Effective Date:	27/05/2026
Version:	Latest
Jurisdiction:	Howrah, Ranihati, Amta-road, West Bengal, India
Governing Law:	Laws of the Republic of India

1. Legal Framework & Regulatory Compliance

Doctorwala is committed to full compliance with all applicable laws and regulations of India, including but not limited to:

• Information Technology Act, 2000 (IT Act)
• Information Technology (Amendment) Act, 2008
• IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)
• Digital Personal Data Protection Act, 2023 (DPDP Act)
• Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002
• Telemedicine Practice Guidelines, 2020 (Board of Governors, MCI / NMC)
• National Medical Commission Act, 2020
• Clinical Establishments (Registration and Regulation) Act, 2010
• Consumer Protection Act, 2019
• All applicable State healthcare regulations governing partner clinics, hospitals, and laboratories

2. Definitions

"Platform"	Website doctorwala.info and all associated mobile applications.
"User"	Any individual or entity accessing or using the Platform.
"Patient"	Individual registered on Doctorwala Patient App seeking healthcare services.
"Partner"	Healthcare provider registered on Doctorwala Partner App (clinic, doctor, hospital, laboratory, etc.).
"Medical ID"	Unique Medical Identification Number assigned to each registered patient.
"Personal Data"	Information that identifies or can identify a specific individual.
"Sensitive Data"	Medical records, prescriptions, diagnostics, health history as defined under SPDI Rules, 2011.
"Consent"	Freely given, specific, informed, and unambiguous agreement to data processing.
"Data Fiduciary"	Sumatra Sales Private Limited / Doctorwala, as defined under the DPDP Act, 2023.
"Data Principal"	The individual patient whose personal data is processed.

3. User Categories

3.1 Patients (B2C)

• Individuals registered on the Doctorwala Patient App.
• Individuals managing personal or family medical records through the platform.
• Individuals searching for doctors, clinics, or pathology laboratories.
• Family members managing records on behalf of dependants or minors with consent.

3.2 Healthcare Partners (B2B)

The following entities may register on the Doctorwala Partner App:

• OPD Clinics and Doctor Chambers
• Polyclinics and Multi-Specialty Clinics
• Pathology Laboratories and Diagnostic Centers
• Hospitals (Private and Charitable)
• Individual Registered Medical Practitioners (MBBS/MD/MS and equivalent)
• Allied Healthcare Professionals (as permitted by applicable law)
• Medical Shops and Pharmacies (where applicable)

4. Information We Collect

4.1 Personal Information

• Full Name
• Mobile Number (used for OTP-based authentication)
• Email Address (used for OTP-based authentication)
• Date of Birth
• Gender
• Residential Address
• City, State and PIN Code

4.2 Medical and Sensitive Personal Information (SPDI)

The following constitutes Sensitive Personal Data or Information under the IT (SPDI) Rules, 2011:

• Unique Medical ID (assigned by Doctorwala)
• Digital Prescriptions
• Pathology and Diagnostic Reports
• Medical and Surgical History
• Allergies and Adverse Drug Reactions
• Current Medications
• Blood Group and Immunization Records
• Health Records voluntarily uploaded by the user
• Doctor consultation notes (with patient consent)

4.3 Partner / Healthcare Provider Information

• Practitioner Full Name and Medical Registration Number (MCI/NMC/State Council)
• Qualifications and Specialization
• Clinic / Hospital / Laboratory Name and Address
• Schedule, Consultation Fees, and Laboratory Test Prices

4.4 Technical Information

• Device Make, Model and Operating System Version
• IP Address, Browser Type (for website users)
• Application Usage Logs and Crash/Error Reports

4.5 Location Information

• GPS location is accessed only with explicit user permission.
• Used solely for locating nearby doctors, clinics, and laboratories.
• No background location tracking is performed.
• Location data is not stored or shared beyond service delivery.

5. Unique Medical ID

• Assigned to each registered patient as a lifetime digital health identifier.
• Links all prescriptions, pathology reports, and health records.
• Is patient-owned and patient-controlled at all times.
• May be shared by the patient with any healthcare provider of their choice.
• Generated in compliance with applicable data protection standards.

