Privacy Policy
Last updated: March 2026
1. Introduction
EzerHeal ("we", "our", "us") is operated by ESPR Creative Lab. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications and website (collectively, the "Platform").
We are committed to protecting your privacy in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian regulations.
2. Information We Collect
Personal Information: Name, phone number, email address, date of birth, gender, profile photo, and preferred language.
Health Information: Medical history shared during consultations, prescriptions, lab reports, and consultation recordings (with consent).
Payment Information: Transaction details processed through Razorpay. We do not store your card details or UPI PIN.
Device Information: Device type, operating system, app version, and crash logs for service improvement.
Doctor Verification: Medical council registration number, degree certificates, and government-issued ID for KYC verification.
3. How We Use Your Information
- To facilitate teleconsultations between patients and doctors
- To process payments and issue receipts
- To verify doctor credentials and maintain platform integrity
- To deliver medicines and lab test results
- To send appointment reminders and health notifications
- To improve our services and user experience
4. Data Storage and Security
Your data is stored on Supabase servers located in the Mumbai, India region. We use encryption in transit (TLS) and at rest. Aadhaar numbers are hashed before storage and are never stored in plain text.
Access to patient health records is restricted through Row Level Security policies. Doctors can only access records for patients with active appointments.
5. Third-Party Services
We use the following third-party services to operate the Platform:
- Supabase: Database hosting, authentication, and file storage (Mumbai, India region)
- Razorpay: Payment processing (UPI, cards, net banking, wallets)
- Agora: Video and audio call infrastructure for teleconsultations
- Firebase Cloud Messaging: Push notification delivery
- MSG91: SMS OTP delivery for phone verification
- PostHog: Product analytics and crash/error reporting. Events are tied only to an internal user ID and account role — no name, phone number, or health data is sent
- Resend: Transactional email delivery
Each third-party service processes only the minimum data necessary for its function. We do not sell your personal data to any third party.
6. Data Sharing
We share data only with:
- Your assigned doctor during a consultation
- Payment processors (Razorpay) for transaction processing
- Pharmacy and lab partners for order fulfillment
- As required by Indian law or government authorities
7. Data Retention
We retain your data for the following periods:
- Account data: Retained while your account is active, deleted within 30 days of account deletion request
- Consultation records and prescriptions: 3 years (as required by Telemedicine Practice Guidelines 2020)
- Chat messages: 2 years from consultation date
- Payment records: 7 years (as required by Indian tax regulations)
- Push notification logs: 6 months
- Audit logs: 3 years
- KYC documents (doctors): Duration of registration plus 1 year
After the retention period, data is permanently deleted or anonymised.
8. Your Rights
Under the DPDP Act 2023, you have the right to:
- Access your personal data held by us
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Withdraw consent for data processing
- Nominate another person to exercise your rights
To exercise these rights, contact us at [email protected].
9. Account Deletion
You can request deletion of your account and all associated personal data at any time through the app (Settings > Account > Delete Account) or by emailing [email protected].
Upon deletion: your profile, consultation history, chat messages, and uploaded files are permanently removed within 30 days. Payment records and audit logs are retained as required by law (see Data Retention above). Your phone number is disassociated and can be used to create a new account.
10. Data Export (Portability)
Under the DPDP Act 2023, you have the right to receive a copy of your personal data in a structured, machine-readable format. You can request a data export through the app (Settings > Account > Export My Data) or by emailing us. Your export will include your profile information, consultation history, prescriptions, order history, wallet transactions, and consent records. File download links in an export are available for 24 hours.
11. Children's Privacy
EzerHeal is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will delete such data.
Minors aged 13-17 may use the Platform under parental supervision, with the parent or guardian accepting these terms on their behalf.
12. Cookies and Tracking
Our mobile apps do not use cookies. Our website (ezerheal.com) uses essential cookies for basic functionality only. We use PostHog for analytics and crash reporting, tied only to an internal user ID and account role (no personal or health data is transmitted). We do not use advertising trackers or sell data to advertisers.
13. Contact Us
For privacy-related inquiries:
ESPR Creative Lab
Aizawl, Mizoram 796001, India
Email: [email protected]
14. Grievance Officer
In accordance with the DPDP Act 2023, you may contact our Grievance Officer for any concerns regarding the processing of your personal data:
Email: [email protected]