This policy describes how long HealthCRM Technologies Pvt. Ltd. retains different categories of data, and how you can request deletion of your data. We believe in keeping only what is necessary, for only as long as it is needed.
1. Our Data Retention Principles
- Purpose limitation: We only retain data as long as it serves the purpose for which it was collected
- Minimisation: We do not retain data we no longer need
- Transparency: We tell you exactly how long we keep each category of data
- Your control: You can export or delete your data at any time through the platform or by contacting us
2. Retention Schedule
| Data Category | Retention Period | Reason |
|---|---|---|
| Active account data (leads, patients, appointments, consultations) | Duration of active subscription | Required to provide the Service |
| Account profile and organisation details | Duration of subscription + 30 days post-termination | Required to provide the Service and handle termination queries |
| Audit logs | 2 years from the date of creation | Security, compliance, and dispute resolution |
| Billing and invoicing records | 7 years from the date of transaction | Required by Indian tax law (GST and Income Tax Act) |
| Support communications | 3 years from last interaction | Quality improvement and dispute resolution |
| Database backups | 90 days from backup creation date | Disaster recovery |
| Usage and analytics logs | 13 months | Year-over-year product analysis |
| Data exported for deleted accounts | 30 days (download window) | Allow time for final data export |
3. What Happens When You Cancel Your Subscription
When your subscription ends (whether by cancellation, non-payment, or account closure):
- Day 0 — Access suspended: Your ability to log in and access the platform is disabled. Your data remains intact in our systems.
- Days 1–30 — Export window: You may contact support@healthcrm.in to request a full data export. We will provide your data in CSV or JSON format within 5 business days of your request.
- Day 30 — Permanent deletion: All your operational data (leads, patients, appointments, consultations, notes, tags, tasks, custom modules, and user records) is permanently and irreversibly deleted from our production systems.
- Days 30–120 — Backup expiry: Residual data in encrypted backups will naturally expire and be deleted within the 90-day backup retention window.
- Retained records: Billing records, audit logs for the active period, and legally required data are retained per the schedule above and are not affected by account deletion.
4. Deleting Data During an Active Subscription
You can delete data at any time while your subscription is active:
In-app deletion
- Individual records: Delete individual leads, patients, appointments, or consultations from within the platform. Deleted records are soft-deleted (hidden from view) for 7 days, then permanently removed.
- Team members: Organisation Owners and Admins can remove team members from Settings → People at any time.
- Tags and custom modules: Can be removed from Settings.
Account-level deletion
To permanently delete your entire organisation and all associated data, contact support@healthcrm.in from the registered owner email. We will:
- Verify your identity and ownership
- Provide a final data export if requested
- Permanently delete all organisation data within 30 days of the confirmed request
- Send written confirmation once deletion is complete
5. Data Portability — Exporting Your Data
You have the right to export your data at any time. HealthCRM supports:
- CSV export: Available directly from the Leads, Patients, and Consultations list pages using the Export button
- Full account export: Contact support@healthcrm.in to request a complete export of all your organisation's data in JSON format
We will fulfil full-account export requests within 5 business days.
6. Patient Data — Special Considerations
HealthCRM processes patient data on behalf of healthcare organisations (our customers). This means:
- Requests for deletion of individual patient records should be directed to the healthcare organisation (data controller), not to HealthCRM
- We will action deletion requests from the healthcare organisation promptly
- We are not responsible for the retention decisions of the healthcare organisations that use our platform, who must comply with their own regulatory obligations (e.g., medical records retention requirements under applicable Indian healthcare regulations)
7. Data Residency
All primary data is stored within our cloud provider's infrastructure. We do not currently offer data residency guarantees for specific geographic regions beyond what our infrastructure provider (Supabase) supports. If data residency is a regulatory requirement for your organisation, please contact us to discuss your needs before subscribing.
8. Requesting Data Deletion
To submit a deletion request:
- Email: privacy@healthcrm.in with subject line "Data Deletion Request"
- Include: your organisation name, registered email, and the specific data you want deleted
- We will respond within 5 business days to acknowledge and confirm the deletion timeline
9. Contact
For questions about this policy or to submit a data request, contact us at privacy@healthcrm.in.