Privacy Policy

1. Who we are

DrCliniq is a product of Yesinfosolutions, a company registered in India. We build AI-powered WhatsApp automation tools exclusively for Indian clinics and healthcare providers.

2. Data we collect

We collect the following categories of data:

• Doctor information — Name, phone number, email, clinic name, specialty, and WhatsApp Business details provided during registration.
• Patient messages — WhatsApp messages sent by patients to the doctor's WhatsApp Business number, processed for AI auto-replies and triage.
• Protocol data — Medical response protocols created by doctors, including keywords, reply templates, and usage statistics.
• Device & usage data — Browser type, device info, IP address, and usage patterns for service improvement.

3. How we use your data

• To provide AI-powered auto-replies to patient WhatsApp messages based on doctor-configured protocols.
• To triage and flag urgent patient cases for doctor attention.
• To generate morning briefing summaries and analytics for doctors.
• To manage appointment booking and patient communication workflows.
• To improve our AI models and service quality (using anonymised, aggregated data only).

4. Data storage & security

All data is stored on secure servers within India. We use industry-standard encryption (AES-256 at rest, TLS 1.3 in transit) and follow the principle of least privilege for access control. Patient health data is never shared with third parties for marketing or advertising purposes.

5. DPDP compliance

We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act). As a data fiduciary, we process personal data only for lawful purposes with appropriate consent. Doctors act as data fiduciaries for their patient data, and DrCliniq acts as a data processor on their behalf.

6. Third-party services

We use the following third-party services:

• WhatsApp Business API (Meta) — for message delivery and receipt.
• Razorpay — for payment processing. We do not store card details.
• Cloud infrastructure — hosted in Indian data centres for data residency compliance.

7. Your rights

Under DPDP and applicable law, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request erasure of your data (subject to legal retention requirements).
• Withdraw consent at any time.
• Lodge a grievance with our Data Protection Officer or the Data Protection Board of India.

8. Data retention

We retain doctor account data for as long as the account is active plus 12 months after deletion. Patient message data is retained per the doctor's configured retention policy (default: 12 months). Aggregated, anonymised analytics data may be retained indefinitely.

9. Contact us

For privacy-related queries, data access requests, or grievances: