Legal
Privacy Policy
Last updated: 2 June 2026
DocSlotBooking (“DocSlotBooking”, “we”, “us”, “our”) operates a digital platform that lets patients find and book doctors, store and share medical records, and track their health, and lets hospitals and clinics manage doctors, appointments, consultations and prescriptions. This policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over it.
We are the Data Fiduciary for the personal data described here. We take the privacy of health information seriously and have written this policy to be specific about exactly what is stored, because we believe a privacy policy should describe the real system, not a generic template.
1. The Indian laws this policy follows
We process personal data in accordance with the following Indian laws and frameworks:
- Digital Personal Data Protection Act, 2023 (DPDP Act) and the rules made under it — India’s primary data-protection law, which sets out our obligations as a Data Fiduciary and your rights as a Data Principal.
- Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”) — which classify medical records, health condition and financial information as Sensitive Personal Data or Information (SPDI) and require consent, a privacy policy and reasonable security safeguards.
- IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 — under which we publish a Grievance Officer contact.
- Telemedicine Practice Guidelines, 2020 (under the Indian Medical Council / NMC framework) — for any video consultation conducted through the platform.
- Electronic Health Record (EHR) Standards for India, 2016 and the Ayushman Bharat Digital Mission (ABDM) Health Data Management Policy — whose consent-led, purpose-limited principles for digital health data we follow as good practice.
A note on health data
2. What we collect and why
The table below is a complete, plain-language inventory of the personal data our platform stores, drawn directly from our database. “Legal basis” refers to the lawful ground under the DPDP Act on which we process the data — in almost all cases this is your consent, or the performance of the service you have requested.
A. Account & identity data
| Category | What we collect | Why (purpose / function) | Legal basis |
|---|---|---|---|
| Account | Email address, mobile phone number, full name, and a unique health ID (UHID) generated for each patient profile. | To create and secure your account, send you a one-time password (OTP) to sign in, and identify you across the app. | Consent / service performance |
| Profile | Profile photo (avatar), preferred language, and your account role (patient or hospital). | To personalise your experience and route you to the correct part of the app. | Consent |
| Push tokens | Device push-notification token (FCM). | To send appointment, reminder and record-sharing notifications, if you enable them. | Consent |
B. Patient demographic & contact data
| Category | What we collect | Why (purpose / function) | Legal basis |
|---|---|---|---|
| Demographics | Date of birth, gender, blood group, height and weight, marital status. | To maintain your health record, present age/clinically-relevant context to your doctor, and compute health metrics. | Consent (sensitive personal data) |
| Address | Address line, city, state, PIN code, country. | For your records and to help match you with nearby hospitals/clinics. | Consent |
| Emergency contact | Emergency contact name and phone number. | So a hospital can reach a nominated person in an emergency. | Consent |
| Insurance | Insurance provider, policy number and validity date (if you choose to add them). | To store your insurance details for use during a visit. | Consent (financial information – SPDI) |
C. Health & medical data (sensitive)
| Category | What we collect | Why (purpose / function) | Legal basis |
|---|---|---|---|
| Conditions | Diagnosed conditions, ICD-10 codes, diagnosis date, severity and status, clinical notes. | To maintain your medical history and inform your care. | Consent (health data – SPDI) |
| Medications | Medicine name, dosage, frequency, route, purpose, prescribed/end dates, reminder times. | To track your medications, send reminders, and record what was prescribed. | Consent (health data – SPDI) |
| Allergies | Allergen, type, reaction and severity. | Patient safety — so clinicians are aware of allergies before prescribing. | Consent (health data – SPDI) |
| Health tracking | Vitals and readings you log (e.g. blood pressure, glucose, weight, SpO₂, heart rate, temperature), device names, photos and notes. | To let you and your doctor monitor health metrics over time. | Consent (health data – SPDI) |
| Medical records | Documents and images you upload (lab reports, prescriptions, scans), the file itself, and text/values automatically extracted from them (OCR). | To digitise and store your records so they are available when you need them. | Consent (health data – SPDI) |
| Consultations | Chief complaint, symptoms and duration, diagnosis, doctor’s notes, recorded vitals, prescribed medicines and tracking, visit summaries and reports (including AI-generated summaries), follow-up dates. | To document each consultation and produce a visit record for you and your doctor. | Consent / service performance (health data – SPDI) |
| Adherence | Whether and when you marked a medication as taken or skipped, and the reason. | To support medication-adherence tracking and reminders. | Consent (health data – SPDI) |
| AI assistance outputs | AI-generated plain-language explanations and summaries saved to your account (e.g. lab/visit/medication explainers, a “health at a glance” summary, tracking insights), and the messages you exchange with the in-app AI assistant. | To produce and cache help understanding your own records and visits. The patient assistant answers only from your own health data and is explanatory, not a diagnosis. See section 7 (AI features). | Consent / service performance (health data – SPDI) |
