Privacy Policy

Introduction

Welcome to AroBuddy ("we," "our," or "us"). AroBuddy provides a cloud-based clinic management system designed for healthcare professionals in India. We understand that the data you and your patients entrust to us is sensitive and personal.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data. By using the AroBuddy platform, you agree to the practices described in this policy.

1. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information from third parties.

Account & Registration Data

• Clinic name, owner name, email address, phone number
• Billing and payment information (processed via secure payment gateways)
• Professional credentials and registration details

Patient Health Data (PHI)

• Patient demographics (name, age, gender, contact)
• Medical history, diagnoses, prescriptions, lab results
• Appointment records and visit notes entered by your clinic staff

Usage & Technical Data

• IP address, browser type, device identifiers
• Pages visited, features used, session duration
• Error logs and crash reports to improve the platform

2. How We Use Your Information

We use the data we collect to:

• Provide, operate, and maintain the AroBuddy platform
• Process transactions and send billing confirmations
• Enable appointment scheduling, EMR, billing, and pharmacy features
• Send important service notifications (e.g., subscription renewal, downtime alerts)
• Respond to support requests and improve customer experience
• Analyse anonymised usage trends to improve product features
• Comply with legal and regulatory obligations

3. Data Sharing & Disclosure

We may share information only in the following limited circumstances:

• Service Providers: Trusted sub-processors (cloud hosting, SMS gateways, payment processors) who process data on our behalf under strict confidentiality agreements.
• Legal Obligations: When required by law, court order, or regulatory authority.
• Business Transfer: In connection with a merger or acquisition, with prior notice to you.
• With Your Consent: Any other sharing requires your explicit consent.

Patient health data is never shared with third parties for commercial purposes.

4. Data Security

We implement industry-standard security measures to protect your data:

• AES-256 encryption for data at rest; TLS 1.3 for data in transit
• Role-based access controls and multi-factor authentication
• Regular security audits and vulnerability assessments
• Automated backups with geographically redundant storage
• 24/7 infrastructure monitoring and intrusion detection

Despite our best efforts, no system is 100% secure. Please notify us immediately at [email protected] if you suspect a security incident.

5. Data Retention

We retain your data for as long as your account is active or as required to provide our services. Specifically:

• Account data: Retained during the subscription period and for 90 days after cancellation (for export).
• Patient health records: Stored as long as the clinic's account is active. Deleted within 30 days of written account-closure request, subject to any applicable legal minimum retention requirements under Indian law.
• Anonymised analytics data: May be retained indefinitely.

6. Your Rights

As a subscriber (clinic owner/administrator), you have the right to:

• Access – Request a copy of all data associated with your account.
• Correction – Update inaccurate information via the platform or by contacting us.
• Deletion – Request deletion of your account and associated data.
• Data Portability – Export your patient records and clinic data in standard formats (CSV/PDF).
• Opt-Out – Unsubscribe from marketing communications at any time.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

7. Cookies & Tracking

We use cookies and similar technologies to:

• Keep you logged in and maintain session state
• Remember your preferences
• Analyse aggregate website usage via Google Analytics (anonymised IP)

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality. We do not use third-party advertising cookies.

8. HIPAA Compliance

AroBuddy is designed to assist healthcare providers in meeting HIPAA requirements. As a Business Associate, we:

• Enter into a Business Associate Agreement (BAA) with covered entities upon request
• Implement required administrative, physical, and technical safeguards for Protected Health Information (PHI)
• Report breaches of unsecured PHI in accordance with HIPAA Breach Notification Rules

9. Children's Privacy

AroBuddy is a B2B platform intended for use by healthcare professionals. We do not knowingly collect personal information directly from children under the age of 13 for our own purposes. Patient records for minor patients may be stored within the platform at the direction of the treating clinic.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Send an email notification to all active subscribers
• Show an in-app notification for 30 days after the change

Continued use of AroBuddy after the effective date constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please reach out to our Privacy Team:

• Email: [email protected]
• Website: arobuddy.com