1. Who We Are

AyurXpert Technologies is a healthcare technology platform developed to support Ayurveda hospitals, clinics, pharmacies, and wellness centres across India. We provide digital tools for patient management, prescription records, and healthcare operations.

Data Fiduciary: AyurXpert Technologies (operated by the entity registered for this service)
Contact: privacy@ayurxpert.in

2. What Data We Collect

2.1 Patient / Individual Data

• Name, age, gender, date of birth
• Contact details: phone number, email address
• Address information
• ABHA (Ayushman Bharat Health Account) ID — only if voluntarily provided
• Health records: symptoms, diagnoses, prescriptions, lab reports, visit notes
• Payment records for healthcare services rendered

2.2 Healthcare Staff / Professional Data

• Name, email, phone, professional role
• Login credentials (passwords stored as encrypted hashes — never in plain text)

2.3 Organisation Data

• Organisation name, type, address, contact details
• Licences and registration numbers provided voluntarily

2.4 Technical / Usage Data

• Login timestamps and session activity (for security auditing)
• Browser type and device information (not linked to individual identity)

3. How We Use Your Data

• To create and manage patient health records within your healthcare organisation
• To generate prescriptions, lab reports, and discharge summaries
• To enable appointment scheduling and queue management
• To process billing and maintain financial records for healthcare services
• To support ABDM-linked health record sharing with explicit patient consent
• To provide technical support and maintain platform security
• To comply with applicable laws and regulatory requirements

We do not use health data for advertising, profiling, or any commercial purpose unrelated to direct healthcare service delivery.

4. Legal Basis for Processing

• Consent: Patients provide explicit consent before any health records are created or shared
• Legitimate interest: Healthcare providers require records to deliver safe medical care
• Legal obligation: Certain records are required to be maintained under Indian healthcare regulations
• ABDM framework: Health data linked to ABHA is processed under the National Health Authority consent architecture

5. Data Sharing and Disclosure

We do not sell, rent, or trade personal data. Data may be shared only in the following circumstances:

• Within your organisation: Health records are accessible only to authorised staff of the same healthcare organisation
• ABDM / National Health Authority: If ABHA-linked record sharing is enabled, only with explicit patient consent through the ABDM consent framework
• Legal requirements: If required by a court order or government authority under applicable Indian law
• Infrastructure providers: Our cloud infrastructure provider (data stored within India) under strict confidentiality agreements

6. Data Storage and Security

• All data is stored on servers located within India
• Data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Access is controlled by role-based permissions — staff can access only what their role requires
• Passwords are hashed using industry-standard algorithms — plain-text passwords are never stored
• Session tokens are invalidated on logout
• We conduct periodic security reviews

7. Your Rights (Data Principals)

Under the Digital Personal Data Protection Act 2023, you have the right to:

• Access: Request a copy of personal data held about you
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of personal data (subject to legal record-keeping obligations)
• Grievance redressal: Lodge a complaint if you believe your data rights have been violated
• Nominee designation: Designate a nominee for data access in the event of incapacity

To exercise any of these rights, contact: privacy@ayurxpert.in

8. ABDM Compliance

AyurXpert Technologies is committed to compliance with the Ayushman Bharat Digital Mission (ABDM) framework operated by the National Health Authority of India. Specifically:

• Patient consent is obtained before creating or sharing any ABDM-linked health records
• ABHA IDs are collected and used only with patient knowledge and voluntary participation
• Health Information Exchange follows the ABDM consent manager architecture
• We support patient-controlled access to their own health records
• Our data handling practices align with the Health Data Management Policy (HDMP) issued by NHA

9. Cookies and Local Storage

AyurXpert Technologies uses browser session storage (not third-party cookies) to maintain login sessions. No tracking cookies or advertising cookies are used. Session data is cleared when the browser tab is closed or the user logs out.

10. Children's Data

We recognise that children are patients in healthcare settings. Children's health data is processed only at the direction of their parent or legal guardian and the treating healthcare provider. We do not collect children's data for any purpose other than clinical care.

11. Data Retention

• Patient health records are retained for a minimum period as required by applicable Indian medical regulations
• Staff account data is retained for the duration of employment and for a period thereafter as required by law
• Upon an organisation's termination of service, data export is provided and data is securely deleted within 90 days

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, the "Last Updated" date at the top of this page will change. We will notify registered organisations of material changes via email. Continued use of the platform after updates constitutes acceptance of the revised policy.

13. Grievance Officer

In accordance with the Information Technology Act 2000 and the DPDPA 2023, the details of the Grievance Officer are:

Email: privacy@ayurxpert.in
Response time: Within 30 days of receipt of complaint

14. Contact Us

For any privacy-related questions, requests, or concerns:

• Email: privacy@ayurxpert.in
• Support: support@ayurxpert.in
• ABDM queries: abdm@ayurxpert.in