Privacy Policy

Version 1.0 | Effective Date: January 1, 2025

Last Updated: January 1, 2025

1. Introduction

Welcome to Dharani Hospital App ("we," "our," or "the App"). This Privacy Policy explains how we collect, use, store, and protect your personal and medical data when you use our hospital management and patient care application.

By using Dharani Hospital App, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the App.

2. Data Controller Information

3. What Data We Collect

We collect the following categories of personal and sensitive data:

Data Category	Examples	Legal Basis
Personal Information	Name, phone number, email, date of birth, address, Aadhaar number (optional)	User Consent
Medical Records	Vitals (BP, SpO2, heart rate), diagnoses, prescriptions, lab reports, imaging scans, surgery notes	Healthcare Treatment
Authentication Data	Phone number for OTP login, Google Sign-In credentials	Service Provision
Financial Data	Consultation fees, medication costs, insurance claims	Billing & Accounting
Usage Analytics	App interactions, feature usage, crash logs, performance metrics	Service Improvement
Location Data	Clinic/Hospital location (not personal location tracking)	Multi-tenancy
AI Chat Logs	Health questions asked to AI assistant, chat history	User Consent
Document Uploads	Scanned prescriptions, lab reports, medical certificates (PDF/PNG/JPG)	User Upload

4. How We Collect Data

• Direct Input: Staff enters patient data during registration, visits, and care activities
• OCR Scanning: On-device text recognition from Aadhaar cards, prescriptions, and reports
• AI Chat: Patient questions and AI responses stored for continuity
• Automated Collection: Firebase Analytics, Crashlytics, and Performance Monitoring
• Third-Party Services: Google Sign-In for authentication

5. Why We Process Your Data (Purpose Limitation)

We use your data only for the following legitimate purposes:

5.1 Primary Healthcare Purposes

• ✅ Patient registration and medical record management
• ✅ Clinical decision support for doctors and nurses
• ✅ Emergency alerts (SpO2 < 85%, BP > 180/110)
• ✅ Medication tracking and prescription management
• ✅ Hospital analytics (bed occupancy, revenue reports)

5.2 AI-Powered Services

• ✅ Health knowledge chatbot (powered by OpenRouter AI)
• ✅ Document scanning and OCR text extraction (Google Cloud Vision - optional)
• ✅ Future ECG analysis module (Gemini Flash - planned for V7.1)

5.3 Operational Purposes

• ✅ Billing and financial transactions
• ✅ Staff access control and audit logging
• ✅ Family linking for attendant access
• ✅ Multi-clinic data isolation

5.4 Legal Compliance

• ✅ Retention of medical records for 3 years (Indian Medical Council regulations)
• ✅ Audit trails for data access and modifications
• ✅ Grievance redressal as per DPDP Act

6. Data Sharing and Third-Party Services

We share your data with the following third-party services:

Service Provider	Purpose	Data Shared	Location
Firebase (Google Cloud)	Backend database, authentication, file storage, analytics	All patient and medical data	India (asia-south1 - Mumbai)
OpenRouter	AI health chat assistant (GPT-4o, GPT-4o-mini)	Patient questions, chat history (no PHI unless explicitly asked)	USA (OpenAI servers)
Google Cloud Vision	Document scanning (optional, on-device OCR preferred)	Scanned images of prescriptions/reports	India (asia-south1)
Firebase Crashlytics	App crash reporting and debugging	Device info, crash logs (no PHI)	Global (Google servers)

7. Data Security Measures

We implement industry-standard security practices:

7.1 Encryption

• 🔒 In Transit: All data transmitted using HTTPS/TLS 1.3
• 🔒 At Rest: Firebase stores all data with AES-256 encryption
• 🔒 File Storage: Documents stored in Firebase Storage with encrypted buckets

7.2 Access Control

• 🔐 Role-Based Access Control (58 granular permissions)
• 🔐 Multi-factor authentication for staff (phone OTP + approval workflow)
• 🔐 Firestore security rules prevent unauthorized access
• 🔐 Audit logs track all data modifications (who, when, what changed)

7.3 Infrastructure Security

• ☁️ Data hosted in India (Firebase Mumbai region - asia-south1)
• ☁️ Firebase App Check prevents API abuse
• ☁️ Automated backups every 24 hours
• ☁️ 99.95% uptime SLA (Google Cloud guarantee)

8. Data Retention and Deletion

We retain your data according to the following schedule:

Data Type	Retention Period	Reason
Medical Records	3 years after last visit	Indian Medical Council regulations
Financial Transactions	7 years	Income Tax Act compliance
AI Chat Logs	Until account deletion	Continuity of care
Audit Logs	3 years	Legal compliance
Analytics Data	14 months (Firebase default)	Service improvement

8.1 Account Deletion Process

If you request account deletion (Settings → Delete Account):

1. Immediate: Personal identifiers anonymized (name → "Patient-DELETED-[timestamp]", phone → null)
2. 3 Years: Medical records retained in anonymized form (legal requirement)
3. After 3 Years: Complete deletion of all data from all systems

9. Your Rights Under DPDP Act 2023

As a data principal, you have the following rights:

9.1 Right to Access

• 📥 How: Settings → Download My Data
• 📥 Format: JSON file with all your medical records
• 📥 Timeline: Instant download

9.2 Right to Correction

• ✏️ How: Edit Profile or contact your healthcare provider
• ✏️ Limitations: Medical records can only be corrected by authorized staff (with audit trail)

9.3 Right to Erasure

• 🗑️ How: Settings → Delete Account
• 🗑️ Process: Anonymization (immediate) + Full deletion (after 3 years)

9.4 Right to Withdraw Consent

• 🚫 How: Email contact@rootlynk.com with subject "Withdraw Consent"
• 🚫 Effect: You will be signed out and cannot use the App
• 🚫 Note: Existing medical records retained as per legal requirements

9.5 Right to Grievance Redressal

• 📧 Contact: contact@rootlynk.com
• 📧 Response Time: 30 days as per DPDP Act
• 📧 Escalation: Data Protection Board of India (if unresolved)

10. Children's Privacy

The Dharani Hospital App is designed for patients of all ages, including children. Parental consent is obtained during registration for users under 18 years. Parents can exercise all DPDP rights on behalf of their children by contacting contact@rootlynk.com.

11. Cross-Border Data Transfers

While we primarily store data in India (Firebase Mumbai), some third-party services (OpenRouter AI) process data in the USA. We ensure these transfers comply with DPDP Act requirements through:

• ✅ Standard Contractual Clauses (SCCs) with OpenRouter
• ✅ Pseudonymization of patient identifiers before AI processing
• ✅ Explicit consent during AI chat initiation

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• 📢 Show an in-app notification on next login
• 📢 Update the "Last Updated" date at the top
• 📢 Increment the privacy policy version number
• 📢 Request fresh consent if required by DPDP Act

13. Contact Us

14. Consent Acknowledgment

By clicking "I Consent" in the app's consent dialog, you acknowledge that you have read, understood, and agree to this Privacy Policy. You also consent to the collection, processing, and sharing of your data as described above.