Privacy Policy
Effective date: December 16, 2025
This Privacy Policy explains how DrEase (“we”, “us”, “our”) collects, uses, discloses, and protects personal information when you use our website (drease.co.in) and our applications and services.
Information we collect
- Account and profile data: name, contact details (mobile number, email), clinic affiliation, role (e.g., admin, doctor, therapist, receptionist, pharmacist, accountant).
- Patient data: demographic details, consultation notes, prescriptions, medical history, appointment records, dependent relationships (main and dependents), and consent preferences.
- Operational data: clinic configurations, rate cards, pharmacy inventory, billing records, credit notes, purchase orders, inward register entries, and sales reports.
- Device and usage data: IP address, browser type, device identifiers, pages viewed, app events, timestamps, and cookies or similar technologies.
- Support and communications: messages, emails, and feedback you send to us.
How we use information
- Provide and improve services: enable multi-clinic access, manage appointments, maintain records, and operate pharmacy and inventory features.
- Security and integrity: authenticate users, enforce role-based access, detect fraud or misuse, and protect the platform.
- Compliance: maintain audit trails and fulfill legal or regulatory obligations applicable to healthcare operations.
- Communications: send service updates, notifications, and respond to support requests.
- Analytics: aggregate usage to improve performance and user experience.
Legal bases (where applicable)
- Consent: for specific actions like linking dependents and sharing records across clinics.
- Contractual necessity: to deliver the services you or your clinic requested.
- Legitimate interests: improve, secure, and operate the platform.
- Legal obligation: comply with laws, regulations, and lawful requests.
Sharing of information
- Within clinics: role-based access for authorized personnel (e.g., consulting doctors, pharmacists, receptionists, admins).
- Across clinics: with patient consent, records may be accessed by consulting doctors at other participating clinics.
- Service providers: trusted vendors for hosting, security, analytics, communications, and support bound by contractual safeguards.
- Legal and compliance: when required by law, court order, or to protect rights, safety, and integrity.
- Business transfers: in a merger, acquisition, or asset transfer, subject to continued protections.
Data retention
We retain personal information for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Clinical records may be retained in accordance with applicable healthcare regulations and clinic policies.
Security measures
- Encryption: HTTPS/TLS in transit and encryption of sensitive records at rest.
- Access controls: role-based permissions, strong authentication, and session management.
- Audit logging: access and changes to records are logged and monitored.
- Safeguards: regular patching, backups, and vulnerability assessments.
While we strive to protect your information, no method of transmission or storage is completely secure. We continuously improve our safeguards.
Cookies and similar technologies
We use cookies and similar technologies to provide essential functionality, remember preferences, and conduct analytics. You can manage cookies through your browser settings; disabling certain cookies may affect service functionality.
Your rights
- Access and correction: request a copy of your information and ask that inaccuracies be corrected.
- Deletion: request deletion of information, subject to legal and clinical record-keeping requirements.
- Consent management: update sharing preferences and dependent links.
- Objection and restriction: where applicable, object to or request restriction of certain processing.
- Data portability: where applicable, request a copy of your information in a usable format.
We may require verification and, where legally permitted, charge a reasonable fee for complex requests.
Children’s privacy
DrEase may manage records for minors as dependents under a main patient profile in coordination with clinics and guardians. We do not knowingly allow minors to create independent accounts without appropriate consent.
International data transfers
Your information may be processed in countries other than where you are located. When we transfer data, we implement safeguards designed to protect your information in accordance with this policy and applicable laws.
Updates to this policy
We may update this Privacy Policy from time to time. The “Effective date” will indicate the latest revision. Continued use of our services after an update constitutes acceptance of the revised policy.
Contact and grievances
If you have questions or requests regarding this Privacy Policy or your information, contact us at:
- Email: privacy@drease.co.in
- Address: DrEase, Bengaluru, Karnataka, India
For grievances (including under India’s data protection framework), you may contact our Grievance Officer at grievance@drease.co.in. We aim to acknowledge complaints within 24–72 hours and resolve them promptly.