Privacy Policy

1. INTRODUCTION

Shakti Digital Health is a digital healthcare platform providing teleconsultation, digital health services, and related support services (“Services”).

We are committed to protecting your privacy and ensuring that your Personal Data and Sensitive Personal Data, including health information, are handled securely, lawfully, and transparently.

This Privacy Policy explains:

What information we collect
How we collect and use it
How we store and protect it
When we share it
Your rights regarding your information

This Policy is designed in accordance with:

The Information Technology Act, 2000 (India)
SPDI Rules, 2011
The Digital Personal Data Protection Act, 2023 (DPDP Act)
Telemedicine Practice Guidelines (India)
Applicable international data protection standards where relevant

2. DEFINITIONS

Personal Data: Any information that identifies or can identify an individual.
Sensitive Personal Data (SPD): Includes health records, medical history, biometric data, financial information, etc.
Processing: Collection, storage, use, sharing, transfer, or deletion of data.
Data Principal: The individual whose data is being processed (patient/user).

3. INFORMATION WE COLLECT

We may collect the following categories of information:

3.1 Identity Information

Full name
Date of birth
Gender
Government-issued ID (if required for compliance)
Contact details (email, phone number, address)

3.2 Health & Medical Information (Sensitive Data)

Medical history
Symptoms and diagnoses
Consultation notes
Prescriptions
Lab reports and imaging
Treatment plans
Doctor–patient communications
Audio/video consultation recordings (if applicable and consented)

3.3 Financial Information

Payment details
Billing address
Transaction history

(Note: Payment card information is processed through secure third-party payment gateways.)

3.4 Technical & Usage Data

IP address
Device information
Browser type
Session activity
Log files
Cookies and tracking technologies

3.5 Communications

Emails
Chat messages
Support interactions

4. HOW WE COLLECT INFORMATION

We collect information:

When you register on the platform
When you book a consultation
During doctor consultations
When you upload medical records
Through cookies and analytics tools
When you contact customer support

5. LEGAL BASIS FOR PROCESSING

We process data based on:

Your explicit consent
Performance of healthcare services
Legal compliance obligations
Medical necessity
Legitimate business interests (fraud prevention, platform improvement)

Sensitive health data is processed only with explicit consent and for medical purposes.

6. PURPOSES OF PROCESSING

We use your information to:

Provide teleconsultations
Generate prescriptions
Maintain electronic health records
Facilitate payments
Improve healthcare delivery
Prevent fraud and misuse
Comply with legal obligations
Maintain audit trails
Conduct internal analytics
Ensure patient safety

We do not sell your personal or medical data.

7. DATA SHARING & DISCLOSURE

We may share information with:

7.1 Registered Medical Practitioners

For providing medical services.

7.2 Diagnostic Labs / Pharmacies

Where necessary and with your consent.

7.3 Technology & Infrastructure Providers

Cloud hosting, secure storage, video consultation tools.

7.4 Payment Processors

To complete transactions.

7.5 Legal & Regulatory Authorities

When required by law or court order.

7.6 Professional Advisors

Lawyers, auditors, compliance consultants.

All third-party partners are contractually bound by confidentiality and data protection obligations.

8. DATA STORAGE & SECURITY

We implement industry-grade safeguards including:

End-to-end encryption (where applicable)
SSL-secured connections
Role-based access controls
Multi-factor authentication
Encrypted databases
Secure cloud infrastructure
Audit logs and monitoring
Regular vulnerability assessments
Restricted internal access to medical records

Access to health records is strictly limited to authorized personnel and treating doctors.

9. DATA RETENTION

We retain health records:

As required under applicable Indian medical laws
In compliance with Telemedicine Guidelines
For medico-legal protection
For statutory retention requirements

When no longer required, data is securely deleted or anonymized.

10. INTERNATIONAL DATA TRANSFERS

If data is transferred outside India:

Adequate safeguards are implemented
Contracts with data processors include data protection clauses
Transfers comply with DPDP Act and applicable regulations

11. YOUR RIGHTS

Subject to applicable law, you have the right to:

Access your personal data
Correct inaccurate information
Request deletion (subject to legal retention requirements)
Withdraw consent
Request data portability (where applicable)
Lodge complaints with regulatory authorities

Requests may be submitted hello@heyshakti.com

12. CHILDREN’S PRIVACY

Services for minors require parental or legal guardian consent. We do not knowingly collect data from minors without proper authorization.

13. COOKIES & TRACKING

We use cookies to:

Improve platform functionality
Analyze usage trends
Enhance user experience

You may disable cookies through browser settings, though certain features may not function properly.

14. BREACH NOTIFICATION

In the event of a data breach:

Notify affected individuals where required
Inform relevant authorities as mandated by law
Take immediate remedial measures

15. GRIEVANCE OFFICER

In accordance with Indian law, a Grievance Officer will be appointed.

Contact details:

Email: hello@heyshakti.com

16. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Updates will be posted on this page with a revised “Last Updated” date.

Continued use of the platform constitutes acceptance of updated terms.

17. CONTACT US

For privacy-related concerns, please contact:‍