Privacy Policy

1. Who We Are

Madhavi Netralaya ("we", "us", "our") is a tertiary eye hospital located at Near Maharaja College Gate, South Ramna Road, Ara, Bihar, India – 802271. We operate the website at www.madhavinetralaya.com.

We are a healthcare provider regulated under applicable Indian laws, including the Clinical Establishments (Registration and Regulation) Act, 2010, the IT Act 2000, and the Digital Personal Data Protection Act 2023 (DPDP Act). We are committed to protecting the privacy and confidentiality of all individuals who interact with us.

For privacy-related queries, please contact us at: info@madhavinetralaya.com or call 1800-571-9090.

2. What Information We Collect

This website is an informational website only. We collect very limited information:

2.1 Information you voluntarily provide

• Online booking (Zoho Bookings): Name, phone number, email (if provided), appointment details, and transaction references returned by Zoho when you pay online. Card and bank credentials are handled by Zoho's payment infrastructure; we do not receive or store full card numbers.
• Appointment enquiry forms (if used): Your name, phone number, preferred date/time, and the speciality you wish to consult. We do not request your medical history, diagnosis, or symptoms through online forms.
• Patient feedback form: Service experience ratings and optional contact phone — stored in our encrypted Supabase database. Automated PHI detection blocks clinical narratives. We do not request diagnoses or test results.
• AI chat assistant: General hospital enquiries only. Messages containing protected health information are blocked before processing.
• Phone calls: If you call our helpline, basic call records are retained by our telecom provider.

2.2 Automatically collected information (technical data)

• Cookie consent preference: Stored locally in your browser only. Not transmitted to our servers.
• Server logs: Netlify (our hosting provider) may collect standard web server logs including IP address, browser type, and pages visited. These logs are retained for security and diagnostic purposes for up to 27 days. We do not use these logs to profile or identify individual visitors.

3. What We Do NOT Collect

• Medical history, diagnoses, symptoms, or treatment records
• Prescription details, test results, or clinical reports
• Aadhaar numbers, PAN numbers, passport details, or government IDs
• Financial data, bank account details, or full payment card numbers on our servers (online payments are processed by Zoho Bookings)
• Biometric data (fingerprints, facial images, iris scans)
• Caste, religion, or political opinion data
• Precise GPS location
• Data from minors under 18 years of age

All clinical patient records are maintained in our hospital's internal patient management system, which is separate from this website, operates under stricter access controls, and is governed by a separate Patient Data Policy provided at time of registration.

4. How We Use Your Information

We use the limited information we collect only for the following purposes:

• To respond to appointment enquiries and schedule consultations
• To call or message you back when requested
• To improve the website based on aggregated, anonymous usage patterns
• To comply with legal obligations under Indian law

We do not use your information for advertising targeting, profiling, or any commercial purpose beyond the above.

5. Cookies & Tracking

We use essential cookies only to remember your cookie consent preference and language preference. These are stored in your browser's localStorage and are not transmitted to any server.

We do not use:

• Google Analytics or any analytics tracking cookies
• Facebook Pixel, Google Ads, or any advertising cookies
• Session recording tools (Hotjar, Microsoft Clarity, etc.)
• Any third-party tracking technology

You can manage your consent preference at any time by clearing your browser's local storage or clicking "Essential Only" in our cookie banner.

6. Phone & WhatsApp communication

Use phone/WhatsApp only for: Booking appointments, asking about timings, directions, and general enquiries.

Do not send via WhatsApp: Medical reports, test results, prescriptions, Aadhaar/ID documents, or sensitive health information. Please bring these in person or share them with our clinical team directly at the hospital.

Call our toll-free helpline: 1800-571-9090 (24/7).

7. Third-Party Services

This website uses the following third-party services:

• Zoho Bookings (online scheduling and payments): Processes booking and payment data you submit when booking an OPD consultation. Zoho Privacy Policy
• Supabase (encrypted feedback storage): Stores service feedback you voluntarily submit. Supabase Privacy Policy
• Anthropic (AI chat): Processes general enquiry messages only; PHI is blocked server-side before transmission. Anthropic Privacy Policy
• Netlify (hosting): Processes server logs. netlify.com/privacy
• Google Fonts (typography): Font files are loaded from Google's CDN. Google may receive your IP address when fonts load. Google Privacy Policy

We require appropriate data processing agreements with vendors that may process health-related data, aligned with HIPAA best practices and India's DPDP Act.

8. Data Security

We implement the following security measures to protect any information processed in connection with this website:

• HTTPS/TLS encryption: All connections to this website are encrypted. Our SSL certificate is provisioned by Netlify.
• HTTP Security Headers: We deploy strict Content-Security-Policy, X-Frame-Options, HSTS, and other security headers on all pages.
• PHI blocking: Automated detection blocks protected health information in chat and feedback before it is stored or sent to AI services.
• API access controls: Server APIs accept requests only from our website origins.
• No clinical EMR on web servers: Full medical records are maintained in our hospital's internal systems, separate from this website.
• Regular security reviews: Our hosting configuration is reviewed periodically against current security best practices.

Despite our best efforts, no internet transmission or electronic storage is completely secure. We encourage you to exercise caution when sharing any sensitive information online.

9. Your Rights Under Indian Law

Under India's Digital Personal Data Protection Act 2023 (DPDP Act) and the IT Act 2000 / SPDI Rules 2011, you have the following rights regarding personal data we hold about you:

• Right to Access: You may request a summary of personal data we hold about you.
• Right to Correction: You may request correction of inaccurate personal data.
• Right to Erasure: You may request deletion of personal data, subject to our legal retention obligations.
• Right to Grievance Redressal: You may file a complaint with us, and if unresolved, with the Data Protection Board of India once established.
• Right to Nominate: You may nominate an individual to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, please email us at info@madhavinetralaya.com with the subject line "Data Rights Request". We will respond within 27 days.

10. Children's Privacy

This website does not knowingly collect personal data from children under the age of 18. If you are a parent or guardian and believe your child has submitted personal information through this website, please contact us immediately at info@madhavinetralaya.com and we will delete the information promptly.

Paediatric patients seen at Madhavi Netralaya have their clinical records maintained under parental/guardian consent and governed by a separate in-hospital privacy protocol.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Continued use of the website after changes constitutes acceptance of the updated policy.

For significant changes, we will display a prominent notice on the homepage for at least 27 days.

12. Contact Our Data Officer