Privacy Policy

Doczo operates a healthcare discovery and coordination platform (website, mobile experiences, and related services) that helps patients find doctors and hospitals, book appointments, access provider tools, and enquire about HomeCare services. For the purposes of Indian data protection law, Doczo Private Limited acts as a Data Fiduciary in respect of personal data we determine the purpose and means of processing.

By using our services, submitting forms, creating an account, or otherwise interacting with us, you acknowledge that you have read this Privacy Policy. Where the law requires consent for processing personal data, we will seek your consent in a clear and specific manner before or at the time of collection.

• Personal Data — data about an identifiable individual, as defined under the DPDPA.
• Data Principal — the individual to whom personal data relates (you).
• Processing — any operation performed on personal data, including collection, storage, use, disclosure, or erasure.
• Sensitive personal data or information (SPDI) — includes health-related information and other categories specified under Indian law, including the SPDI Rules.

Depending on how you use Doczo, we may collect:

• Identity and contact data — name, phone number, email address, and communication preferences.
• Account data — login credentials (stored in hashed form), role (patient, doctor, staff), and profile settings.
• Appointment and booking data — preferred doctor, hospital, date/time, visit type, and notes you provide.
• Health-related information — symptoms, medical history, or care requirements you voluntarily submit (for example via appointment forms, HomeCare enquiries, or messages). We treat this as sensitive personal data and apply additional safeguards.
• Provider and practice data — for healthcare professionals and organisations listing on Doczo: professional details, registration information, clinic addresses, and content you publish.
• Technical and usage data — IP address, device/browser type, pages viewed, referral URLs, cookies, and similar analytics signals.
• Communications — records of support requests, WhatsApp or phone interactions initiated through our published channels, and feedback.
• Payment-related data — where payments are enabled, transaction references and billing status (card or UPI details are processed by authorised payment partners, not stored in full by us unless required for compliance).

• Directly from you when you register, book, submit forms, call, message, or email us.
• From healthcare providers you choose to interact with through the platform.
• Automatically through cookies, logs, and similar technologies when you browse our site.
• From service providers that help us operate the platform (hosting, analytics, communications), under contract.

We process personal data for legitimate purposes connected to our services, including:

• Facilitating discovery of doctors, hospitals, and HomeCare services.
• Scheduling, managing, and reminding you of appointments and enquiries.
• Operating accounts for patients, doctors, and clinic staff.
• Customer support, safety, fraud prevention, and service improvement.
• Complying with legal obligations, court orders, and regulatory requests in India.
• Sending service-related notices; marketing communications only where permitted by law and your preferences.

For certain uses under the DPDPA, we rely on your consent. For other uses, we may rely on permitted legitimate uses as defined under applicable law (for example, processing necessary to provide a service you have requested, or to comply with law).

We do not sell your personal data. We may share personal data with:

• Healthcare providers you select — to fulfil appointments, HomeCare coordination, or enquiries you initiate.
• Service providers — cloud hosting, email/SMS, analytics, payment gateways, and customer-support tools, bound by confidentiality and data-processing terms.
• Authorities — when required by applicable Indian law, regulation, or legal process.
• Corporate transactions — in connection with a merger, acquisition, or asset transfer, subject to appropriate safeguards.

We require recipients to use personal data only for the purposes described and to protect it appropriately.

Our infrastructure or service providers may process data outside India. Where personal data is transferred abroad, we take steps consistent with applicable Indian law, including contractual safeguards and assessments of recipient jurisdictions, so that your data receives a comparable level of protection.

We retain personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting, and dispute-resolution requirements. Health-related and appointment records may be retained longer where required by healthcare regulations or your ongoing relationship with a provider. When data is no longer needed, we delete or anonymise it in accordance with our retention schedules.

We implement reasonable security practices and procedures as required under Indian law, including administrative, technical, and physical safeguards such as access controls, encryption in transit where appropriate, and staff training. No method of transmission or storage is completely secure; please use strong passwords and notify us promptly of any suspected unauthorised access.

We use cookies and similar technologies to keep you signed in, remember preferences, measure traffic, and improve the platform. You can control cookies through your browser settings; disabling certain cookies may limit functionality. Where required, we will obtain consent before placing non-essential cookies.

Subject to applicable law, including the DPDPA, you may have the right to:

• Obtain a summary of personal data we process about you and the processing activities undertaken.
• Seek correction, completion, updating, or erasure of inaccurate or outdated personal data.
• Withdraw consent where processing is based on consent (without affecting prior lawful processing).
• Nominate another individual to exercise your rights in the event of death or incapacity, as permitted by law.
• Raise a grievance with us and, if unresolved, escalate to the Data Protection Board of India when established and as provided by law.

To exercise these rights, contact us at privacy@doczo.com or through our contact page. We may need to verify your identity before responding. We aim to respond within timelines prescribed under applicable Indian law.

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the DPDPA, we have appointed a Grievance Officer for India:

• Name / designation: Grievance Officer, Doczo Private Limited
• Email: privacy@doczo.com
• Phone: +91 83019 80000

Grievances will be acknowledged and addressed within timelines prescribed under applicable rules (ordinarily within 24 hours for acknowledgement and resolution within 15 days, unless a longer period is permitted for complex matters). If you are not satisfied with our response, you may pursue remedies available under Indian law.

Our services are not directed at children under 18 years of age without parental or lawful guardian involvement. We do not knowingly collect personal data from children without verifiable consent from a parent or guardian, as required under the DPDPA. If you believe we have collected a child’s data without appropriate consent, please contact us for deletion.

Our platform may link to third-party websites or services (for example, hospital websites or payment partners). Their privacy practices are governed by their own policies. Healthcare providers you engage through Doczo may maintain separate medical records subject to clinical and regulatory obligations.

We may update this Privacy Policy from time to time. The effective date at the top will change when we do. Material changes will be communicated through the website or other appropriate channels. Continued use after the effective date constitutes notice of the updated policy, subject to any additional consent required by law.

For privacy questions, rights requests, or grievances:

• Data Fiduciary: Doczo Private Limited, India
• Privacy / Grievance: privacy@doczo.com
• General support: support@doczo.com
• Phone: +91 83019 80000
• Web: doczo.com/contact