Privacy Policy for Healthcare Providers

We collect information in three primary ways: information you provide directly, information collected automatically through platform usage, and information obtained from third parties.

Personal data is used for account administration including creation, maintenance, authentication, and credential verification. Service delivery requires this data to provide platform access, process subscription payments, facilitate communications, and enable collaboration features. We send transactional communications regarding account status, password resets, subscription renewals, and platform updates, as well as administrative notices concerning legal compliance and security. Marketing communications are sent only to those who have opted in and may include promotional offers, educational content, and feature announcements; opt-out mechanisms are always provided.

Usage data informs platform improvement through analysis of usage patterns, research and development, feature testing, and bug identification. Security and fraud prevention measures utilize this data to detect unauthorized access, monitor suspicious activity, investigate incidents, and prevent abuse.

Legal compliance requires retention of certain data for tax reporting, responding to lawful requests from courts or regulators, enforcing terms of service, and protecting Essenzvita's rights and interests.

Aggregated and de-identified data derived from usage patterns may be used for analytics, published research, or shared with third parties. Such data cannot be traced to individual Providers.

Your professional profile information may be visible to other Providers on the platform and, when directory features are enabled, to patients seeking healthcare providers. Participation in collaborative consultations makes your name and credentials visible to other participating clinicians.

Service providers engaged to operate the platform receive data necessary for their functions. Cloud hosting providers store all platform data. Payment processors handle transaction processing. SMS and email service providers deliver notifications. Analytics tools process usage data for platform improvement. These providers are contractually obligated to protect data and use it only for specified purposes.

Disclosure to legal and regulatory authorities occurs when required by law, court order, or regulatory demand; when necessary to protect life or safety; to investigate fraud or illegal activity; or to enforce our rights. We will provide notice of such disclosures unless prohibited by law.

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. The successor must honor this Privacy Policy. You will be notified of any such transfer.

We may share your information with others only where you have provided explicit consent, such as for participation in research studies or sharing your profile with professional associations.

Your personal data is never sold to third parties, shared with marketers without consent, or publicly disclosed.

Personal data is primarily stored on servers located in India. However, certain service providers, particularly those providing analytics or support tools, may be located outside India or may store data on international servers. Cross-border transfers are subject to contractual safeguards including standard contractual clauses where applicable and encryption during transmission.

By using the platform, you consent to such international transfers as necessary for platform operation.

Technical security measures include encryption of data in transit using TLS 1.2 or higher and encryption of data at rest using AES-256. Access controls limit data access to authorized personnel only, with role-based permissions and multi-factor authentication for sensitive operations. Network security is maintained through firewalls, intrusion detection systems, and regular vulnerability assessments. All access is logged and monitored for anomalous activity.

Organizational measures include confidentiality agreements signed by all personnel, regular security training, documented incident response procedures, and audit logging of data access.

Despite these measures, no system is entirely secure. We cannot guarantee absolute protection against all threats.

You are responsible for maintaining strong passwords, enabling available security features, not sharing credentials, logging out of shared devices, and reporting suspicious activity promptly.

Account information is retained for the duration of your active account and for three years following account closure or termination for purposes of legal compliance and dispute resolution. Professional credentials are retained for five years post-termination to address regulatory inquiries. Payment records are retained for seven years pursuant to tax and accounting requirements. Usage logs are retained for five years for security monitoring and compliance purposes. Communications with support are retained for three years. De-identified data may be retained indefinitely as it no longer constitutes personal data.

After retention periods expire, data is securely deleted or anonymized through removal from active databases and deletion from backup systems within the next backup cycle.

Under the Digital Personal Data Protection Act 2023, you have certain rights with respect to your personal data.

You may request access to confirm what personal data we hold and obtain a copy thereof. Requests should be submitted to the Data Protection Officer contact provided below. We will respond within thirty days. The first request in a twelve-month period is provided at no charge; subsequent requests may be subject to a reasonable fee.

You may request correction of inaccurate or incomplete data. Many profile fields can be updated directly through account settings. For other data, contact support. Corrections will be made within fifteen days of verification.

You may request portability of your data in a structured, machine-readable format such as CSV or JSON. Such requests are fulfilled within thirty days at no charge.

You may request erasure of your personal data subject to legal retention requirements. Deletion requests are processed within thirty days. We may decline requests where retention is required by law, necessary for ongoing legal matters, or necessary to enforce our terms. Refusals will be explained in writing.

You may withdraw consent for data processing at any time, though this may result in inability to provide platform services. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

You may nominate another person to exercise your rights in the event of death or incapacity. Nomination procedures will be made available when implementing regulations are issued.

If you believe your privacy rights have been violated, you may file a complaint with our Grievance Officer. We will acknowledge complaints within twenty-four hours and resolve within fifteen days. If unsatisfied, you may escalate to the Data Protection Board of India.

In the event of a breach affecting your personal data, we will notify you within seventy-two hours of discovery. Notification will describe the nature and extent of the breach, measures being taken to contain and remediate it, and steps you should take to protect yourself. We will simultaneously notify the Data Protection Board as required by law.

You should promptly change passwords if advised, monitor for suspicious activity, and report concerns to us immediately.

Session cookies maintain your logged-in state. Analytics cookies help us understand platform usage through tools such as Google Analytics. Preference cookies remember your settings. You may block cookies through browser settings, though this may impair platform functionality. Most analytics tools offer opt-out mechanisms.

The platform is intended for licensed medical professionals aged eighteen or older. We do not knowingly collect data from minors. Any data inadvertently collected from minors will be deleted upon discovery.

We may update this Policy from time to time. Material changes will be communicated via email with thirty days' advance notice. The updated Policy will display a revised "Last Updated" date. Continued use after changes constitutes acceptance. If you do not accept changes, you should cease using the platform and may request deletion of your data.

This Policy is governed by Indian law, including the Digital Personal Data Protection Act 2023 and Information Technology Act 2000. Disputes are subject to the jurisdiction of courts in Kolhapur, Maharashtra, or resolution through the dispute mechanisms specified in the Platform Terms of Service.