Privacy Policy

1. No "public" patient data

AV Care does not offer a public appointment or marketing funnel for prospective patients. We only process data for patients who are registered at your clinic and have a clinical case tied to an in-clinic encounter, in line with how your practice uses the system.

2. Data categories & purpose

Identity data: Optional ABHA ID (if your clinic captures it), name, mobile number, and related demographics — used to identify the patient, link family records where your clinic uses that logic, and contact the patient as needed.

Clinical data: Observations, diagnosis, remarks, prescriptions, lab and medicine lines associated with a case. This is stored in a secure MySQL database with access restricted to your clinic's authorized users. Full-disk encryption and additional encryption at rest depend on your hosting environment; we recommend India-based hosting with industry-standard protections.

Billing data: Fee amounts, discounts, totals, and payment-related notes for the clinic's internal financial records.

3. Data localization (India)

In line with Indian expectations for health and personal data, you should deploy AV Care on infrastructure located in India so patient and clinic data remain in the country. AVTechnosol does not transfer your medical data outside India as part of the product; any transfer would require your explicit configuration or integration choices.

4. Role-based access control (RBAC)

Access is enforced by role and, where configured, by module permissions:

• Doctor / clinic admin: Full access to patients, cases, billing finalization, and clinic settings (as implemented in your deployment).
• Staff / nurse: Access limited to patient registration and case entry according to permissions set by the admin.
• Pharmacist: Access limited to medicine assignment and inventory views as allowed by the admin.

5. Patient rights (DPDP Act 2023 / 2026 rules)

Under India's Digital Personal Data Protection Act, 2023 and related rules (including provisions taking effect in 2026 where applicable), patients may request a copy of their case history or exercise a right to correction where records are inaccurate. AV Care supports this operationally by allowing the clinic admin (and authorized staff) to view case history, print or share receipts, and edit patient and case records to correct errors. Your clinic remains responsible for verifying identity and fulfilling requests under applicable law.

6. Security standards

Encryption in transit: Use HTTPS (TLS) in production so data between browsers and your server is protected (commonly up to 256-bit strength depending on cipher suite).

Audit logs: The application records key actions such as creating or updating clinical cases and creating or updating patient records, including which user acted and when, to support accountability and reduce unauthorized tampering. Review retention and backup of logs as part of your compliance process.