D. Appointment & sharing data
| Category | What we collect | Why (purpose / function) | Legal basis |
|---|---|---|---|
| Bookings | Appointment date and time, consultation type (in-person/video), reason for visit, your notes, and a snapshot of conditions/medications you choose to share at booking. | To book and manage your appointments with the chosen doctor/hospital. | Service performance |
| Record sharing | Records you choose to share, the doctor you shared with, secure access links/tokens, OTP status, expiry, access count and revocation status. | To let you share specific records securely and to track and revoke that access. | Consent |
| Video consultation | A video-call link for tele-consultations (we do not record the call). | To enable a video consultation when you book one. | Service performance |
E. Hospital & doctor account data (business users)
| Category | What we collect | Why (purpose / function) | Legal basis |
|---|---|---|---|
| Hospital | Hospital/clinic name, admin name, address, city, state, PIN code, contact phone/email, website, working hours, logo, and map location (latitude/longitude). | To create the hospital account, verify it, and list its doctors to patients. | Consent / service performance |
| Doctor | Registration number, qualification, years of experience, bio, gender, languages, consultation fees, ratings, phone and email. | To display verified doctor profiles and enable booking. | Consent / legitimate use |
F. Technical & usage data
| Category | What we collect | Why (purpose / function) | Legal basis |
|---|---|---|---|
| Location (precise) | GPS latitude/longitude — only when a hospital admin taps “Use my current location” during signup/settings, and only with the browser’s permission. | To set the hospital’s map location. We do not track patient location in the background. | Consent |
| Analytics | Pages viewed and product events (e.g. login, booking confirmed, record uploaded, errors), with pseudonymous identifiers. We do not put your name, contact details or clinical content into analytics events. | To understand how the product is used and to fix problems. | Consent / legitimate use |
| On-device cache | An offline copy of some of your data stored on your own device (IndexedDB) plus a service worker, so the app works without a connection. | To provide offline access and sync changes when you reconnect. | Service performance |
3. How we collect your data
- Directly from you — when you sign up, complete your profile, log health data, upload records, or book an appointment.
- From your hospital or doctor — a hospital may create a patient record (and a UHID/MRN) for you, which you can later claim by signing in with the same email or phone.
- Automatically — technical and analytics data as you use the app, and precise location only when you explicitly grant it.
4. Consent and your choices
We rely primarily on your consent, which under the DPDP Act must be free, specific, informed, unambiguous and given by a clear affirmative action. By creating an account and entering data you consent to the processing described in this policy for the purposes stated.
- You can withdraw consent at any time (see Your Rights). Withdrawing consent may mean we can no longer provide some features.
- You choose what optional data to add (e.g. insurance, allergies) and which records to share, and with whom.
- You can manage push notifications and decline browser location at any time from your device/browser settings.
5. Children and family (dependent) profiles
The platform lets you manage family members under a single account. Where a profile belongs to a person under 18, the DPDP Act requires verifiable consent of a parent or lawful guardian. By creating a dependent profile you confirm you are the parent/guardian or are otherwise authorised to provide their data and consent on their behalf.
- We do not knowingly use children’s data for tracking, behavioural monitoring or targeted advertising.
- If we learn that a child’s data was provided without proper consent, we will delete it.
6. Who we share data with
We do not sell your personal data. We share it only as follows:
With doctors and hospitals you choose
When you book an appointment or share a record, the relevant hospital/clinic and doctor can see the information needed to provide care — your profile, the records or snapshots you shared, and consultation data they create. Each hospital sees only its own patients’ data, enforced by database-level access controls (Row Level Security).
With our service providers (Data Processors)
We use a small set of trusted providers who process data only on our instructions:
| Category | What we collect | Why (purpose / function) | Legal basis |
|---|---|---|---|
| Supabase | Database, authentication and file storage. | Hosts the application data and your uploaded records. | Hosted in India (Mumbai / ap-south-1 region) |
| Vercel | Application hosting and content delivery. | Serves the website to your browser. | Global edge network |
| PostHog | Product analytics (pseudonymous events). | Usage analytics and error monitoring. | Routed via our own domain; may process outside India |
| Push provider | Firebase Cloud Messaging (device push tokens). | Delivers push notifications, if enabled. | May process outside India |
| OpenAI | De-identified clinical text and values only (e.g. symptoms you type, condition / medicine / allergy names, lab parameter values, vitals numbers, past diagnoses). We never send your name, UHID, date of birth, gender, phone number or any identifier. | Powers the AI assistant features (section 7): drafting clinical notes for doctors, and plain-language explanations/summaries for patients. | Processed outside India; sent with retention and model-training disabled |
For legal reasons
We may disclose data where required by law, a court, or a competent authority, or to protect the rights, safety and security of users and the public.
