Introduction
Welcome to Upcharify, a digital healthcare platform operated by Upcharify Health Tech Pvt Ltd ("we", "our", or "us"). This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our mobile application, website, or any related services (collectively, the "Platform").
By registering or using the Upcharify Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our Platform.
This Policy is governed by the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (India).
Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, mobile number, date of birth, gender, profile photo.
- Health Information: Medical history, symptoms, prescriptions, consultation notes, diagnostic reports, allergies, and other health-related data you share during consultations.
- Identity & Address: Address details provided for records or delivery purposes.
- Payment Information: Payment method details processed through secure third-party payment gateways. We do not store full card numbers.
2.2 Information Collected Automatically
- Device Information: Device type, operating system, app version, unique device identifiers.
- Usage Data: Features accessed, session duration, pages visited, and interaction patterns.
- Log Data: IP address, timestamps, crash reports, and error logs.
- Location Data: Approximate location (city/state level) for service availability, if you grant permission.
2.3 Information from Third Parties
- Data from healthcare providers, labs, or pharmacies if you authorize integration.
- Authentication data if you sign in via Google or other OAuth providers.
How We Use Your Information
We use the information collected for the following purposes:
- To create and manage your account on the Platform.
- To facilitate doctor-patient consultations, appointments, and follow-ups.
- To process payments and send transaction confirmations.
- To send appointment reminders, prescription alerts, and health tips (with your consent).
- To improve our Platform, features, and user experience through analytics.
- To comply with legal obligations and respond to lawful requests from authorities.
- To detect and prevent fraud, unauthorized access, and security breaches.
- To provide customer support and resolve disputes.
We do not sell, rent, or trade your personal or health data to third parties for marketing purposes.
Health Data & Sensitive Information
We treat health and medical information as Sensitive Personal Data or Information (SPDI) under Indian law. Such data is:
- Collected only with your explicit consent.
- Used solely for healthcare delivery purposes within the Platform.
- Shared with your treating doctor or healthcare provider on the Platform only.
- Stored with industry-standard encryption (AES-256 at rest, TLS 1.2+ in transit).
- Never disclosed to employers, insurance companies, or marketing agencies without your written consent.
Sharing of Information
We may share your information in the following limited circumstances:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Doctors / Healthcare Providers on Platform | Consultation and treatment | Bound by medical confidentiality |
| Payment Gateway Partners | Transaction processing | PCI-DSS compliant processors |
| Cloud Infrastructure Providers | Hosting and storage | Data processing agreements in place |
| Analytics Providers | App performance monitoring | Anonymized / aggregated data only |
| Legal Authorities | Compliance with law or court orders | Only when legally required |
Data Retention
We retain your personal data for as long as your account is active or as necessary to provide services. Specifically:
- Account data is retained for the duration of your account plus 3 years after deletion.
- Medical records and consultation history are retained for a minimum of 7 years as required by healthcare regulations in India.
- Transaction records are retained for 8 years for tax and legal compliance.
- After the retention period, data is securely deleted or anonymized.
Your Rights
As a user, you have the following rights over your data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and personal data (subject to legal retention requirements).
- Withdrawal of Consent: Withdraw consent for data processing at any time (this may affect your ability to use certain features).
- Grievance Redressal: Lodge a complaint with our Grievance Officer.
To exercise any of these rights, email us at support@upcharify.com. We will respond within 30 days.
Cookies & Tracking
Our web platform may use cookies and similar technologies to:
- Keep you logged in during your session.
- Remember your preferences.
- Analyze platform usage through aggregated analytics.
You may disable cookies through your browser settings. This may impact certain features of the Platform.
Security
We implement industry-standard security measures to protect your data:
- End-to-end encryption for all sensitive communications.
- AES-256 encryption for data stored on our servers.
- Regular security audits and vulnerability assessments.
- Role-based access controls limiting internal data access.
- Multi-factor authentication for administrative access.
In the event of a data breach that affects your rights, we will notify you as required by applicable law.
Children's Privacy
Our Platform is not intended for children under the age of 18 without parental consent and supervision. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data without consent, please contact us immediately at support@upcharify.com.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Send you an in-app notification or email if the changes materially affect your rights.
Continued use of the Platform after changes constitutes acceptance of the updated policy.
Grievance Officer
In accordance with the Information Technology Act, 2000 and applicable rules, the name and contact details of the Grievance Officer are:
Grievance Officer
Upcharify Health Tech Pvt Ltd
Email: support@upcharify.com
Response time: Within 30 days of receipt of complaint.
Questions about your privacy?
Our team is here to help. Reach out and we'll respond within 30 days.
✉ support@upcharify.com