Privacy Policy - How Doctle.in Protects Your Data and Privacy

Last Updated: February 18, 2026

Quick Navigation

  1. What Information We Collect
  2. How We Use Your Information
  3. Legal Basis for Processing (GDPR)
  4. Data Sharing and Third Parties
  5. Data Security
  6. Data Retention
  7. Your Rights
  8. Cookies and Tracking
  9. Children's Privacy
  10. International Data Transfers
  11. Changes to This Policy
  12. Contact Us

Important Notice

Important: Doctle.in is designed for clinic operations, not medical records storage. We collect appointment and queue data — not patient medical histories or diagnoses. Doctors remain the data controllers of any health information discussed during consultations.

1. What Information We Collect {#section-1}

1.1 Information from Clinic Owners (Our Direct Users)

When you sign up as a clinic owner, we collect:

  • Account Information: Name, email address, phone number, clinic name, specialty, address
  • Payment Information: UPI transaction confirmations processed through PhonePe (we do not collect or store card details, bank account numbers, or UPI PINs)
  • Clinic Configuration: Operating hours, token amounts, service descriptions, QR code preferences
  • Usage Data: How you use the platform, features accessed, settings changed

1.2 Information About Patients (Collected on Behalf of Clinics)

When patients book tokens through your clinic's Doctle page, we collect:

  • Basic Contact Information: Name, phone number (for WhatsApp notifications)
  • Appointment Data: Token number, booking time, queue position, estimated wait time
  • Payment Confirmation: Token payment status (processed via third-party gateway)
  • Communication Preferences: Whether they opted in for reminders

What we DO NOT collect: Medical history, symptoms, diagnoses, prescriptions, treatment records, or any protected health information (PHI). Doctle is an operational tool, not an electronic medical record (EMR) system.

1.3 Technical Information

  • Device Data: IP address, browser type, device type, operating system
  • Analytics: Pages visited, time spent, clicks, referral sources
  • Cookies: Session cookies for authentication, functional cookies for preferences

2. How We Use Your Information {#section-2}

We use the information we collect for the following purposes:

PurposeData UsedLegal Basis
Provide queue management servicePatient names, phone numbers, booking timesContract fulfillment
Send appointment remindersPhone numbers, booking timesLegitimate interest
Process token payments (UPI only)UPI transaction ID, booking dataContract fulfillment
Clinic owner account managementEmail, name, clinic detailsContract fulfillment
Customer supportCommunication history, account dataLegitimate interest
Product improvement and analyticsUsage data, aggregated statisticsLegitimate interest
Security and fraud preventionIP addresses, device data, usage patternsLegitimate interest
Legal complianceAll data as requiredLegal obligation

We do NOT:

  • Sell your data to third parties
  • Use patient appointment data for advertising
  • Share individual patient information with anyone except the clinic that collected it
  • Train AI models on your patient data

3. Legal Basis for Processing (GDPR Compliance) {#section-3}

For users in the European Economic Area (EEA), UK, or other jurisdictions with GDPR-equivalent laws, we process personal data under the following legal bases:

  • Contract: Processing necessary to provide our service to clinic owners (account management, queue system, payment processing)
  • Legitimate Interest: Improving our product, preventing fraud, analytics (with safeguards to protect your rights)
  • Consent: Marketing communications (you can withdraw consent anytime)
  • Legal Obligation: Compliance with tax, accounting, and data protection laws

Data Controller vs. Data Processor: For patient data collected through clinic bookings, the clinic is the data controller and ProductAccel (operating as Doctle.in) is the data processor. This means the clinic determines what patient data is collected and why — we simply provide the tool. For clinic owner account data, ProductAccel is the data controller.

4. Data Sharing and Third Parties {#section-4}

We share data only when necessary to provide our service or as required by law:

4.1 Service Providers

We work with trusted third-party service providers who process data on our behalf:

  • Payment Processing: PhonePe (India) — for UPI payment processing (we do not process or store card information)
  • SMS/WhatsApp Notifications: MSG91 — for sending appointment reminders and notifications
  • Hosting Infrastructure: Secure data centers in India — for storing application data
  • Analytics: Google Analytics and Microsoft Clarity — for understanding how our platform is used and identifying UX improvements (anonymized where possible)
  • Email Services: Third-party email service providers — for transactional emails and notifications

All service providers are contractually bound to protect your data and use it only for the services they provide to us.

