Privacy Policy

Effective Date: 09 October 2025

Jaya Dental Clinic (Reg. No. 3929)

21, Aryagowda Rd, AGS Colony, Ramakrishnapuram, West Mambalam,
Chennai, Tamil Nadu 600033, India

Contact: +91 9884065060 · dentistrama@gmail.com
Grievance Officer (DPDP Act 2023): Dr. Ramalakshmi, Doctor

This Policy explains how we handle personal data when you use our health record management software and payment links. We process data in line with the Digital Personal Data Protection Act, 2023 (India) and applicable rules.

1) Data We Collect

• Identity & Contact: name, phone, email, address, patient identifiers, guardian details (for minors).
• Health Records: case history, diagnoses, clinical notes, prescriptions, treatment plans, reports, and images/scans as applicable.
• Payment Metadata: invoice details, payment status, mode, Razorpay reference IDs (no card/bank credentials stored by us).
• System Logs: device/browser info, timestamps, and application events for security and audit.

2) How We Use Data

• Provide dental care record-keeping and post-treatment billing.
• Issue payment links and receipts.
• Send operational messages (appointments, payment links, receipts) via WhatsApp/SMS and email.
• Maintain audit trails, comply with legal/tax duties, and secure our systems.

3) Legal Bases / Consent

We rely on your consent (e.g., to keep records and send operational messages) and performance of a contract (e.g., billing/receipts). We may also rely on legitimate uses permitted by Indian law (e.g., record retention, fraud prevention).

4) Children & Guardians

We onboard minors only with parent/guardian involvement. Guardians provide or confirm the minor’s data and consent to processing and payments.

5) Sharing & Disclosure

We do not sell personal data. We share only as necessary to operate the Service or comply with law:

• Payments: Razorpay, to process payment instruments and transactions.
• Hosting & App Services: Google Firebase/Firestore/Cloud Functions, to store and operate the application.
• Communications: WhatsApp/SMS/email gateways (e.g., Twilio/WhatsApp Business API) to deliver operational messages.
• Compliance: Regulators, law enforcement, courts, or auditors when legally required.

Note: Some service providers may process data outside India depending on their infrastructure and routing. We apply contractual, technical, and organizational safeguards to protect such processing.

6) Security

• Encryption in transit (TLS) and at rest (cloud-native encryption).
• Role-based, least-privilege access; only one authorized staff member has production access.
• Authentication controls, audit logs, backups, and Firebase/Google Cloud security best practices.

7) Retention

• Health records: retained for 8–10 years (or longer if legally required), then securely deleted/anonymized.
• Payment metadata & invoices: retained per tax/accounting laws.
• Backups/logs: retained for limited periods for continuity and security.

8) Your Rights

Subject to law and medical record obligations, you may request: (a) access; (b) correction/updates; (c) deletion of non-mandatory data; and (d) withdrawal of consent for non-essential communications.

To exercise rights, contact the Grievance Officer below.

9) Cookies & Analytics

We do not use marketing analytics cookies. The application may use essential session technologies/tokens required to operate login and security on Firebase.

10) Data Breach

We maintain incident response procedures. Where required by law, we will notify affected individuals and/or authorities of a breach.

11) Changes

We may update this Policy; the latest version will be available here with a new effective date.

12) Contact & Grievance Redressal

Grievance Officer: Dr. Ramalakshmi
Phone: +91 9884065060 · Email: dentistrama@gmail.com
Address: as above