Privacy Policy

How DocFriends collects, uses, and protects your personal data — including health information — in line with India's Digital Personal Data Protection Act, 2023 (DPDP Act).

1. Scope. This explains how DocFriends collects, uses, and protects your personal data, including health information, in line with India's DPDP Act, 2023.
2. What we collect. Account details (name, email, phone); the medical information you choose to share for your case (symptoms, history, documents); payment status (payments themselves are processed by Razorpay — we do not store your full card/bank details).
3. Why, and lawful basis. We process your data with your consent to match you with a suitable doctor, deliver your opinion(s), provide support, and meet legal obligations.
4. Who can see your case. Doctors assigned to your case can see the clinical information needed to give an opinion. Our case-management/admin team can see your contact details to operate the service. We do not sell your data.
5. Processors we use. Razorpay (payments), Resend (email), Cloudflare (hosting), Turso (database). Each processes data only to provide its service.
6. Storage & security. Data is stored securely with access controls and encryption in transit. [Add specifics your team can stand behind.]
7. Retention. We keep your data only as long as needed for the service and legal requirements, then delete or anonymise it. [Set a period.]
8. Your rights. Under the DPDP Act you may access, correct, or request deletion of your data, and withdraw consent. Contact our Grievance Officer (below) to exercise these rights.
9. Children. The service is not directed at children except via a consenting parent/guardian.
10. Cookies/sessions. We use a session cookie to keep you signed in.
11. Grievance / Data Protection Officer. Rekha Mani — hello@docfriends.co. We respond within [X] days.
12. Changes. We will post updates here.