed decisions.
  • To respond to demo requests, support queries, and feedback submitted via our website.
  • To detect, investigate, and prevent fraudulent or unauthorised access.
  • To comply with applicable laws, regulations, and legal obligations.
  • To improve and develop new features of the Service based on aggregated, anonymised usage data.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:

  • Service providers: Trusted third-party vendors who process data on our behalf (e.g., cloud hosting on AWS/DigitalOcean, payment processing via Razorpay, SMS gateway). These providers are contractually bound to use data only to perform services for us.
  • Within your organisation: Data entered by one authorised user (e.g., a doctor) may be visible to other authorised users of the same hospital tenant on the platform.
  • Legal requirements: We may disclose information if required by law, court order, or governmental authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity, with notice provided to affected users.

5. Data Security

We implement industry-standard technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction:

  • All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
  • Passwords are hashed using bcrypt and never stored in plain text.
  • Access to production databases is restricted to authorised personnel only.
  • Regular security audits and vulnerability assessments are conducted.
  • Payment data is handled via PCI-DSS compliant gateway (Razorpay) and is not stored on our servers.

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your hospital's account is active, or as necessary to fulfil the purposes outlined in this policy, or as required by applicable law.

Upon account termination, we will delete or anonymise your data within 90 days, unless a longer retention period is required by law or for legitimate business purposes (e.g., billing dispute resolution).

7. Patient Health Information

DoctApp processes patient health information on behalf of the healthcare providers (hospitals and clinics) that use our platform. In this context, the healthcare provider is the data controller for patient information, and DoctApp acts as the data processor.

Healthcare providers using DoctApp are responsible for obtaining any necessary patient consent for data collection under applicable health data regulations, including the Digital Personal Data Protection Act, 2023 (India).

Patient data is logically isolated per hospital tenant and is not shared across different hospital accounts.

8. Cookies & Tracking

We use cookies and similar technologies to:

  • Maintain your login session securely.
  • Remember your branch and tenant preferences.
  • Measure website traffic and usage patterns via anonymised analytics.

You can control cookies through your browser settings. Disabling cookies may affect certain platform functionality such as session persistence.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to certain processing activities, including direct marketing.
  • Withdrawal of consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@doctapp.in. We will respond within 30 days.

11. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and notify hospital administrators via email or an in-platform notice.

Continued use of the Service after changes take effect constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

DoctApp Technologies Pvt. Ltd.

Email: privacy@doctapp.in

Phone: +91 9000 847494

Address: Hyderabad, Telangana – 500001, India

Questions about your data?

Our team is happy to clarify anything about how we handle your information.

Email privacy@doctapp.inCall +91 9000 847494