Privacy Policy

TrustedHeal ("we," "our," or "us"), doing business as TrustedHeal India, operates the website and associated AI-powered services (collectively, the "Platform"). We are committed to protecting your privacy with the highest standards of security, specifically regarding Protected Health Information (PHI) and Sensitive Personal Data.

This Policy has been drafted in strict compliance with the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000, and where applicable, principles aligned with HIPAA (USA) and GDPR (EU/UK)for international data transfers.

1. Explicit Consent & Data Collection

By voluntarily providing your data, you grant us explicit, unequivocal consent to collect, process, and store the following categories of information:

• Personal Identity Information (PII): Full name, passport details, age, gender, nationality, and government-issued ID proof.
• Sensitive Medical Data (PHI): Existing medical conditions, past surgeries, diagnostic reports (DICOM, PDF, Images), prescriptions, physician notes, and treatment preferences.
• Communication Data: Email correspondence, WhatsApp chat logs, and recordings of calls with our voice agents (processed for quality and AI training purposes).
• Technical & Behavioral Data: IP address, device fingerprint, browser geolocation, and interaction logs with our AI chatbot/agents.

2. Use of Artificial Intelligence (AI)

We use AI technologies to:

• Analyze medical reports to match you with suitable hospitals.
• Provide instant, automated responses via our chatbot and voice agents.
• Translate medical documents and communications.

De-identification & Risk: We employ commercial best efforts and industry-standard masking techniques (replacing names/emails) before transmitting data to AI processors. However, you acknowledge the inherent risk that re-identification may technically be possible, and you explicitly consent to this processing risk.

3. International Data Transfer

As a medical tourism facilitator based in India, your data explicitly must be transferred outside your home country (e.g., USA, UK, Canada, UAE) to India.

By using our services, you expressly consent to this cross-border transfer.You acknowledge that India may have different data protection laws than your country of residence. However, we contractually bind our partner hospitals and service providers to maintain strict confidentiality.

4. Disclosure to Third Parties

We are not in the business of selling data. Your strict medical confidentiality is paramount. However, to provide the requested services, we must share specific data with:

• Network Hospitals & Doctors: Your medical records are shared only with the specific providers you choose or browse for the purpose of obtaining a medical opinion/quote.
• Government Authorities: For Medical Visa processing (e-Medical Visa) and compliance with Indian Foreigner Registration Office (FRRO) requirements.
• Legal & Safety: If required by a court order or to prevent an imminent threat to life or safety.

5. Data Retention & Deletion

We retain your data only as long as necessary to fulfill the purposes outlined here or as required by law (e.g., maintaining records for 5 years per medical regulations).

Right to Erasure: You may request the deletion of your personal data at any time by contacting our Data Protection Officer. Note that some data may be retained in encrypted backups for a limited period or if required by law.

6. Security Measures

We implement industry-leading security protocols:

• End-to-End Encryption: All data in transit is encrypted using TLS 1.3+.
• At-Rest Encryption: Database records are encrypted using AES-256 standards.
• Access Control: Zero-trust architecture restricts access to your data only to assigned Case Managers.

7. Children's Privacy

Our services are not intended for individuals under the age of 18 without parental consent. For pediatric patients, we strictly require explicit written consent from a parent or legal guardian before processing any data.

8. Changes to Policy

We reserve the absolute right to modify this policy at our sole discretion. Significant changes will be notified via email or a prominent notice on the Platform. Your continued use of the Platform signifies acceptance of the revised terms.

9. Cookie Policy & Tracking

We use specific types of cookies to enhance your experience:

• Essential Cookies: Strictly necessary for the security and operation of the Platform. Cannot be disabled.
• Analytics Cookies: Used to understand user behavior (e.g., Google Analytics). You may opt-out via your browser settings.
• Marketing Cookies: Used to deliver relevant advertisements. We require your explicit opt-in for these.

10. Data Breach Notification

In the unlikely event of a Personal Data breach, we are legally committed to:

• Notify Authority: Inform the Data Protection Board of India within 72 hours of becoming aware of the breach.
• Notify Users: Inform affected users without undue delay, outlining the nature of the breach and remedial measures taken.

11. Genetic & Biometric Data

For specific treatments (e.g., Oncology, Cardiology), we may process Genetic Data or Biometric Data. We strictly process this data only with your specific, separate written consent and in accordance with enhanced security protocols.

12. Contact & Grievance Officer

In accordance with the IT Act 2000 and DPDPA 2023, the contact details of the Grievance Officer are provided below:

Grievance Officer
TrustedHeal Legal Team
Address: Cyber City, Gurugram Delhi NCR, India
Email: support@trustedheal.com