Privacy Policy for Doxxy

Effective Date: 08-06-2025

1. Scope

This policy applies to all users of Doxxy including healthcare professionals, clinic staff, and patients.

2. Information We Collect

  • Patient Information: Name, contact, DOB, gender, medical history, prescriptions, reports, appointment records.
  • Doctor and Staff Information: Name, contact, specialization, license details, consultation history.
  • Administrative Data: Billing records, payment metadata, clinic subscription status.
  • Technical Data: Device identifiers, IP address, usage logs, error reports.
  • Communication: Messages, support queries, feedback forms.

3. Purpose of Data Processing

We use data to deliver core Doxxy services, ensure secure healthcare workflows, comply with medical regulations, and enhance operational performance.

4. Legal Basis

Processing is based on consent, contract necessity, legal obligations, and our legitimate interests in providing secure clinic management software.

5. Data Sharing

  • Access controlled sharing with authorized clinic personnel
  • Third-party vendors under confidentiality and compliance agreements
  • Regulatory authorities under legal mandate
  • Patient-initiated consent-based sharing (e.g., insurance)

6. Data Retention

Health records are retained per medical law. Metadata is retained for operational and compliance purposes. Deletion requests are honored where legally permitted.

7. Data Security

  • Encryption at rest and in transit
  • Role-based access controls (RBAC)
  • Regular audits and vulnerability patching
  • Secure cloud infrastructure

8. Your Rights

You can request access, correction, deletion, or export of your data. Contact us at doxxy@neurovisionhospital.com for any data rights request.

9. Children's Privacy

Doxxy does not knowingly collect data from individuals under 18 without verified guardian consent. Clinics must verify and document such consent.

10. International Transfers

Data transfers outside your jurisdiction comply with applicable cross-border data protection laws and safeguards (e.g., localization, SCCs).

11. Compliance

  • India: Digital Personal Data Protection Act, 2023 (DPDP)
  • EU: General Data Protection Regulation (GDPR)

12. Policy Updates

Material updates will be communicated through the platform or registered email. Continued use after changes constitutes acceptance.

Contact

For questions or data rights requests, contact:
Doxxy
Mumbai, India
Email: doxxy@neurovisionhospital.com