1. Information We Collect
We collect the following data types to deliver our services:
- Personal Data: Name, email, phone number, profession, specialty.
- Patient Data (entered by healthcare professionals): Age, sex, diagnosis, prescription images, or other clinical notes. (Entered under user's professional responsibility and consent obligations.)
- Technical Data: Device information, IP address, operating system, app usage logs, crash reports.
- Communication Data: Messages or feedback shared via app or email.
2. How We Use Your Data
Data is used to:
- Provide, maintain, and improve services.
- Enable analytics, reports, and clinical data summaries.
- Communicate updates or changes to our services.
- Fulfill legal obligations and prevent fraud.
We may use your professional specialty (e.g., PMR, Psychiatry) to show tailored content or relevant offers, but we never share or use personally identifiable data (like name or phone) for ads.
3. Legal Basis of Processing
We process your data based on:
- Contractual necessity: to provide services you signed up for.
- Legitimate interest: to improve and secure the platform.
- Consent: for patient data entry and optional marketing communications.
- Legal obligation: to comply with applicable law or court orders.
4. Data Sharing & Third Parties
We do not sell user data.
Data may be shared only with:
- Trusted service providers under confidentiality agreements.
- Analytics and infrastructure partners (e.g., AWS, Firebase).
- Legal or regulatory authorities if required by law.
All such parties are required to maintain strict data protection standards.
5. Data Retention
- Personal and professional data is retained as long as your account is active.
- Patient data is retained only for service provision or as legally required.
- Upon deletion request, data will be anonymized or deleted within 30 working days (unless retention is mandated by law).
6. Data Security
We implement industry-standard security practices, including:
- End-to-end encryption (HTTPS, AES-256).
- Role-based access controls.
- Encrypted storage and secure backups.
- Regular vulnerability assessments.
Despite our efforts, no system is completely secure. Users share responsibility for safeguarding their credentials.
7. Data Breach Response
In case of unauthorized access or data breach:
- Affected users will be informed promptly.
- Authorities will be notified as per applicable Indian data protection regulations.
- Immediate mitigation actions will be taken.
8. User Rights
You may:
- Access a copy of your personal data.
- Request correction or deletion.
- Withdraw consent for data processing.
- Request information on how your data is processed.
To exercise these rights, email support@paltics.com.
We may require ID verification for security.
9. Cookies & Tracking
We may use:
- Cookies / local storage for login and preferences.
- Device identifiers / usage analytics for performance improvement.
- Advertising identifiers (IDFA) only with your explicit iOS tracking permission via Apple's ATT framework.
You can manage permissions anytime through your device settings.
10. Children's Privacy
- Paltics is intended for adult healthcare professionals (18+).
- We do not knowingly collect information from minors.
- If such data is discovered, it will be promptly deleted.
11. Cross-Border Data Transfer
- Data may be processed on servers located in India or abroad.
- All transfers comply with applicable data protection laws and contractual safeguards.
12. Changes To This Policy
- We may update this policy periodically.
- Updates will be reflected within the app and on our website, with the “Effective Date” updated accordingly.
13. Contact Us
For privacy, support, or data-related issues, contact:
Data Protection Officer (DPO)
Email: support@paltics.com
Address: PALTICS HEALTHTECH PRIVATE LIMITED, Dream Valley Dagapur Siliguri, pin 734003, West Bengal, India.
