|Legal & Policies
Back to home
HomeLegalPrivacy Policy

Privacy Policy

Last updated: June 1, 2026

HealthCRM Technologies Pvt. Ltd. ("HealthCRM", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our cloud-based healthcare CRM platform (the "Service").

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

1. Information We Collect

1.1 Account and Organisation Information

When you register for HealthCRM, we collect:

  • Your name, email address, and phone number
  • Clinic or organisation name, address, and contact details
  • Billing information (processed securely through our payment provider)
  • User role and permissions within your organisation

1.2 Patient and Lead Data

HealthCRM is a tool used by healthcare organisations to manage their own data. When your organisation uses the Service, you may enter patient and lead information including names, contact details, medical histories, appointment records, consultation notes, and billing information. You are the data controller for this data; we are the data processor.

1.3 Usage and Technical Data

We automatically collect technical data to operate and improve the Service:

  • IP address and approximate location
  • Browser type and operating system
  • Pages viewed, actions taken, and session duration
  • Audit log entries (login events, data access, exports)
  • Error reports and performance metrics

1.4 Communications

If you contact us for support, we retain the content of that communication to help resolve your inquiry and improve our services.

2. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your subscription
  • Send service-related notifications, security alerts, and support messages
  • Analyse usage patterns to improve features and user experience
  • Detect, prevent, and respond to fraud, abuse, or security incidents
  • Comply with applicable legal obligations

We do not sell your data or the data of your patients to third parties, ever.

3. Patient Data — Our Role as Data Processor

All patient and lead records entered into HealthCRM by your organisation are processed strictly on your behalf. This means:

  • Your organisation (the data controller) determines what patient data is collected and how it is used
  • We act only on your instructions as your data processor
  • We do not use patient data for our own analytics, marketing, or product development
  • You are responsible for obtaining appropriate consents from patients before entering their data into HealthCRM
  • Upon termination of your subscription, your data is retained for 30 days before permanent deletion, unless a longer retention period is required by law

4. Data Storage and Security

All data is stored on Supabase (PostgreSQL), hosted on secure cloud infrastructure. We implement the following safeguards:

  • Encryption in transit: All data transmitted between your browser and our servers is protected with TLS 1.2/1.3
  • Encryption at rest: All database data is encrypted at rest using AES-256
  • Access controls: Row-level security ensures each organisation can only access its own data
  • Audit logging: All access, exports, and changes are logged with user identity and timestamp
  • Backups: Automated daily backups with 90-day retention

For more information, please see our Security Policy.

5. Data Sharing and Disclosure

We share data only in the following limited circumstances:

  • Service providers: Trusted third parties that help us operate the Service (database hosting, payment processing, email delivery). These processors are contractually bound to handle data securely and only for specified purposes.
  • Legal requirements: When required by applicable law, court order, or government authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you and ensure equivalent protections remain in place.
  • With your consent: For any other purpose with your explicit written consent.

6. Cookies and Tracking

We use a minimal number of cookies necessary to operate the Service. See our Cookie Policy for full details.

7. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data, subject to legal retention requirements
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your personal data in certain circumstances
  • Restriction: Request that we restrict processing of your data

To exercise any of these rights, please contact us at privacy@healthcrm.in. We will respond within 30 days.

8. Data Retention

We retain personal data for as long as your account is active or as necessary to provide the Service. Upon account closure, data is deleted within 30 days. Some data may be retained longer where required by law or legitimate business interests (e.g., billing records for 7 years as required by Indian tax law).

For full details, see our Data Retention & Deletion Policy.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such data, please contact us immediately.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice within the Service at least 14 days before the change takes effect. Continued use after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For questions, concerns, or to exercise your data rights, contact our Privacy Officer: