PPraxy
Go Digital Now
FeaturesSign in

Privacy Policy

Last updated:

Draft for internal reference — basic content and outline only. Review with legal counsel (and verify DPDP Act 2023 obligations) before publishing.

This policy explains what personal data Praxy collects, why we collect it, how we use and protect it, and the rights you have. Praxy is an India-first platform; we operate in line with the Digital Personal Data Protection Act, 2023 (DPDP).

1. Who we are

Praxy (operated by [legal entity name], [registered address], India) provides software that lets independent doctors run their practice online — a website, booking page, and admin. For questions about this policy, contact us at [privacy@praxy.in].

2. Data we collect

We collect the following categories of personal data:

  • Account data — name, email, phone, password (hashed), for doctors and their staff.
  • Practice data — clinic name, specialty, address, services, and fees.
  • Patient data — bookings, contact details, and clinical records that a doctor enters or a patient submits. Praxy processes this on behalf of the doctor (see our Data handling page).
  • Payment data — handled by our payment processor; we do not store full card details.
  • Usage data — device, log, and analytics data to keep the service secure and reliable.

3. How we use data

To provide and maintain the service, process bookings and payments, provide support, keep the platform secure, comply with law, and (with consent) send product updates.

4. Legal basis & consent

We process personal data on the basis of consent and to perform our contract with you, consistent with the DPDP Act. Where we act as a Data Processor for a doctor, the doctor is the Data Fiduciary responsible for the lawful basis of patient data.

5. Sharing & sub-processors

We share data only with vetted infrastructure providers that help us run Praxy (e.g. hosting, authentication, payments). We do not sell personal data.

To develop

  • List named sub-processors (hosting, auth, payments, storage) with their purpose and region.
  • Link to a maintained sub-processor register.

6. Data retention

We keep personal data only as long as needed for the purposes above or as required by law, then delete or anonymise it.

To develop

  • Define concrete retention periods per data category.

7. Your rights

Under the DPDP Act you may have the right to access, correct, and erase your personal data, to withdraw consent, and to grievance redressal. To exercise these, contact our Grievance Officer below.

8. Security

We use encryption in transit and at rest, access controls, and regular reviews. No system is perfectly secure; we maintain a breach-response process (see Data handling).

9. Grievance Officer

As required by the DPDP Act, you can reach our Grievance Officer at [name], [grievance@praxy.in], [address]. We will respond within the statutory timeframe.

To develop

  • Appoint and name the Grievance Officer / Data Protection Officer.
  • Confirm statutory response timeframe.

10. Changes & contact

We may update this policy and will post the new version here with a revised date. Questions: [privacy@praxy.in].