← Back to Home

Privacy Policy

Patient Record Portal (India)

Our Commitment: Your privacy and data security are our top priorities. This policy explains how we collect, use, and protect your health information in compliance with India's Digital Personal Data Protection Act 2023.

1. Controller & Contact

Controller: PatientRecordPortal

Director: Dr. Sunil Kurakula

Contact Information:

2. What We Collect

We collect the following types of information to provide you with our services:

  • Personal Identifiers: Name, date of birth, contact information
  • Contact Information: Email address, phone number, location
  • Health Records: Medical investigations, prescriptions, clinical notes, test results
  • Vital Signs: Blood pressure, weight, height, and other health metrics
  • Metadata: Device information, IP address, timestamps of access and modifications

3. Legal Basis & Consent

The processing of your health data is based on your explicit consent. We maintain detailed records of consent including:

  • Timestamp of consent
  • IP address from which consent was given
  • User agent (browser/device information)

Important: You can withdraw your consent at any time by contacting us at [email protected].

4. Purpose of Data Collection

We use your information for the following purposes:

  • To enable you to store, organize, and summarize your health records
  • To provide optional premium clinician services
  • To improve our tagging and automation features (with your consent)
  • To ensure platform security and prevent unauthorized access
  • To comply with legal obligations when required

5. Data Sharing

We do not disclose your health data to third parties without your explicit consent, except in the following circumstances:

  • When required by law or legal process
  • When you initiate a share request (e.g., sending a report to a clinician)
  • To provide a service you have specifically requested

We will never sell your personal health information to third parties for marketing purposes.

6. Storage & Security

Your data security is paramount. We implement industry-standard security measures:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption
  • Access Controls: Role-based access control ensures only authorized personnel can access specific data
  • Audit Logs: We maintain comprehensive logs of all access and modifications to your data
  • Regular Security Audits: Our systems undergo regular security assessments

7. Data Retention & Deletion

We retain your data as follows:

  • Active Data: We retain your data until you request deletion
  • Backup Period: After a deletion request, we retain backups for up to 90 days to allow for recovery in case of accidental deletion
  • Complete Purge: After 90 days, all copies of your data are permanently deleted from our systems

8. Your Rights

Under India's Digital Personal Data Protection Act 2023, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Deletion: Request deletion of your personal data
  • Right to Data Portability: Request your data in a structured, commonly used format
  • Right to Withdraw Consent: Withdraw your consent at any time

To exercise any of these rights, please contact us at [email protected].

9. International Data Transfers

Your data is stored on cloud providers and may be processed in India. If data is transferred internationally, we ensure appropriate contractual safeguards are in place to protect your information in accordance with Indian data protection laws.

10. Cookies and Tracking

We use essential cookies to:

  • Maintain your login session
  • Remember your preferences
  • Ensure platform security

We do not use cookies for advertising or tracking purposes without your explicit consent.

11. Children's Privacy

Our service is not intended for individuals under the age of 18 without parental consent. Parents or legal guardians may create and manage accounts on behalf of minors.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • We will notify you via email
  • We will display a prominent notice on our platform
  • You will have the opportunity to review and accept the updated policy

13. Complaints and Grievances

If you have concerns about how we handle your personal data, please contact us first:

  • Email: [email protected]
  • Subject Line: "Privacy Complaint"
  • Response Time: We aim to respond within 30 days

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in India.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

PatientRecordPortal

Director: Dr. Sunil Kurakula

Email: [email protected]

Phone: 9000599337

Last Updated: January 2025