Back to Home

Privacy & Data Policy

Last updated: July 3, 2026

1. Introduction

Alogeriatric ("we," "our," or "us") operates the HomeDoc mobile application and this website (collectively, the "Service"). We are deeply committed to protecting the privacy of our users, particularly given the sensitive nature of the medical and health data our Service processes.

This Privacy & Data Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have under India's Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws.

By using our Service, you consent to the practices described in this Policy. If you do not agree, please discontinue use of the Service.

Data Controller: Alogeriatric, [REGISTERED ADDRESS — TO BE FILLED BEFORE LAUNCH].

2. Data We Collect

We collect the following categories of personal data:

2.1 Personal Information

  • Full name, date of birth, gender
  • Email address and phone number
  • Home address (used for scheduling doctor visits)
  • Profile photograph (optional)
  • Language preference

2.2 Medical & Health Information (Sensitive Personal Data)

This is sensitive personal data under Indian law. We collect it solely to provide appropriate healthcare services:

  • Medical conditions (e.g., Diabetes, Hypertension, Heart Disease, Asthma)
  • Health overview and general health status
  • Appointment notes and visit records created by your assigned doctor
  • Prescription-related information shared with your doctor
  • Any health information you voluntarily provide in the app

2.3 Payment Information

Subscription payments are processed by JusPay, our payment gateway partner. We do not store your raw card or bank account details. We receive only:

  • Transaction status (success, pending, failed)
  • Transaction ID and timestamp
  • Plan name and duration purchased

Payment data is handled under JusPay's own privacy policy.

2.4 Technical & Device Information

  • IP address, device type, operating system version
  • App version and usage logs
  • Crash reports and diagnostic data

2.5 Location Data (Optional)

Location is requested solely for address autofill and care logistics. You may deny location access; address entry will then be manual.

3. How We Use Your Data

We use your data for the following purposes:

  • Service delivery: scheduling and managing monthly doctor visits, processing subscriptions, facilitating video consultations.
  • Healthcare continuity: sharing relevant medical data with your assigned doctor to enable personalised, informed care.
  • Payments: initiating and verifying transactions via JusPay.
  • Communication: appointment reminders, subscription updates, and important service announcements.
  • Safety & security: fraud prevention, abuse detection, and safeguarding users.
  • Legal compliance: meeting our obligations under Indian law, including medical records regulations and tax requirements.
  • Service improvement: aggregated, anonymised analytics to improve the app. No identifiable data is used for this purpose.

We do not use your personal or medical data for marketing to third parties, and we do not sell your data under any circumstances.

4. Sharing Your Data

We share your data only in the following limited circumstances:

4.1 Your Assigned Doctor

Your medical and personal information is shared with the doctor assigned to you for the purpose of delivering care. Only the information necessary for your care is shared.

4.2 JusPay (Payment Processor)

Transaction details are processed by JusPay to complete payments. They receive only the minimum data required to process your subscription payment.

4.3 Supabase (Cloud Infrastructure)

Our application is built on Supabase, which stores and processes data on our behalf. Data is stored within secure, access-controlled cloud infrastructure.Supabase does not access your data for any independent purpose.

4.4 Legal Authorities

We may disclose your data to government authorities or law enforcement agencies when required by applicable Indian law, court order, or to protect legal rights and prevent fraud.

4.5 No Sale of Data

We do not sell, rent, or trade your personal data or medical data to any third party for any purpose whatsoever.

5. Data Retention

We retain your data for the following periods:

  • Account and profile data: Retained while your account is active. Upon account deletion, personal identifiers are removed within 30 days (subject to Section 6 below regarding medical records).
  • Anonymised medical records: Retained for a minimum of 7 years after the last interaction, as detailed in Section 6.
  • Payment records: Retained for 7 years in compliance with the Income Tax Act, 1961 and applicable GST regulations.
  • Session and authentication data: Retained for 90 days, then automatically purged.
  • Crash and diagnostic logs: Retained for 30 days.

6. Account Deletion & Medical Records

You may request account deletion at any time via the HomeDoc app (Settings → Account → Delete Account) or by emailing support@alogeriatric.com.

What happens when you delete your account:

  • Your personal identifiers (name, email, phone number, address, profile photo) are permanently removed from our systems within 30 days.
  • Your login credentials are deactivated immediately.
  • Active subscriptions are cancelled. No refund is provided (see our Cancellation & Refund Policy).

Important: Medical records are anonymised — not deleted.

Medical visit records, doctor notes, and health data created during the course of your care are anonymised (all personal identifiers removed) rather than permanently deleted. This anonymised data is retained for a minimum of 7 years after the last interaction.

