NexaByte Technologies ("NexaByte", "we", "us") operates the GHRC NexaCare Tele-Consult Android application and web platform. This Privacy Policy explains what personal data we collect, how we use it, how long we keep it, and how you can request its deletion.

---

1. Information We Collect

1.1 Information You Provide

• Account & Identity: Full name, date of birth, gender, email address, mobile number, password, government-issued ID (Aadhaar, PAN, Voter ID), photograph, and UHID.
• Medical Information: Symptoms, diagnoses, prescriptions, lab results, vitals (blood pressure, weight, temperature, SpO₂), allergies, past medical history, and clinical notes.
• Communications: Messages, audio, and video exchanged during teleconsultation sessions.
• Payment Information: Transaction IDs and payment method type. Full card numbers are never stored — payments are processed by Razorpay or Stripe.

1.2 Information Collected Automatically

• Device & App Info: Device model, OS version, app version, and unique device identifiers.
• Usage Data: Features used, session duration, and interaction logs.
• Network Info: IP address (used for security and fraud prevention only).

2. How We Use Your Information

• To provide teleconsultation and healthcare management services.
• To connect patients with doctors and counsellors for virtual consultations.
• To generate, store, and share prescriptions, lab reports, and clinical documents with authorised healthcare providers.
• To send appointment reminders and health alerts via email, SMS, and WhatsApp.
• To process payments for consultations and services.
• To power AI-assisted features (symptom checking, SOAP note generation) using Google Gemini AI.
• To maintain Personal Health Records (PHR) for continuity of care.
• To comply with Indian healthcare regulations (IT Act 2000, SPDI Rules 2011).
• To improve and secure the Service.

3. Sharing of Information

We do not sell your personal data. We share information only as follows:

• Healthcare Providers: Doctors, counsellors, and nurses involved in your care.
• Authorised Centres: The GHRC healthcare centre managing your care.
• Service Providers: 8×8 JaaS (video calls), SendGrid/Twilio (notifications), Google Gemini AI, Razorpay/Stripe (payments), Microsoft Azure (hosting), Neon PostgreSQL (database).
• Legal Obligations: When required by law or court order.

4. Data Storage and Security

• All data is stored on encrypted servers in Microsoft Azure's Central India region.
• All data in transit is protected by TLS/HTTPS encryption.
• Passwords are hashed using bcrypt and never stored in plain text.
• Access to health records is role-based — only authorised personnel can access specific data.
• Session tokens use secure, HTTP-only cookies.

5. App Permissions

• Camera: For video consultations and uploading KYC photographs.
• Microphone: For audio during video/voice teleconsultation sessions.
• Internet: Required for all app functionality.
• Notifications: For appointment reminders and health alerts.

We do not access your contacts, location, SMS, or call logs.

6. Data Retention

How long we keep your data:

• Medical records and consultation data are retained for a minimum of 7 years from the date of last service, in accordance with Indian medical record-keeping guidelines under the MCI/NMC regulations.
• Account and contact data (name, email, phone) are retained for as long as your account is active.
• Payment transaction records are retained for 8 years to comply with GST and financial audit requirements.
• Session and activity logs are retained for 90 days for security monitoring purposes.
• After these periods, data is securely deleted or anonymised.

7. Data Deletion

How to request deletion of your data:

• You may request deletion of your personal account data (name, contact details, login credentials) at any time by emailing support@nexabytetechnologies.co.in with the subject line: "Data Deletion Request – [Your Registered Mobile Number]".
• We will process your request within 30 days and confirm deletion by email.
• Please note: medical records may need to be retained for the legally required 7-year period even after account deletion, as required by Indian healthcare regulations.
• Payment records required for tax/audit compliance cannot be deleted before the 8-year retention period expires.

8. Sensitive Health Data

Health and medical information is Sensitive Personal Data or Information (SPDI) under India's IT (SPDI) Rules, 2011. We collect this only with your explicit consent and use it solely for providing healthcare services. You may withdraw consent by contacting us, though this may limit our ability to provide care.

9. Children's Privacy

The Service may be used for minors under a parent or guardian's care. The parent/guardian is responsible for providing consent when registering a minor. We do not knowingly collect data from children under 13 without verified parental consent.

10. Your Rights

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of personal data (see Section 7 above).
• Withdraw consent for marketing communications.
• Lodge a complaint with the appropriate data protection authority.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Registered users will be notified of material changes via email or in-app notification.

12. Contact Us