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, users, or the public.

4.3 Business Transfers

If ProductAccel (operating as Doctle.in) is acquired or merges with another company, your data may be transferred as part of that transaction. We'll notify you before any such transfer.

4.4 What We Don't Do

  • We don't sell patient or clinic data to marketers, data brokers, or advertisers
  • We don't share patient data between different clinics
  • We don't use patient data for our own commercial purposes beyond providing the service

5. Data Security {#section-5}

We implement industry-standard security measures to protect your data:

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
  • Encrypted Storage: Sensitive data is encrypted at rest in our databases
  • Access Controls: Role-based access ensures only authorized personnel can access data
  • Regular Audits: We conduct security reviews and vulnerability assessments
  • Secure Infrastructure: Data is hosted in India in secure, monitored data centers with 24/7 protection
  • Authentication: Two-factor authentication available for clinic owner accounts
  • Payment Security: We never store card details or banking credentials — all UPI payments are processed directly by PhonePe

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention {#section-6}

We retain data for different periods depending on its type and purpose:

  • Patient Appointment Data: Retained for 90 days after the appointment, then automatically deleted (unless the clinic exports it for their own records)
  • Clinic Account Data: Retained for the duration of your subscription plus 30 days after cancellation
  • Payment Records: Retained for 7 years for tax and accounting compliance
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely
  • Support Communications: Retained for 2 years for quality assurance

Clinic owners can export their data at any time before cancellation. After account deletion, data is permanently removed from our active systems within 30 days (except where we're legally required to retain it).

7. Your Rights {#section-7}

Depending on your location, you have the following rights regarding your data:

For Clinic Owners:

  • Access: Request a copy of all data we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your data in a machine-readable format (CSV, JSON)
  • Restriction: Request that we limit how we use your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Opt out of marketing communications anytime

For Patients:

If you're a patient who booked through a clinic's Doctle page, contact the clinic directly for requests about your data. They are the data controller. If the clinic cannot help, contact us at support@doctle.in.

GDPR Rights (EEA/UK Users):

You have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority if you believe we've mishandled your data.

To exercise your rights, email support@doctle.in with your request. We'll respond within 30 days (or 45 days for complex requests).

8. Cookies and Tracking {#section-8}

We use cookies and similar technologies for the following purposes:

Essential Cookies (Always Active):

  • Authentication and session management
  • Security and fraud prevention
  • Remembering your preferences and settings

Analytics Cookies (Optional):

  • Understanding how users interact with our platform
  • Identifying bugs and performance issues
  • Improving user experience based on usage patterns

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of the platform.

9. Children's Privacy {#section-9}

Doctle is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children. If you're a parent or guardian and believe your child has provided us with personal information, contact us immediately at support@doctle.in and we will delete it.

10. International Data Transfers {#section-10}

Doctle operates exclusively in India, and all data is stored on servers located within India. We do not transfer your data outside of India for storage or primary processing.

The only international data flows occur when:

  • You access Doctle from outside India (data in transit)
  • Third-party service providers (like Google Analytics) process usage data for analytics purposes

For users in the EEA or UK accessing our service, we ensure appropriate safeguards including Standard Contractual Clauses (SCCs) with any providers that process data outside India.

11. Changes to This Policy {#section-11}

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we'll:

  • Update the "Last Updated" date at the top of this page
  • Notify clinic owners via email
  • Post a notice on our website or in-app

Continued use of Doctle after changes become effective constitutes acceptance of the updated policy.

12. Contact Us {#section-12}

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ProductAccel (Doctle.in)

  • Email: support@doctle.in
  • Address: ProductAccel, Chennai, Tamil Nadu, India
  • Response Time: We aim to respond to all privacy inquiries within 48 hours