Login
Login

Privacy Policy

Effective Date: 23-May-2025
Last Updated: 23-May-2025
Applicable To: GenieDr SaaS Application (https://www.app.geniedr.com)

GenieDr (“GenieDr”, “we”, “us”, or “our”) values and respects the privacy of its users and patients. This Privacy Policy outlines our practices with respect to the collection, use, disclosure, storage, and protection of personal data, including sensitive personal data and health information, in compliance with:

  • The Digital Personal Data Protection Act (DPDP), 2023 – India

  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 – India

  • Google API Services User Data Policy, including Limited Use requirements

This Privacy Policy applies to users of the GenieDr platform, including doctors, staff, clinic administrators, and any authorized personnel managing patient information using our services.

1. Definitions

  • Personal Data refers to any information relating to an identified or identifiable individual.

  • Sensitive Personal Data (SPDI) includes health information, biometric data, financial information, etc.

  • Data Principal refers to the individual to whom the personal data relates (e.g., patients).

  • Data Fiduciary refers to the clinic or healthcare provider using GenieDr to process patient data.

  • Processing includes collection, storage, use, and sharing of personal data.


2. Information We Collect
a. User Information (Clinic/Practitioner)

  • Full name, mobile number, and email address

  • Clinic name, address, registration details

  • Medical qualifications, specializations

  • Login credentials via Google OAuth (email, ID)


b. Patient Information (SPDI)

  • Name, age, gender, contact information

  • Health history, diagnosis, medical records

  • Prescriptions, lab reports, treatment notes

  • Appointments, visit logs, invoice records


c. Device and Technical Information

  • IP address, browser type, time zone, device ID

  • Operating system and app usage data


d. Third-Party Data

  • Authorized access to your Google Drive folders

  • OAuth-scoped data from your Google account


3. Google OAuth and Drive API Integration

GenieDr uses Google OAuth 2.0 for secure authentication and integrates with Google Drive to manage patient records. Our usage complies fully with Google’s API Services User Data Policy, including the Limited Use clause:

  • OAuth Scope: We request permission only to authenticate your identity and to access/create/manage files in a dedicated “GenieDr” folder on your Google Drive.

  • Drive Access: We only read/write files in folders created by GenieDr. We do not access or scan any other Google Drive content.

  • No Advertising: We never use Google data for advertising purposes.

  • No Data Transfer: We do not transfer Google Drive content to any third party without explicit consent.

  • No Human Access: Human access is prohibited unless:

    • You provide explicit consent

    • Required for security or legal compliance

    • Required for internal quality assurance under strict access controls


4. Legal Bases for Processing (DPDP, SPDI Rules)

We process your data based on:

  • Consent: Provided explicitly when creating an account or authorizing Google access

  • Performance of Contract: To deliver core application functionality (e.g., EMR, invoicing)

  • Legal Obligation: To comply with applicable Indian laws

  • Legitimate Interest: Ensuring security, fraud prevention, and improving services


5. Use of Collected Data

We use your data to:

  • Authenticate users via Google OAuth

  • Provide clinic management features (EMR, appointments, invoicing)

  • Enable Google Drive-based secure medical file storage

  • Generate and store visit logs, prescriptions, and patient notes

  • Notify you of appointments or administrative tasks

  • Improve platform performance, support, and user experience

  • Comply with healthcare-related obligations


6. Data Storage and Residency

  • Application data (excluding files) is hosted on cloud infrastructure located in India.

  • All medical records are stored in your Google Drive, adhering to Google’s own infrastructure and data residency policies.

  • GenieDr does not copy or duplicate patient files unless explicitly authorized.


7. Data Retention

  • Personal data is retained for the duration of your active account.

  • You may delete patient records or your account at any time.

  • Data stored in Google Drive remains under your full control.

  • We retain logs and metadata for audit and legal defense for up to 6 years or as required under Indian law.


8. Data Security

We implement industry-standard security measures, including:

  • End-to-end encryption (TLS/SSL)

  • Role-based access control (RBAC)

  • Two-factor authentication (optional)

  • Encrypted and tokenized access to Google APIs

  • Periodic third-party audits and vulnerability assessments

  • Backup and disaster recovery protocols

9. Data Sharing and Disclosure

We do not sell or commercially share your data. Disclosure is limited to:

  • Service Providers: Under strict contractual and confidentiality obligations

  • Legal Authorities: As required under Indian law or pursuant to a legal process

  • You or Authorized Personnel: As per internal clinic workflows and access roles

10. Your Rights Under Indian Law

As a Data Principal (you or your patients), you have the right to:

  • Access your data

  • Request corrections or updates

  • Withdraw consent (subject to consequences for service availability)

  • Request erasure or account deletion

  • Lodge a complaint with the Data Protection Board of India (once functional)

You may exercise these rights by emailing: [email protected]

11. Cross-Border Transfers

We do not transfer your data outside India except:

  • Where necessary for Google API functionality (as governed by your Google account’s data policies)

  • When authorized by the user or required by law

12. Children’s Privacy

GenieDr is not intended for direct use by children under the age of 18. Clinics may input patient records for minors under the supervision of a licensed healthcare provider. We do not knowingly collect data directly from minors.

13. Cookies and Analytics

We may use cookies to:

  • Maintain session data

  • Improve app performance

  • Understand usage patterns (non-personal data)

You may disable cookies in your browser settings. We do not use advertising or third-party tracking cookies.

14. Changes to This Policy

We may update this Privacy Policy as required by law or changes in technology. Updates will be posted on our website with a revised “Last Updated” date. We recommend checking this page periodically.

15. Contact Us

For any questions, concerns, or to exercise your data rights, please contact:

GenieDr – Jangam Healthcare LLP
Email: [email protected]
Website: https://www.geniedr.com
Location: 3rd Floor, Vanitha Arcade, Above Pantaloons, Suncity, Hyderabad

Solutions

Streamline your clinic management with AI technology.

Support

[email protected]

+919959521850

© 2025. All rights reserved.

Jangam Healthcare LLP

Privacy Policy

LINKS

Terms of use