Legal

Privacy Policy

We take your health data seriously. Here's exactly what we collect, how we use it, and how we protect it.

Effective Date: 1 May 2025 · Last updated: 10 May 2026

1. Information We Collect

Account & Profile Information

When you register, we collect your name, email address, phone number, date of birth, and gender. Healthcare providers additionally provide clinic name, specialization, registration number, and address.

Health & Medical Information

To deliver healthcare services, we may store appointment history, prescriptions, medical records, lab results, family member profiles, and pregnancy-related data you voluntarily enter.

Usage Data

We collect information about how you interact with the platform — pages visited, features used, device type, IP address, and browser — to improve our services.

Payment Information

Consultation fee records and transaction references are stored. We do not store full card details; payments are processed through PCI-DSS compliant third-party gateways.

2. How We Use Your Information

Providing the Service

Your data is used to facilitate appointment bookings, manage queues, generate e-prescriptions, display medical records, and send appointment reminders via SMS or push notifications.

Improving the Platform

Aggregated, anonymised usage data helps us understand which features are used most, identify bugs, and improve overall platform performance.

Communications

We send transactional messages (booking confirmations, queue updates, OTPs). You may opt out of non-essential communications at any time from your profile settings.

3. How We Share Your Information

With Healthcare Providers

When you book an appointment, your name, contact details, and relevant medical history are shared with the doctor and clinic staff involved in your care.

No Sale of Personal Data

We do not sell, rent, or trade your personal or medical information to any third party for marketing purposes — ever.

Legal Obligations

We may disclose information when required by Indian law, court order, or a government authority, or to protect the rights and safety of our users.

Service Providers

We engage trusted third-party vendors (e.g., cloud hosting, SMS providers) under strict data processing agreements. They access only the minimum data necessary to perform their function.

4. Data Security

Encryption

All data is encrypted in transit using TLS 1.2+ and encrypted at rest. Access to databases is restricted by role-based controls with full audit logging.

HIPAA-Aligned Practices

Our infrastructure follows HIPAA-aligned security controls — access controls, audit trails, automatic session timeouts, and regular security reviews — to protect sensitive health information.

Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within the timelines required by applicable law.

5. Your Rights

Access & Correction

You may access or correct your personal information at any time from your account profile or by contacting our support team.

Deletion

You may request deletion of your account and associated personal data. Note that certain records (e.g., prescription records) may be retained as required by applicable medical and legal regulations.

Data Portability

You can request an export of your medical records and appointment history in a machine-readable format by contacting support.

Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to the withdrawal.

6. Data Retention

Account Data

Your account data is retained for as long as your account is active. After deletion, personal identifiers are removed within 30 days, subject to legal retention requirements.

Medical Records

Medical records and prescription data may be retained for up to 7 years as required under Indian healthcare regulations (such as the Clinical Establishments Act) and may be retained longer if mandated by law.

7. Cookies & Tracking

Essential Cookies

We use session cookies necessary for authentication and core platform functionality. These cannot be disabled without impairing the service.

Analytics

We use privacy-respecting analytics tools to understand platform usage. These do not identify you individually and can be blocked via browser settings.

8. Children's Privacy

Age Requirement

First OPD is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it promptly.

Family Profiles

Parents or guardians may create family member profiles for minor children within their own account, under their own responsibility.

9. Changes to This Policy

Notification

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

10. Contact Us

Data Inquiries

For questions, access requests, or concerns about your personal data, contact our Data Protection team at firstopd.com@gmail.com or write to: First OPD, India.

General Support

For general support inquiries, reach us at firstopd.com@gmail.com.

← Back to HomeFor Providers