Privacy & data protection for Indian outpatient clinics

We built the platform with India’s Digital Personal Data Protection Act in mind — lawful processing, notice, consent where required, and mechanisms for access, correction, export, and erasure requests.

Clinics remain responsible for their patient relationships and clinical obligations; we provide the technical controls and workflows to help practices operate responsibly.

• Designed with DPDP-aligned privacy principles
• Plain-language notices in patient and clinic surfaces
• No false HIPAA / ISO / government certification claims on this site

Platform-level and clinic-level consent preferences let patients understand what they allow — portal access, communications, and optional AI processing where applicable.

Consent captures are stored with immutable history and linked privacy policy versions so staff can answer “what did the patient agree to, and when?”

PHI access and sensitive privacy actions leave audit trails suitable for clinic accountability reviews — who opened a chart, who approved an export, who reviewed a deletion request.

Consent changes are recorded as events rather than silent overwrites.

Healthcare roles restrict PHI visibility and administrative powers — exports, deletion reviews, legal holds, and clinic configuration require appropriate permissions.

Shared credentials are discouraged; per-person logins support least-privilege access at the front desk and in the consulting room.

Data in transit is protected with HTTPS. Data at rest is hosted on managed infrastructure with backup and recovery practices appropriate for clinic continuity.

We treat availability and recoverability as operational requirements, not optional add-ons.

AI clinical summary is optional and assistive. It synthesizes visit history for faster orientation — not autonomous diagnosis or prescribing.

Clinics configure when AI features are enabled; patient consent settings are respected. Summaries are labeled, refreshable, and meant to be verified against the full consultation timeline.

Clinic operational data is retained while the clinic maintains an active relationship and as needed for backups, disputes, and legal obligations communicated in our Privacy Policy.

Some security and audit logs may be retained for a limited period after deletion where required for fraud prevention or lawful requests.

Clinics should align their use of the platform with their own medical record retention practices and professional guidance.

Patients signed into the portal can request secure exports of their data and initiate deletion requests scoped to their clinic relationship.

Clinic staff review deletion requests through in-product workflows with eligibility checks, legal holds where applicable, and anonymization or erasure steps executed with audit events.

See the Data Deletion Requests page for how patients and clinics start a request.

Clinic administrators and patients with privacy questions may email makemyclinik@gmail.com with “Privacy” in the subject line.

Patients should contact their clinic first for medical record questions; we assist as the platform provider when needed.