Legal

Privacy Policy

Last updated: March 2, 2026

1. Introduction

BookMyDoc ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, disclose, and safeguard your information when you use our mobile application ("App") and website ("Site"), collectively referred to as the "Services."

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: Full name, email address, mobile phone number, date of birth, gender, profile photo.
  • Health Information: Medical history, current medications, allergies, prescribed treatments, doctor's notes, prescriptions, lab reports, and other health-related data you choose to store in the app.
  • Payment Information: Billing address, payment method details (credit/debit card numbers, UPI IDs, net banking details). Note: Full payment card details are processed securely by our third-party payment gateway providers and are never stored on our servers.
  • Identity Verification: Government-issued ID documents (Aadhaar, PAN) when required for payment verification or regulatory compliance.
  • Communication Data: Messages sent through our in-app chat, feedback, reviews, complaints, and customer support tickets.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, unique device identifiers, browser type, language preferences.
  • Usage Data: Pages viewed, features used, search queries, session duration, clicks, taps, scroll behavior, and in-app navigation patterns.
  • Location Data: Approximate or precise geographic location (with your consent) to show nearby doctors and clinics.
  • Log Data: IP address, access dates/times, app crashes, and system activity.
  • Cookies & Tracking: We use cookies, pixels, and similar technologies for analytics, performance optimization, and personalization.

2.3 Information from Third Parties

  • Doctor verification data from medical council registries.
  • Payment transaction status from payment gateway providers (Razorpay, Cashfree, or similar).
  • Social login data if you sign in with Google or Apple.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your BookMyDoc account.
  • Facilitate doctor searches, appointment booking, rescheduling, and cancellations.
  • Process payments, refunds, and generate invoices.
  • Send appointment reminders, confirmations, and status updates via push notifications, SMS, WhatsApp, and email.
  • Provide digital prescriptions and health records access.
  • Enable doctor-patient communication within the platform.
  • Improve our Services through analytics and usage pattern analysis.
  • Detect, prevent, and address fraud, abuse, and security issues.
  • Comply with legal obligations and regulatory requirements.
  • Personalize your experience with relevant doctor suggestions and health tips.

4. Payment Processing & Security

BookMyDoc integrates with trusted, PCI-DSS compliant third-party payment gateways to process all financial transactions. Our payment processing practices include:

  • Payment Gateways: We use industry-leading gateways such as Razorpay, Cashfree, or equivalent RBI-authorized Payment Aggregators to process card payments, UPI, net banking, and wallet transactions.
  • No Card Storage: We do not store, process, or have access to complete credit/debit card numbers. All sensitive payment data is handled directly by our PCI-DSS Level 1 certified payment gateway partners.
  • Tokenization: Where recurring payments are enabled, card data is tokenized in compliance with RBI guidelines. We only store tokens provided by the payment gateway, which cannot be used to reconstruct card details.
  • Transaction Records: We retain transaction IDs, amount, date/time, status (success/failure/pending), and payment method type for bookkeeping, dispute resolution, and refund processing.
  • Refunds: Refund processing times depend on the payment method used. Typically 5–7 business days for card refunds and 2–3 business days for UPI/wallet refunds.
  • Payment Data Sharing: Transaction details are shared only with the relevant doctor/clinic for booking confirmation and with payment gateway partners for processing. No payment data is sold or shared with third-party marketers.

5. Data Sharing & Disclosure

We do not sell your personal data. We may share your information with:

  • Doctors & Clinics: Your name, appointment details, and relevant health information are shared with the doctor/clinic you book with to facilitate your appointment.
  • Payment Processors: Payment information as necessary to process transactions.
  • Service Providers: Cloud hosting (AWS/GCP), notification services (Firebase), SMS gateways, email providers — all under strict data processing agreements.
  • Legal Authorities: When required by law, court order, or government regulation, or to protect the rights, property, or safety of BookMyDoc, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the business assets, subject to applicable data protection laws.

6. Data Security

We implement robust security measures to protect your data:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit.
  • Secure API authentication using JWT tokens with short expiration times.
  • Regular security audits, vulnerability assessments, and penetration testing.
  • Role-based access control (RBAC) ensuring only authorized personnel can access specific data.
  • Automated intrusion detection systems and real-time monitoring.
  • Secure data centers with physical security controls, fire suppression, and disaster recovery.

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

  • Account Data: Retained as long as your account is active. Upon deletion request, personal data is erased within 30 days, except where retention is required by law.
  • Health Records: Retained for a minimum of 3 years as per Indian medical record-keeping guidelines, or longer if required by applicable regulations.
  • Payment Records: Transaction records are retained for 7 years as required by Indian tax and financial regulations.
  • Analytics Data: Anonymized and aggregated data may be retained indefinitely for product improvement.

8. Your Rights

Under applicable data protection laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Data Portability: Request your data in a structured, machine-readable format.
  • Withdraw Consent: Withdraw your consent for data processing at any time (this will not affect the lawfulness of processing before withdrawal).
  • Opt-Out: Opt out of marketing communications at any time via app settings or unsubscribe links.

To exercise any of these rights, contact us at privacy@bookmydoc.in.

9. Children's Privacy

Our Services are not intended for children under 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us personal information, please contact us and we will delete such data.

10. Third-Party Links

Our Services may contain links to third-party websites, services, or apps (e.g., clinic websites, map services). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be notified via in-app notifications, email, or a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of our Services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

BookMyDoc

Email: privacy@bookmydoc.in

Phone: +91 9596 543332

Address: Srinagar, Jammu & Kashmir, India

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (as applicable). Any disputes shall be subject to the exclusive jurisdiction of the courts in Srinagar, Jammu & Kashmir, India.