7. AI features and how we use AI
The platform includes optional AI-assisted features. They are designed around two firm principles: doctors get drafts they must confirm, and patients get explanations, never a diagnosis.
What the AI does
- For doctors (draft-only): suggest a draft diagnosis and visit notes, flag possible allergy/interaction/duplicate/dosage concerns on a prescription, and expand a doctor’s keywords into patient do’s & don’ts. Nothing the AI produces is saved automatically — the clinician reviews, edits and confirms every entry. The AI does not make clinical decisions.
- For patients (explain-only): explain a lab report, a past visit or a medication in plain language, give a “health at a glance” summary, surface trends in metrics you track, a chat assistant that answers questions about your own records, and a helper that structures your free-text symptoms before a booking. These features only explain or summarise your own data — they do not diagnose, do not change your medicines or doses, and always defer to your doctor.
What data is sent to the AI provider
AI requests are made by our servers (never directly from your browser) to OpenAI, and we send only the de-identified clinical content needed for the task — for example the symptoms you type, condition / allergy / medicine names, lab parameter values and flags, vitals numbers, tracking numbers and past diagnoses. We do not send your name, UHID, date of birth, gender, phone number or any account identifier, on either the doctor or patient side.
No training, no retention
Storage and your control
The AI’s outputs (explanations, summaries and your chat messages) are saved under your own account so they load quickly and stay available to you — they are protected by the same database access controls as the rest of your health data, and are removed when you delete the related record or your account. These features are optional: you can simply not use them.
Not a medical service
8. Where your data is stored and cross-border transfers
Our primary database and your uploaded records are hosted in India (the Mumbai / ap-south-1 region), and your identifiable clinical/health records stay within that India-hosted database. Some service providers process limited data on servers outside India: analytics and push delivery handle non-clinical data, and our AI provider (section 7) processes de-identified clinical content only — never your name, UHID, date of birth, gender, phone or any identifier — with retention and model-training disabled. Where data is transferred outside India, we do so only to countries not restricted by the Central Government under the DPDP Act.
9. How we protect your data
We apply reasonable security safeguards appropriate to health data, including:
- Encryption in transit (HTTPS/TLS) for all traffic, with HSTS enforced.
- Row Level Security in the database so each user and hospital can access only their own data.
- OTP-based sign-in, and role-based access separating patient and hospital areas.
- A strict Content Security Policy and security headers (e.g. X-Frame-Options, restrictive Permissions-Policy).
- Access to production data limited to authorised personnel and processors bound by confidentiality.
No system is perfectly secure. If a personal-data breach occurs, we will act to contain it and notify the Data Protection Board of India and affected users as required by the DPDP Act.
10. How long we keep your data
- Account & profile data — for as long as your account is active.
- Medical records and consultation data — retained to provide continuity of care and to meet medical record-keeping norms (Indian Medical Council regulations generally require clinicians to keep patient records for at least 3 years from the last entry). Hospitals/doctors are independently responsible for their own retention obligations.
- Analytics data — kept in pseudonymous form for a limited period.
- After deletion, we may retain limited data where the law requires it, then erase or anonymise the rest.
11. Your rights as a Data Principal
Under the DPDP Act and the SPDI Rules you have the right to:
- Access — a summary of the personal data we process about you and how.
- Correction & updating — most data is editable in-app (profile, conditions, medications, records); you can also ask us.
- Erasure — request deletion of your data and account, subject to legal retention duties.
- Withdraw consent — as easily as you gave it.
- Nominate — appoint someone to exercise your rights if you die or become incapacitated.
- Grievance redressal — raise a complaint with us first (below), and escalate to the Data Protection Board of India if unresolved.
To exercise any right, email support@docslotbooking.com. We may need to verify your identity before acting.
12. Cookies and analytics
We use only the cookies/local storage needed to keep you signed in and to run the offline cache, plus privacy-respecting product analytics (PostHog) routed through our own domain. We do not use third-party advertising cookies or sell data to advertisers.
13. Changes to this policy
We may update this policy as the platform or the law evolves. We will change the “Last updated” date above and, for significant changes, notify you in the app or by email.
14. Contact us & Grievance Officer
For any privacy question, request or complaint, contact our Grievance Officer (designated under the DPDP Act and the IT Rules, 2021):
Grievance Officer, DocSlotBooking
Email: support@docslotbooking.com
We acknowledge complaints within 24 hours and aim to resolve them within the timelines set by applicable law.
Please also see our Terms & Conditions.