6. Purpose of Data Collection and Use

Doctorwala collects and processes data for the following specific and lawful purposes:

• Account registration, verification, and management
• Assignment and maintenance of the Unique Medical ID
• Digital storage and retrieval of prescriptions and reports
• Appointment scheduling and management
• Doctor, clinic, and laboratory discovery
• Service notifications via App, SMS, WhatsApp, and Email
• OTP-based and password-based authentication
• Customer support and grievance redressal
• Platform security, fraud prevention, and abuse detection
• Improving platform functionality using aggregated, anonymized data
• Compliance with legal and regulatory obligations

7. Patient Consent and Data Control

In accordance with the DPDP Act, 2023, and the SPDI Rules, 2011:

• Medical and sensitive personal information is shared only with the patient's explicit, informed, and recorded consent.
• Patients may grant access to specific healthcare providers at any time.
• Patients may revoke access from any healthcare provider at any time.
• Consent is granular — access to specific record types can be controlled independently.
• All consent actions are logged with timestamp and stored securely.

8. Doctor Access to Patient Records

• A doctor may access patient records only after the patient explicitly authorizes access.
• Access is time-limited unless renewed by the patient.
• Doctors may create and store digital prescriptions through their authorized partner account.
• Prescription history is linked to the patient's Medical ID and is visible to the patient at all times.
• Doctors must comply with IMC (Professional Conduct, Etiquette and Ethics) Regulations, 2002 and the NMC Code of Ethics in all patient interactions on the platform.
• Doctorwala does not interfere with the clinical judgment or medical decisions of registered practitioners.

9. Pathology Laboratory Access

• Laboratory partners may upload diagnostic reports to a patient's account only with patient consent.
• Labs may access prior records only to the extent authorized by the patient.
• Patients may access uploaded reports subject to the laboratory's own report release policies.
• Doctorwala is not responsible for the accuracy, validity, or interpretation of laboratory reports.

10. Partner Responsibilities and Obligations

All registered partners are responsible for:

• Maintaining accurate and up-to-date profile information at all times.
• Ensuring only validly registered, currently practicing medical practitioners are listed.
• Displaying accurate consultation fees, schedule, and availability.
• Displaying accurate laboratory test pricing.
• Complying with the Clinical Establishments Act, 2010 and all applicable healthcare regulations.
• Obtaining patient consent before accessing or uploading records.
• Maintaining patient confidentiality as required by law and professional ethics.

11. Data Sharing and Disclosure

11.1 Permitted Sharing

• With authorized healthcare providers and laboratories, with patient consent.
• With technology service providers (cloud, SMS, email) to the extent necessary for service delivery, under confidentiality obligations.
• When required by a court order, law enforcement request, or statutory obligation under Indian law.
• To protect the rights, safety, or security of users or the public.

11.2 Prohibited Sharing

12. Medical Disclaimer and Professional Standards

Reflecting the requirements of the Telemedicine Practice Guidelines, 2020 and the NMC Code of Ethics:

• Doctorwala is a digital healthcare platform and technology intermediary — NOT a healthcare provider.
• No medical advice, diagnosis, treatment, or prescription is issued by Doctorwala as an entity.
• All consultations, diagnoses, and prescriptions are the exclusive responsibility of the registered, licensed medical practitioner.
• AI tools and informational features are for general informational purposes only and do NOT constitute medical advice.
• Patients must consult a registered medical practitioner for all health concerns.
• In any medical emergency, users must contact emergency services (112) or the nearest hospital immediately.

13. AI and Technology Features

• AI-assisted features provide informational and administrative assistance only.
• AI does not provide clinical diagnosis, medical advice, or treatment recommendations.
• AI outputs do not constitute medical opinions under any applicable law.
• Doctorwala does not use patient medical data to train third-party AI models without explicit informed consent.

