Privacy Policy

Depending on how you interact with us, we may collect the following:

Basic Contact Details

• Your name, mobile number, and email address
• Your city, state, and PIN code
• An emergency contact name and phone number where relevant

Clinical & Medical Information

Because our work is clinical in nature, some of the information we handle is sensitive personal health data, collected strictly with your explicit prior consent and used only for your care:

• Details of the patient's medical condition, diagnosis, and treatment plan
• Medical history, existing health conditions, allergies, and current medications
• Recent discharge summaries, lab reports, and referring-doctor instructions
• Care-plan notes, vitals, progress observations, and shift handovers
• Photographs, taken only when clinically necessary (e.g. wound assessment) and only with your written consent at the time. These images are never used for any promotional purpose.

Appointment & Service Records

• Details of appointments, home visits, enquiries, and follow-ups
• Feedback or satisfaction responses you share with us

Payment & Scheme Information

• Billing and invoice records
• Government health scheme eligibility details (e.g. CGHS, ESI, Ayushman Bharat)
• Insurance information, only when you ask us to assist with a claim
• We never store your card or net-banking details. All online payments flow through PCI-DSS certified third-party gateways that handle encryption and authentication independently.

Website Technical Data

• IP address, browser type, and device information
• Pages visited and time spent on our website
• This data is used only in aggregate, anonymised form to understand how our website performs. It is never linked to your identity.

Every piece of information we collect has a clear, specific reason behind it. We use your data to:

• Assess the patient's care needs and match the right caregiver
• Schedule and manage home visits, shifts, and replacements
• Coordinate with your referring doctor, hospital, or physiotherapist, only with your permission
• Process billing, insurance claims, or scheme reimbursements you have requested
• Send shift reminders, care-plan updates, and operational notices
• Respond to your enquiries and resolve any concerns
• Meet our obligations under Indian health, financial, and data-protection laws
• Improve our website and services using anonymised, non-identifiable aggregate data

Consent is the foundation of everything we do with your data. We ask for it before we collect, and we explain exactly what we are collecting and why.

You give us consent when you:

• Submit an enquiry or callback request on our website
• Sign the patient intake form during the initial home assessment
• Contact us via phone, WhatsApp, or email to begin your care journey
• Request a caregiver, home visit, or doctor consultation

For sensitive health data, we will always ask for explicit, written consent before collecting anything. We explain what is needed, in clear language, at every step.

You can withdraw your consent at any time by writing to us at tathaast@gmail.com. Withdrawing consent will not affect anything we have already done lawfully, but it may mean we are unable to continue providing certain aspects of your clinical care. We will always tell you this before acting on a withdrawal request.

Health and clinical data are in a special category under Indian law, and we treat it that way. Patients and their families share some of the most personal information imaginable: medical diagnoses, treatment plans, and the realities of caring for a loved one. We take that trust seriously.

• We collect health data only with your explicit prior consent, explained in plain language
• We use it exclusively for the patient's care, never for any commercial or analytical purpose
• Access is limited to the coordinator and caregiver(s) directly involved in the case
• We do not share it with external parties without your explicit go-ahead
• Photographs (e.g. wound progress) are taken only when clinically necessary and only with your fresh written consent each time. They are never published, shared online, or used in any promotional material
• Any data shared with a lab or pharmacy partner is limited to the minimum required, under a strict confidentiality agreement

We share your information only in very specific situations. Here is exactly when and why:

We put real safeguards in place, not just policy words:

• Clinical records on our systems are behind role-based access controls: only the coordinator and caregiver(s) assigned to your case can see them
• Physical paper records are kept in locked storage at our head office
• Our digital systems use password protection and encryption
• Our website and server infrastructure is regularly patched and monitored
• Every coordinator and caregiver is trained on confidentiality obligations
• All external vendors and partners sign confidentiality agreements before touching any data

If a data breach occurs that is likely to harm you, we will notify you and the Data Protection Board of India as required by the DPDP Act, 2023. We will not wait, and we will not minimise.

We keep data only as long as it is genuinely needed:

Once data is no longer required, it is securely deleted or irreversibly anonymised. We do not hold on to personal data out of habit.

Under the Digital Personal Data Protection Act, 2023 and the IT (SPDI) Rules, 2011, you have real, enforceable rights:

Write to our Grievance Officer at tathaast@gmail.com. We will acknowledge within 48 hours and respond fully within 7 working days.

We regularly care for paediatric patients and young patients recovering from illness or surgery. When the patient is under 18, we collect information and obtain consent from the parent or legal guardian, who may also exercise all data rights on the child's behalf.

Many of our patients also live with significant physical or cognitive disabilities. We are committed to making every consent process accessible: clear language, face-to-face explanation, and family support wherever needed. Consent is never ticked off as a formality: we make sure it is genuinely understood.

Our website uses a small number of cookies to function properly and to understand how visitors use the site:

• Essential cookies: Keep the site working via session management and form functionality. Cannot be switched off without breaking the site
• Analytics cookies: Tell us which pages are visited most, in anonymised, aggregate form. No individual is identified
• Preference cookies: Remember display choices like language or font size across visits

We do not run advertising cookies. We do not allow any third-party ad network to place trackers on our site. You can manage or delete cookies at any time through your browser settings.

Our website may link to social media pages (Facebook, Instagram, YouTube) or other external sites. Once you leave www.tathaast.com, this Policy no longer applies. We have no control over what those sites do with your data, and we encourage you to read their privacy policies before sharing anything with them.

We will update this Policy when our practices change or when the law requires it. Any meaningful update will be posted on this page with a revised effective date. If you are an existing patient family, we will also let you know via email or WhatsApp, at least 30 days before the change takes effect. Continuing to use our website or Services after that point means you accept the updated terms.