We retain anonymised medical records for the following reasons:

  • Medical malpractice protection:Under Indian medical law, a doctor can be held liable for clinical decisions made during a patient's care for many years after the fact. Retaining anonymised records protects both the patient and the healthcare professional in the event of a claim.
  • Legal obligation: Indian medical guidelines recommend a minimum retention period of 3 years for patient records; we apply a 7-year standard for additional protection.
  • Public health: Anonymised, non-identifiable data may be used to improve service quality and inform general healthcare practices. It cannot be traced back to you in any way.

This means that while your identity is erased, the anonymised medical events (e.g., "patient had diabetes, received cardiology consultation, monthly visits completed") are retained in a form that cannot be used to identify you.

You are informed of this practice at the point of account creation and subscription, and by using the Service you acknowledge and accept it.

7. Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data transmitted between the app and our servers uses TLS/SSL encryption.
  • Encryption at rest: Data stored in Supabase is encrypted at rest using AES-256.
  • Access controls: Row-level security policies ensure doctors can only access the data of patients assigned to them. Internal staff access is restricted on a need-to-know basis.
  • Authentication: Multi-factor authentication is available and recommended. Social logins (Google, Facebook) use OAuth 2.0.
  • Audit logging: Access to sensitive medical data is logged and monitored.

While we take all reasonable precautions, no system is completely immune to security risks. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.

8. Your Rights Under the DPDP Act 2023

Under India's Digital Personal Data Protection Act, 2023, you have the following rights with respect to your personal data:

  • Right to access: Request a summary of the personal data we hold about you and how it is being used.
  • Right to correction: Request correction of inaccurate or incomplete personal data. You can update most information directly in the app.
  • Right to erasure: Request deletion of your personal data (subject to the medical record anonymisation explained in Section 6 and our legal retention obligations).
  • Right to grievance redressal: Lodge a complaint with our Grievance Officer (see Section 13) or, if unresolved, with the Data Protection Board of India.
  • Right to nominate: Nominate another individual to exercise your rights in the event of your death or incapacity, as provided under the DPDP Act.

To exercise any of these rights, email support@alogeriatric.comwith the subject line "Data Rights Request." We will respond within 30 days.

9. Cookies & Tracking

The HomeDoc mobile app does not use browser cookies. The app stores minimal data locally on your device using standard mobile storage (SharedPreferences) for:

  • Session authentication tokens
  • User preferences (theme, language, text size)
  • Cached subscription and appointment status (for performance)

This website uses only essential session cookies necessary for the site to function. We do not use tracking cookies, analytics cookies, or any advertising-related cookies.

Social authentication (Google Sign-In, Facebook Sign-In) is subject to the respective platforms' own cookie and privacy policies.

10. Children's Data

The HomeDoc Service is intended for adults aged 18 years and above, or authorised caregivers managing the health of an elderly family member. We do not knowingly collect personal data from children under the age of 18 for the purpose of creating an account in their own name.

If you are a caregiver using the app on behalf of an elderly family member, you are responsible for ensuring that you have the necessary authority to share their information with us. The personal and medical data of the elderly patient is handled under the same protections described in this Policy.

11. Third-Party Services

Our Service integrates with the following third-party platforms, each governed by their own privacy policies:

  • JusPay — payment processing
  • Supabase — cloud infrastructure and database
  • Google Sign-In — optional social authentication
  • Facebook Login — optional social authentication

We recommend reviewing the privacy policies of these services independently. We are not responsible for the data practices of third-party services once data leaves our control.

12. Changes to This Policy

We may update this Privacy & Data Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we do, we will:

  • Update the "Last Updated" date at the top of this page.
  • Notify registered users via email or in-app notification for material changes.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Policy. If you do not agree with any changes, you should discontinue use and may request account deletion.

13. Grievance Officer

As required under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have designated a Grievance Officer to address concerns related to this Policy and the use of your data:

Name: Mr. Partha Mondal
Designation: Grievance Officer
Email: partha94mondal@gmail.com
Response time: Within 48 hours of receiving your complaint
Resolution time: Within 30 days per IT Rules 2021

You may also refer unresolved complaints to the Data Protection Board of India once it is constituted under the DPDP Act 2023, or to the Ministry of Electronics and Information Technology (MeitY) under existing IT Act provisions.

14. Contact Us

For any questions about this Privacy & Data Policy or your personal data:

Alogeriatric
[REGISTERED ADDRESS — TO BE FILLED BEFORE LAUNCH]
support@alogeriatric.com