TheraTreat LogoTheraTreat

TheraTreat Privacy & Security Policy

TheraTreat Health Pvt. Ltd. ("TheraTreat", "we", "our", "us") values the privacy and security of all users—clients, therapists, and partners. By using our website, mobile app, or services you agree to the practices described in this policy.

Last Updated: 05 Oct 2025Jurisdiction: India (DPDP)HIPAA Aware

1. Information We Collect

  • Personal Information: Name, age, gender, email, phone, address, IDs (where legally required).
  • Health & Therapy Information: Medical history, therapy goals, assessments, consultation details, prescriptions, uploaded reports.
  • Payment Information: Card / UPI / bank details processed via secure PCI-DSS compliant gateways (we do not store raw card numbers).
  • Technical Information: Device type, IP address, browser, cookies, usage patterns, performance telemetry for reliability.
  • Communications: Messages, calls or session notes (sessions are not recorded unless you explicitly consent).

2. How We Use Your Data

  • Enable booking, consultations, and client–therapist communication.
  • Personalize recommendations & enhance user experience.
  • Process secure payments and generate invoices / receipts.
  • Send reminders, notifications, and occasional offers (opt‑out available).
  • Meet legal, ethical, and regulatory obligations.

3. Data Sharing & Disclosure

  • With Therapists: Only relevant information required for therapy delivery.
  • With Payment Partners: For secure transaction processing.
  • With Regulators / Authorities: Where required by applicable law or court order.

We never sell or rent your data to advertisers or unrelated third parties.

4. Data Security & Storage

  • Encryption in transit (TLS) & at rest (provider‑managed storage).
  • Role-based & least‑privilege access controls.
  • Firewalls, periodic audits, security testing & dependency patching.
  • Secure backups with restricted access.

5. HIPAA-like Safeguards (Global Standard)

  • Confidentiality: No disclosure without consent except emergencies / legal duty.
  • Integrity: Controls to prevent unauthorized changes.
  • Access Controls: Strong authentication & session management.
  • Audit Trails: Logged access & critical actions for compliance review.
  • Breach Notification: Users notified within 72 hours of a confirmed material breach.

6. India’s DPDP Act Compliance

  • Consent First: Explicit consent for collection & use.
  • User Rights: Access, correction, withdrawal & deletion supported.
  • Data Fiduciary Responsibility: TheraTreat assumes accountability for lawful use.
  • Grievance Redressal: Dedicated Data Protection Officer (DPO) contact channel.

7. User Rights

  • Request a copy / export of your data.
  • Correct inaccuracies and update profile information.
  • Request deletion (subject to clinical / legal retention requirements).
  • Withdraw consent for non‑essential processing.
  • File a complaint with us or escalate to the Data Protection Board of India.

8. Cookies & Tracking

  • Essential: Core session & security functions.
  • Analytics: Performance & feature improvement.
  • Marketing (Optional): Only set with consent.

You can manage or clear cookies in your browser settings. Blocking some may impact functionality.

9. Data Retention

  • Health Records: Retained for at least 3 years (per Indian telemedicine / medical guidelines) unless longer retention is mandated.
  • Other Data: Kept only as long as necessary for service or compliance.
  • Deleted Data: Purged from active systems and removed from backups on lifecycle expiry.

10. International Data Transfers

Data may be processed on secure servers located in India. For cross‑border therapist collaboration or infrastructure providers, we apply equivalent contractual and technical safeguards.

11. Children’s Privacy

We do not knowingly collect data from children under 18 without verified parental / guardian consent. Pediatric therapy accounts require guardian oversight.

12. Third-Party Services

We integrate vetted third parties (e.g., payment gateways, communications, analytics). Each provider operates under its own privacy terms; we enforce contractual safeguards and minimum necessary data sharing.

13. Your Responsibilities

  • Maintain confidentiality of your login credentials.
  • Avoid sharing exported session notes with unauthorized persons.
  • Report suspicious or unauthorized account activity immediately.

14. Grievance Redressal & Data Protection Officer (DPO)

For any concern about your personal / health data, perceived misuse, breach notification queries, or to exercise a data right, please reach out using the channels below. We aim to acknowledge all legitimate grievances within 48 hours and to provide a substantive response within 15 working days.

Primary Contact (Support / Rights Requests)
📞 +91-XXXXXXXXXX (Mon–Fri 9:30 AM – 6:30 PM IST)
Data Protection & Escalations
📧 Grievance Officer: grievance@theratreat.in
Registered Office (for written correspondence)
TheraTreat Health Pvt. Ltd.
3rd Floor, (Building Name / Tech Park)
Plot / Street Line, Business District
Pune, Maharashtra 4110XX, India
(Replace placeholder address lines with final ROC registered address before production).

If you remain unsatisfied after our final response, you may escalate to the Data Protection Board of India under the Digital Personal Data Protection Act, 2023.

For security incidents, please include: a brief description, suspected date/time, any indicators (logs / headers), and impact scope if known.

15. Policy Updates

We may update this Policy periodically. Revised versions will show a new “Last Updated” date. Material changes will be communicated via in‑app notification or email. Continued use indicates acceptance.

Privacy Promise

Your trust matters most. We keep sessions private, data safeguarded, and user rights respected. If you believe any aspect of this policy is unclear or incomplete, reach out so we can improve transparency.
If translation differences occur, the English version prevails.