Privacy Policy

Credence Digital Health ("Credence", "we", "us", "our") respects your privacy. This Privacy Policy explains, in plain language, how we collect, use, share, retain and protect your personal data when you visit our website or use our telemedicine platform at app.credence.health. This policy is governed by Indian law — primarily the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 (IT Act), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) and the Telemedicine Practice Guidelines, 2020.

By using our platform, registering an account or booking a consultation, you confirm that you have read this policy and consent to the processing of your personal data as described here.

1. Who is the Data Fiduciary?

The Data Fiduciary (the entity that decides why and how your personal data is processed) is:

Credence Digital Health
Technopark Phase 1,
Kazhakootam,
Thiruvananthapuram — 695581, Kerala, India.
Email: hello@credence.health

For grievance redressal, see Section 12 below.

2. Definitions used in this policy

• Data Principal — you, the individual whose personal data is being processed (DPDP Act, Sec 2(j)).
• Personal Data — any data about you by which you are identifiable, directly or indirectly (DPDP Act, Sec 2(t)).
• Sensitive Personal Data or Information (SPDI) — under the SPDI Rules, includes (among other things) medical records and history, physical/physiological/mental health condition, biometric data and financial information.
• Data Processor — a third party that processes personal data on our written instructions (e.g. our cloud host, payment gateway, video infrastructure).
• RMP — Registered Medical Practitioner registered with the National Medical Commission or a State Medical Council.
• Platform / Service — our website and apps, including the teleconsultation, scheduling, payment and record-keeping features.

3. What personal data we collect

We collect only the data we genuinely need to deliver the service.

• Identity & contact data: name, date of birth, gender, mobile number, email, postal address (state, city, PIN, country).
• Account data: username, hashed password, two-factor secrets (where enabled), session cookies, login audit trail.
• Health data (SPDI): chief complaint, symptoms, medical and family history, vitals, prescriptions, lab/imaging reports, doctor's notes (SOAP), uploaded medical records, allergies, current medications.
• Consultation data: appointment metadata, audio/video session identifiers, in-call chat messages, doctor join logs.
• Payment data: processed by our PCI-DSS-compliant payment gateway (Razorpay). We do not store full card numbers, CVV, UPI PINs or net-banking credentials on our servers. We retain only the gateway's order/payment IDs and the amount, currency, status and timestamp of each transaction for invoicing and tax compliance.
• Device & usage data: IP address, device type, browser, language, pages viewed, errors encountered, performance telemetry. Used for security and platform improvement.
• Communications: emails, support tickets and feedback you send us.

We do not knowingly collect biometric, religious, caste, political or sexual-orientation data unless directly relevant to a clinical consultation initiated by you.

4. Why we use your data (purposes & lawful basis)

Under Section 4 of the DPDP Act, we process your personal data only for the following lawful purposes, with your consent or for "certain legitimate uses" expressly permitted under the Act:

• Providing the service — account creation, identity verification, scheduling, video consultation, prescriptions, follow-ups, refills, invoicing.
• Sharing with the treating RMP — so they can examine, advise, prescribe and document care as required by the Telemedicine Practice Guidelines, 2020.
• Compliance with law — record retention under the Telemedicine Practice Guidelines (minimum 3 years), the Income-tax Act, GST law, the Drugs and Cosmetics Act (where prescriptions are concerned), CERT-In Directions 2022 (incident logs), and lawful court / regulatory orders.
• Customer support and grievance handling — responding to your queries and complaints.
• Security, audit and fraud prevention — logging access, detecting suspicious activity, protecting our systems and users.
• Service improvement — using de-identified, aggregated data only. We do not use your identifiable health data for marketing or model training.
• Transactional communications — appointment confirmations, reminders, prescriptions, receipts, password resets. You cannot opt out of these while you have an active account, because they are essential to the service.

5. Who we share your data with

• Your treating RMP, and any RMP they refer you to with your knowledge for continuity of care.
• Your organisation — if you are accessing the platform as part of an employer-, insurer- or hospital-sponsored programme, limited consultation metadata (visit dates, fees, doctor) may be shared with that organisation's authorised admin. Your detailed clinical notes are not shared with non-clinical admins.
• Data Processors who help us run the platform under written contracts (DPDP Act, Sec 8(7)):
  • Cloud hosting — Supabase / AWS
  • Video infrastructure — Vonage
  • Payment gateway — Razorpay
  • Email / SMS dispatch
  • Analytics, error monitoring and security tooling
• Government and regulatory authorities only when required by Indian law — e.g. court order, lawful summons, public-health reporting under the Epidemic Diseases Act / IDSP, CERT-In incident reporting.
• Successors — in the event of a merger, demerger, acquisition or sale of the business, with the same protections you have today.

We do not sell your personal data. We do not use your identifiable health data to target advertisements.

6. Cross-border data transfers

Some of our Data Processors host servers outside India (e.g. Singapore, the United States and the European Union). Where this happens, transfers are made under contractual safeguards permitted under Section 16 of the DPDP Act, 2023, and only to jurisdictions that the Central Government of India has not restricted by notification. By using the platform you acknowledge and consent to these transfers.

