KaeroPrescribe Logo

Privacy Policy

Last updated: January 1, 2026

Quick Navigation

Data CollectionData SecurityYour RightsInternational

1. Introduction

KaeroPrescribe ("we," "our," or "us"), a product of Kaero Group, is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare management platform.

This policy complies with applicable data protection laws including:

  • India: Information Technology Act, 2000; IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; Digital Personal Data Protection Act, 2023 (DPDP Act)
  • International: General Data Protection Regulation (GDPR) for EU/EEA users; Health Insurance Portability and Accountability Act (HIPAA) for US healthcare data
  • Healthcare Standards: National Health Authority guidelines, Clinical Establishments Act requirements

2. Information We Collect

2.1 Personal Information

  • Name, date of birth, gender, and contact information
  • Government-issued identification numbers (Aadhaar, PAN, Passport - as required)
  • Address and demographic information
  • Emergency contact details
  • Insurance and billing information

2.2 Sensitive Personal Data (Health Information)

Under Indian law, health data is classified as "Sensitive Personal Data or Information" (SPDI). We collect:

  • Medical history and health records
  • Diagnosis, treatment plans, and prescriptions
  • Laboratory test results and medical imaging
  • Vaccination records and allergies
  • Mental health information (where applicable)
  • Biometric data for patient identification (with explicit consent)

2.3 Technical Information

  • IP address, browser type, and device information
  • Usage logs, access times, and feature interactions
  • Cookies and similar tracking technologies

3. How We Use Your Information

We process your data for the following purposes:

3.1 Healthcare Services

  • Providing and managing healthcare services through our platform
  • Facilitating communication between patients and healthcare providers
  • Processing prescriptions and managing medication records
  • Coordinating laboratory tests and diagnostic services
  • Managing hospital admissions, appointments, and billing

3.2 Platform Operations

  • Account creation and authentication
  • Customer support and service improvement
  • Security monitoring and fraud prevention
  • Compliance with legal and regulatory requirements

3.3 Legal Basis for Processing (GDPR/DPDP Compliance)

  • Consent: For health data processing and marketing communications
  • Contract: To provide services you've requested
  • Legal Obligation: Compliance with healthcare regulations and reporting requirements
  • Vital Interests: Emergency medical situations
  • Legitimate Interests: Platform security and service improvement

4. Data Sharing and Disclosure

We may share your information with:

4.1 Healthcare Providers

Doctors, nurses, laboratories, pharmacies, and other healthcare professionals involved in your care, as authorized by you or required for treatment.

4.2 Service Providers

Third-party vendors who assist with hosting, analytics, payment processing, and other operational services (under strict confidentiality agreements).

4.3 Legal and Regulatory Bodies

  • Government authorities as required by law
  • National Health Authority for health record integration
  • Insurance companies for claims processing (with consent)
  • Law enforcement agencies pursuant to valid legal process

Important Notice

We will NEVER sell your personal or health information to third parties for marketing or commercial purposes.

5. Data Security

We implement comprehensive security measures in accordance with ISO 27001 standards and IT Act requirements:

5.1 Technical Safeguards

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication (MFA) for all accounts
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems
  • Automated backup with disaster recovery capabilities

5.2 Administrative Safeguards

  • Role-based access controls (RBAC)
  • Employee background checks and confidentiality agreements
  • Regular security awareness training
  • Incident response and breach notification procedures
  • Data access logging and audit trails

5.3 Physical Safeguards

  • Secure data centers with 24/7 monitoring
  • Biometric access controls for server facilities
  • Environmental controls and redundant power systems

6. Data Retention

We retain your data in accordance with legal requirements:

  • Medical Records: Minimum 3 years from last treatment (as per Indian Medical Council regulations), or longer as required by state laws
  • Billing Records: 8 years (as per tax regulations)
  • Account Information: Duration of account plus 2 years after deletion request
  • Audit Logs: 7 years for compliance purposes

7. Your Rights

Under the DPDP Act 2023, GDPR, and other applicable laws, you have the following rights:

Right to Access

Request a copy of your personal data

Right to Correction

Request correction of inaccurate data

Right to Erasure

Request deletion of your data (subject to legal retention requirements)

Right to Portability

Receive your data in a structured, machine-readable format

Right to Withdraw Consent

Withdraw consent at any time for consent-based processing

Right to Object

Object to processing based on legitimate interests

Right to Nominate

Nominate a person to exercise rights on your behalf (DPDP Act)

Right to Grievance Redressal

Lodge complaints with our Data Protection Officer or regulatory authorities

To exercise any of these rights, please contact our Data Protection Officer at privacy@kaerogroup.com

8. International Data Transfers

Your data is primarily stored and processed in India. If we transfer data internationally, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules where applicable
  • Compliance with cross-border data transfer regulations under DPDP Act
  • Ensuring recipient countries provide adequate data protection

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for platform functionality and security
  • Analytics Cookies: To understand usage patterns and improve services
  • Preference Cookies: To remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

10. Children's Privacy

Our platform may process data of minors (under 18 years) only with verifiable parental or guardian consent, in compliance with the DPDP Act. Healthcare providers are responsible for obtaining appropriate consent when treating minor patients.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification at least 30 days before the changes take effect. Your continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact Information

Data Protection Officer

Name: Data Protection Office, Kaero Group

Email: privacy@kaerogroup.com

Address: Kolkata, West Bengal, India

Grievance Officer (as per IT Act)

Email: grievance@kaerogroup.com

Response Time: Within 30 days of receipt of complaint

13. Regulatory Compliance

This policy complies with:

  • Information Technology Act, 2000 and its amendments
  • IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • Digital Personal Data Protection Act, 2023
  • Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002
  • Clinical Establishments (Registration and Regulation) Act, 2010
  • General Data Protection Regulation (GDPR) - for EU/EEA users
  • Health Insurance Portability and Accountability Act (HIPAA) - for US healthcare data