1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Create an account or register for our services
• Schedule appointments or consultations
• Complete forms on our website or application
• Subscribe to our newsletter or marketing communications
• Contact us for support or inquiries
• Participate in surveys or feedback programs

This information may include:

• Name, email address, phone number, and mailing address
• Date of birth and gender
• Professional credentials (for healthcare providers)
• Payment and billing information
• Profile photographs
• Any other information you choose to provide

1.2 Protected Health Information (PHI)

As a healthcare technology platform, we may collect, store, and process Protected Health Information (PHI) in accordance with applicable healthcare privacy laws, including but not limited to:

• Medical history and records
• Diagnosis and treatment information
• Prescription and medication data
• Laboratory results and test reports
• Insurance information
• Clinical notes and consultation records
• Health-related communications between patients and providers

Note: PHI is collected and processed only with your explicit consent and in compliance with applicable healthcare privacy regulations, including the Digital Personal Data Protection Act, 2023 (India) and other relevant laws.

1.3 Automatically Collected Information

When you access or use our services, we automatically collect certain information about your device and usage patterns, including:

• IP address and geolocation data
• Browser type and version
• Device information (model, operating system, unique device identifiers)
• Pages visited, time spent on pages, and navigation patterns
• Search queries and interactions with our platform
• Cookies and similar tracking technologies
• Log files and error reports

1.4 Information from Third Parties

We may receive information about you from third-party sources, including:

• Healthcare providers who use our platform
• Payment processors and financial institutions
• Social media platforms (if you connect your accounts)
• Public databases and directories
• Business partners and service providers

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• Provide, operate, and maintain our healthcare technology platform
• Process appointments, consultations, and service requests
• Facilitate communication between patients and healthcare providers
• Manage user accounts and authenticate users
• Process payments and transactions
• Deliver telemedicine and virtual consultation services

2.2 Healthcare Operations

• Maintain medical records and health information
• Support clinical decision-making and care coordination
• Enable healthcare providers to deliver quality care
• Facilitate prescription management and medication tracking
• Generate reports and analytics for healthcare providers

2.3 Communication

• Send appointment reminders and notifications
• Respond to your inquiries and provide customer support
• Send important service updates and policy changes
• Deliver marketing communications (with your consent)
• Share health-related information and educational content

2.4 Improvement and Analytics

• Analyze usage patterns and improve our services
• Develop new features and functionality
• Conduct research and analytics (in anonymized form)
• Monitor and prevent fraud, abuse, and security threats
• Ensure compliance with legal and regulatory requirements

2.5 Legal and Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to government requests and court orders
• Enforce our Terms of Service and other agreements
• Protect our rights, property, and safety
• Investigate potential violations and prevent harm

3. How We Share Your Information

We do not sell your personal information or PHI. We may share your information in the following circumstances:

3.1 With Healthcare Providers

We share your health information with healthcare providers who are part of our platform and involved in your care, as authorized by you or as necessary for treatment purposes.

3.2 With Service Providers

We may share information with trusted third-party service providers who assist us in operating our platform, including:

• Cloud hosting and data storage providers
• Payment processors and financial institutions
• Email and communication service providers
• Analytics and data analysis services
• Customer support and helpdesk services
• IT security and infrastructure providers

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

3.4 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect public health and safety
• Prevent or investigate fraud or abuse
• Respond to government requests
• Enforce our legal rights

3.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing, such as when you authorize integration with other healthcare applications or services.

4. Data Security

We implement comprehensive security measures to protect your personal information and PHI from unauthorized access, use, disclosure, alteration, or destruction. Our security measures include:

• Encryption: Data encryption in transit and at rest using industry-standard protocols
• Access Controls: Role-based access controls and authentication mechanisms
• Network Security: Firewalls, intrusion detection systems, and secure network architecture
• Regular Audits: Security audits, vulnerability assessments, and penetration testing
• Employee Training: Regular security awareness training for all personnel
• Incident Response: Procedures for detecting, responding to, and reporting security incidents
• Backup and Recovery: Regular data backups and disaster recovery plans

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Your Rights and Choices

You have certain rights regarding your personal information and PHI, subject to applicable laws:

5.1 Access and Portability

You have the right to access, review, and obtain a copy of your personal information and health records stored in our systems.

5.2 Correction and Updates

You can request corrections to inaccurate or incomplete information. You can also update your account information directly through our platform.

5.3 Deletion

You may request deletion of your account and personal information, subject to legal and regulatory retention requirements. Note that we may be required to retain certain health information for legal compliance.

5.4 Opt-Out

You can opt-out of marketing communications by clicking the unsubscribe link in our emails or by contacting us. You cannot opt-out of essential service communications.

5.5 Data Portability

You have the right to receive your data in a structured, commonly used, and machine-readable format.

5.6 Restriction of Processing

You may request restriction of processing of your information in certain circumstances, subject to legal requirements.

To exercise these rights, please contact us at [email protected] or use the account deletion feature available on our platform.

6. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your interactions with our platform. These technologies help us:

• Remember your preferences and settings
• Analyze usage patterns and improve our services
• Provide personalized content and advertisements
• Ensure security and prevent fraud

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our platform.

7. Data Retention

We retain your personal information and PHI for as long as necessary to:

• Provide our services to you
• Comply with legal and regulatory requirements
• Resolve disputes and enforce our agreements
• Maintain accurate medical records as required by law

Health records may be retained for extended periods as required by healthcare regulations. When information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

8. Children's Privacy

Our services are not intended for individuals under the age of 18 without parental or guardian consent. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18 without appropriate consent, we will take steps to delete such information promptly.

Parents or guardians may access, review, and request deletion of their child's information by contacting us.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

10. Third-Party Links and Services

Our platform may contain links to third-party websites, applications, or services that are not owned or controlled by OHA. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

11. Healthcare Privacy Compliance

As a healthcare technology platform, we comply with applicable healthcare privacy laws and regulations, including:

• Digital Personal Data Protection Act, 2023 (India)
• Information Technology Act, 2000 and related rules (India)
• Clinical Establishments (Registration and Regulation) Act, 2010 (where applicable)
• Other applicable healthcare and data protection regulations

We maintain appropriate administrative, physical, and technical safeguards to protect PHI and comply with healthcare privacy requirements.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website with a new “Last Updated” date
• Sending an email notification to registered users
• Displaying a prominent notice on our platform

Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

13. Breach Notification

In the event of a security breach that compromises your personal information or PHI, we will:

• Investigate the breach promptly and take corrective action
• Notify affected users and relevant authorities as required by law
• Provide information about the nature of the breach and steps taken
• Offer guidance on protective measures you can take

We will make notifications without unreasonable delay and in accordance with applicable legal requirements.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For account deletion requests, you can also use the account deletion feature available in your account settings or visit /delete.

15. Grievance Redressal

If you have a complaint or grievance regarding our privacy practices or handling of your personal information, you may:

• Contact our Data Protection Officer at the contact information provided above
• Submit a formal complaint through our customer support channels
• File a complaint with the relevant data protection authority in your jurisdiction

We are committed to addressing all privacy-related concerns promptly and fairly.