14. Data Security

Security measures implemented in compliance with Rule 8 of the SPDI Rules, 2011:

• SSL/TLS encryption for all data in transit.
• Encrypted storage of sensitive personal and medical data at rest.
• OTP-based and multi-factor authentication for user access.
• Secure password hashing using industry-standard algorithms.
• Role-based access controls (RBAC) limiting data to authorized personnel only.
• Activity logging and real-time monitoring for unauthorized access attempts.
• Regular security audits and vulnerability assessments.
• Incident response procedures in the event of a data breach.

15. Data Retention

• Medical records are retained to ensure lifetime healthcare continuity for the patient.
• Users may request account deletion at any time through application settings or by contacting support.
• Upon account deletion, personal data will be removed subject to legal obligations to retain records.
• Certain records may be retained for periods mandated by applicable healthcare or financial regulations.
• Anonymized, aggregated data (not linked to any individual) may be retained for platform analytics.

16. Rights of Data Principals (Users)

In accordance with the Digital Personal Data Protection Act, 2023, users have the following rights:

• Right to Access: Obtain confirmation and access to personal data held about you.
• Right to Correction: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of personal data (subject to legal retention obligations).
• Right to Data Portability: Download your medical records and personal data.
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing.
• Right to Grievance Redressal: Contact the Grievance Officer regarding any privacy concern.
• Right to Nominate: Nominate a person to exercise rights on your behalf in the event of death or incapacity.

To exercise these rights, contact: grievance@doctorwala.info

17. Cookies and Analytics

• The Doctorwala website may use cookies to enhance functionality, improve security, and maintain session continuity.
• Analytics tools may be used to understand aggregated, anonymized usage patterns.
• No personally identifiable information is shared with analytics providers beyond service necessity.
• Users may manage or disable cookies through browser settings. Disabling certain cookies may affect functionality.

18. Third-Party Service Providers

Doctorwala may engage third-party service providers for:

• SMS and OTP delivery services
• Email notification services
• Cloud hosting and data storage providers
• Push notification services
• Payment processing providers (where applicable)

All providers operate under contractual confidentiality obligations and may process user data only to the extent required for the specific service.

19. Children's Privacy

• Doctorwala does not knowingly collect personal data from individuals under 18 years without verifiable parental or guardian consent.
• A parent or guardian may create and manage a dependent minor's health records on their account.
• If a minor's data is collected without parental consent, Doctorwala will delete such data upon notification.

20. Grievance Redressal

In accordance with Rule 5(9) of the SPDI Rules, 2011 and the IT Act, 2000, a Grievance Officer has been appointed:

Grievance Officer:	Saklin Mustak
Company:	Sumatra Sales Private Limited
Email:	dw@doctorwala.info
Website:	www.doctorwala.info
Address:	Howrah, Ranihati, Amta-road, West Bengal, India
Response Time:	Within 30 days of receipt of written complaint

21. Limitation of Liability

• Doctorwala is a technology platform and intermediary under the IT Act, 2000. It is not a medical institution.
• Doctorwala is not liable for medical decisions, diagnoses, treatment outcomes, prescription errors, laboratory result accuracy, healthcare provider conduct, or appointment disputes.
• Healthcare providers on the platform are independent professionals solely responsible for all clinical services.
• Doctorwala is not liable for data loss caused by user error, hardware failure, or events beyond its reasonable control.

22. Updates to This Privacy Policy

• Doctorwala may update this Privacy Policy at any time.
• Material changes will be notified through in-app notifications, email, or prominent website notice.
• The updated policy will be published on www.doctorwala.info with a revised effective date.
• Continued use of the platform after the effective date constitutes acceptance of the updated policy.

23. Contact Information

Company:	Sumatra Sales Private Limited
Brand:	Doctorwala
Website:	www.doctorwala.info
Support Email:	dw@doctorwala.info
Grievance Email:	dw@doctorwala.info
Jurisdiction:	Howrah, Ranihati, Amta-road, West Bengal, India
Applicable Law:	Laws of the Republic of India
Dispute Forum:	Courts of competent jurisdiction at Howrah, West Bengal