Compliance
Digital Personal Data Protection (DPDP) readiness
CalDoc India follows the TELEMEDICINE Practice Guidelines 2020 and the DPDP Act, 2023. This page summarises how we collect, process, and protect personal data across the platform.
How we protect patient data
- Consent-first workflows. Every booking captures explicit consent, and patients can withdraw consent from their profile.
- Purpose limitation. Health data is only used for providing care, fulfillment, and regulatory reports.
- Retention controls. Records are encrypted at rest (Postgres + S3) with lifecycle policies; you may request deletion via privacy@telemed.in.
- Audit trails. Administrative actions, prescriptions, fulfillment updates, and WhatsApp notifications are logged.
Your DPDP rights
- Right to access and confirm what data we hold.
- Right to correction, portability, and erasure (subject to medical record obligations).
- Right to grievance redressal via privacy@telemed.in.
- Right to nominate a representative to exercise these rights.
Infrastructure controls
- S3 uploads/downloads use short-lived signed URLs with access logging.
- Video visits use Daily.co rooms with waiting rooms; payments run through Razorpay (PCI-DSS).
- Secrets stay in environment variables; staff accounts use role-based access (provider vs admin/pharmacy).