Privacy Policy

1. Introduction

TDAppointments ("we," "our," or "us") is committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare appointment booking and clinic management software ("Service").

By using TDAppointments, you agree to the collection and use of information in accordance with this policy. We comply with applicable healthcare data protection laws, including HIPAA (Health Insurance Portability and Accountability Act) in the United States and similar regulations in other jurisdictions.

2.1 Information You Provide

• Account Information: Name, email address, phone number, clinic name, address, and business registration details
• Doctor Information: Name, specialisation, qualifications, experience, consultation fees, and availability schedules
• Patient Information: Name, phone number, email address, age, gender, medical history, appointment history, prescriptions, and consultation notes
• Payment Information: Billing address, payment method details (processed securely through payment gateways), and transaction history
• Communication Data: Messages sent through the platform, WhatsApp messages, and email communications

2.2 Automatically Collected Information

• Usage Data: IP address, browser type, device information, operating system, access times, and pages viewed
• Cookies and Tracking: Session cookies, authentication tokens, and analytics data to improve service functionality
• Location Data: General location information based on IP address (used for regional compliance and service optimization)

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our appointment booking and clinic management services
• Appointment Management: To schedule, confirm, remind, cancel, and manage appointments between patients and healthcare providers
• Communication: To send appointment confirmations, reminders via WhatsApp, email notifications, and important service updates
• Payment Processing: To process subscription payments, consultation fees, and generate invoices
• Patient Records: To maintain secure patient medical records, prescription history, and consultation notes as required by healthcare providers
• Analytics and Reporting: To generate clinic analytics, appointment reports, revenue reports, and patient demographics for authorized users
• Account Management: To manage user accounts, authenticate users, and provide customer support
• Legal Compliance: To comply with legal obligations, respond to lawful requests, and protect our rights and the rights of our users
• Security: To detect, prevent, and address security issues, fraud, and unauthorized access

We do not sell, trade, or rent your personal information or patient data to third parties. We may share information only in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist in operating our platform:

• Cloud Hosting: Secure cloud infrastructure providers with HIPAA-compliant data centers
• Payment Processors: Secure payment gateway providers (Razorpay, Cashfree) for processing transactions
• Communication Services: Twilio for WhatsApp messaging and teleconsultation services
• Analytics: Service analytics providers (with data anonymization) to improve platform performance

All service providers are contractually obligated to maintain the confidentiality and security of your data and are prohibited from using it for any purpose other than providing services to us.

4.2 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or to protect the rights, property, or safety of TDAppointments, our users, or others.

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256 encryption)
• Access Controls: Role-based access controls ensure only authorized personnel can access sensitive data
• Authentication: Multi-factor authentication and secure password policies
• Regular Audits: Security audits, vulnerability assessments, and penetration testing
• Backup and Recovery: Automated daily backups with encrypted storage and disaster recovery procedures
• Infrastructure: HIPAA-compliant cloud infrastructure with 99.9% uptime guarantee
• Monitoring: 24/7 security monitoring and incident response procedures

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our abilities.

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data is retained while your account is active and for a reasonable period thereafter
• Patient Records: Patient medical records are retained as required by healthcare regulations (typically 7-10 years minimum)
• Legal Requirements: Some data may be retained longer as required by law or for legitimate business purposes
• Account Deletion: Upon account deletion request, we will delete or anonymize your data within 30 days, except where retention is required by law

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request access to your personal information and patient data
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Data Portability: Request a copy of your data in a structured, machine-readable format
• Objection: Object to processing of your information for certain purposes
• Withdrawal of Consent: Withdraw consent for data processing where consent is the legal basis

To exercise these rights, please contact us at privacy@tdappointments.com

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling certain cookies may limit functionality of the Service.

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws, including standard contractual clauses and adequacy decisions where required.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information. Parents or guardians who believe their child's information has been collected should contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also notify you via email or through the Service. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.