7. How long we keep your data (retention)

• Medical records — minimum 3 years from the last visit, as required by the Telemedicine Practice Guidelines, 2020. Records may be retained longer where another Indian law applies (e.g. insurance, medico-legal).
• Tax / invoicing records — 8 financial years, as required by the Income-tax Act and GST law.
• Account data — for as long as your account is active, plus 90 days after deletion to allow recovery.
• Security & access logs — 180 days minimum (CERT-In Directions, 2022).
• Marketing preferences — until you withdraw consent, then deleted from active systems.

After the applicable retention period we either delete the data or irreversibly anonymise it.

8. How we protect your data

• TLS 1.2+ encryption for data in transit; AES-256 for data at rest.
• Role-based access control. Only the RMP you consult and the staff strictly necessary for support can view your records. Every access is audit-logged with user, timestamp and reason.
• Multi-factor authentication for administrative accounts.
• Reasonable security practices and procedures aligned with ISO/IEC 27001 (Sec 8 of the DPDP Act and Rule 8 of the SPDI Rules).
• Quarterly vulnerability assessments and annual penetration testing.
• Incident response and breach notification: we report personal-data breaches affecting you to the Data Protection Board of India and to you, in line with the DPDP Act and CERT-In Directions, 2022.

9. Your rights as a Data Principal

Sections 11 to 14 of the DPDP Act, 2023 give you the following rights, which we honour without charge:

• Right to information & access (Sec 11) — a summary of personal data we hold about you and the processing we do.
• Right to correction, completion, updating and erasure (Sec 12) — subject to medico-legal retention obligations (e.g. we cannot erase a consultation record before its 3-year retention).
• Right of grievance redressal (Sec 13) — see Section 12 below.
• Right to nominate (Sec 14) — nominate another individual to exercise your rights in case of your death or incapacity.
• Right to withdraw consent at any time. Withdrawal does not affect lawful processing already done before the withdrawal, and may limit our ability to provide further services.

To exercise any of these rights, write to hello@credence.health from your registered email address. We respond within 30 days.

10. Children's data

If you are below 18, you may use the platform only through your parent or lawful guardian. Where required by Section 9 of the DPDP Act, 2023 we obtain verifiable parental consent before processing a child's personal data. We do not track, profile or send targeted communications to children. Parents/guardians may exercise the rights in Section 9 of this policy on the child's behalf.

11. Cookies and similar technologies

We use a small number of cookies and browser-storage items strictly to keep you signed in, remember your preferences (e.g. language, organisation theme), maintain CSRF protection, and measure anonymous usage so we can improve the platform. We do not use third-party advertising or social-media tracking cookies.

You can clear cookies and site data from your browser at any time. Disabling essential cookies will sign you out and may prevent core features from working.

12. Grievance Officer / Privacy contact

In line with Rule 5(9) of the SPDI Rules, Rule 3(2) of the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and Section 8(10) of the DPDP Act, 2023, you can reach our Grievance Officer at:

Grievance Officer — Credence Digital Health
Email: hello@credence.health   (subject line: "Grievance — Privacy")
Backup: credencehealthtech@gmail.com
Postal: Technopark Phase 1, Kazhakootam, Thiruvananthapuram — 695581.

We acknowledge complaints within 24 hours and resolve them within 15 days where possible (and in any event within the timelines required by law). If you are not satisfied with the response, you may escalate to the Data Protection Board of India once it is operational, or pursue other remedies under Indian law.

13. Telemedicine — what consultations cover and what they don't

• Consultations on this platform follow the Telemedicine Practice Guidelines, 2020 (notified under the Indian Medical Council Act, 1956 and continued under the National Medical Commission Act, 2019).
• The treating RMP may, in their professional judgement, decline to issue a prescription via teleconsultation, refer you for an in-person examination, or limit prescriptions to those permitted under the Guidelines. Schedule X drugs and most NDPS substances cannot be prescribed via teleconsultation.
• Telemedicine is not a substitute for emergency care. If you have chest pain, severe breathing difficulty, suspected stroke, severe bleeding, suicidal thoughts or any life-threatening symptom, call 108 (ambulance) or 112 (national emergency number) or go to the nearest hospital immediately.

14. Links to third-party sites

Our platform may contain links to external sites we do not operate. We are not responsible for their content or privacy practices. Please read their policies before sharing personal data with them.

15. Changes to this Privacy Policy

We may update this policy from time to time to reflect changes in law or our practices. The current version is always available at app.credence.health/Home/PrivacyPolicy. Material changes will be notified to you in-app or by email at least 7 days before they take effect. Your continued use of the platform after that constitutes acceptance.

16. Governing law and jurisdiction

This Privacy Policy and any dispute arising out of it are governed by the laws of India. The courts at Thiruvananthapuram, Kerala have exclusive jurisdiction, subject to any mandatory consumer-forum jurisdiction under the Consumer Protection Act, 2019.