SmartCarePlus

Privacy Policy - SmartCarePlus

1. Introduction

SmartCarePlus (“Platform”, “Service”, “we”, “our”, or “us”) is a healthcare management and automation platform operated by Smart Code Junction Infinity Private Limited (“Company”), registered under the Ministry of Corporate Affairs, Government of India (CIN: U62099UP2025PTC230480).

We are committed to protecting your personal and health information. This Privacy Policy explains how SmartCarePlus collects, uses, shares, and protects information from patients, clinics, doctors, laboratories, pharmacies, radiologists, and any other healthcare providers using the platform.

By using SmartCarePlus, you agree to the terms of this Privacy Policy.

2. Scope

This policy applies to all categories of users on the SmartCarePlus platform, including:

Patients – individuals using SmartCarePlus for appointments, prescriptions, or self-tracking.
Clinics & Hospitals – healthcare facilities managing patient operations.
Doctors & Radiologists – professionals providing consultations and diagnostics.
Laboratories – facilities conducting and uploading test results.
Pharmacies – partners processing prescriptions and medication orders.
Any future healthcare entities onboarded by SmartCarePlus.

This policy also applies when a patient directly inputs or uploads their own data via their account or WhatsApp interaction.

3. Information We Collect

3.1 Personal Information

We may collect:

Name, gender, contact number, email, date of birth.
Account credentials and linked WhatsApp number.
Location (city, state, country) for facility mapping and regulatory compliance.

3.2 Health & Medical Records

SmartCarePlus facilitates the secure storage of the following record types (entered by facilities or patients):

Prescriptions & consultation notes
Diagnostic reports, imaging (PDF/DICOM)
Discharge summaries & medical certificates
Invoices & billing data
Vitals (BP, glucose, temperature, SpO₂, heart rate, respiratory rate)
Lifestyle & fitness metrics (steps, sleep, hydration, nutrition)
Immunization & medication history
Mood check-ins and stress monitoring

3.3 Sensitive Personal Data

We process mental-health records (mood/stress data) that qualify as Sensitive Personal Data under the Indian IT Rules.

3.4 User-Generated Data

Patients may voluntarily enter or upload data (vitals, prescriptions, lifestyle info) into their accounts. Such data is encrypted and visible only to the patient and authorized providers.

3.5 Payment Information

Payment data is processed exclusively by Razorpay. SmartCarePlus never stores card numbers, UPI IDs, or bank credentials.

3.6 Technical & Usage Data

IP address, browser type, operating system.
Device identifiers, session IDs, access logs.
App activity, timestamps, crash logs.

3.7 Communication Data

Includes WhatsApp messages, voice interactions, and in-app support communications.

4. How We Use Information

We process collected information to:

Provide healthcare management and scheduling services.
Send appointment confirmations, reminders, and WhatsApp updates.
Generate invoices and process secure payments via Razorpay.
Improve service reliability, security, and performance.
Personalize user experience and measure service quality.
Comply with medical, tax, and legal obligations.

We never sell or rent user data to third parties.

5. Legal Basis for Processing

SmartCarePlus processes personal and health data based on:

Consent: Explicit consent collected during signup or onboarding.
Contractual necessity: To deliver services subscribed by users or facilities.
Legitimate interest: To improve services and protect platform integrity.
Legal obligation: To comply with healthcare and tax laws.

6. Role-Based Data Handling

User Role	Type of Data	Typical Use	Controller	Processor
Patients	Personal & self-added health data	Record management, reminders	SmartCarePlus + Patient	—
Clinics/Hospitals	Patient & appointment data	Healthcare delivery	Clinic	SmartCarePlus
Doctors/Radiologists	Medical notes, diagnostic uploads	Consultation records	Doctor	SmartCarePlus
Labs	Diagnostic test results	Report generation	Lab	SmartCarePlus
Pharmacies	Prescription orders, invoices	Medicine fulfillment	Pharmacy	SmartCarePlus
SmartCarePlus	Platform analytics & operational data	Platform improvement	SmartCarePlus	—

We share limited data only with trusted service providers necessary for operations:

Service	Purpose	Region	Access Scope
Razorpay	Secure payment processing	India	Transaction metadata
Meta (WhatsApp Cloud API)	Automated appointment/reminder messages	Global	Message content + recipient
Hostinger VPS	Platform hosting (non-sensitive data)	India	Config data only
Google Cloud Healthcare & Storage	Health-record storage & media	India/US	Encrypted records
AWS	Reminder scheduling engine	India/US	Timing metadata
Firebase Cloud Messaging	Push notifications	Global	Message payload
Google Analytics	Website analytics	Global	Anonymized traffic data

All partners adhere to strong contractual or policy-based data protection standards.

8. Data Storage & Region

Indian users’ data is stored in the Mumbai (India) region.
International users’ data is stored in the US Central region.
Backups remain within the same jurisdiction as primary data.
Facility configuration data (non-sensitive) is hosted on Hostinger (India).

9. Data Retention & Deletion

Records retained minimum 7 years from last interaction or as required by law.
Users may request deletion anytime → processed within 30 days after verification.
Data retained for legal or analytics purposes is anonymized.
After 7 years, patients on the Basic Care plan may retrieve archives for a nominal retrieval fee (per cloud-storage cost).

10. Data Security

We implement controls inspired by HIPAA and ISO 27001:

End-to-end encryption for data in transit and at rest.
Role-Based Access Control (RBAC).
Regular internal/external security audits & penetration testing.
Data minimization and least-privilege principles.
Comprehensive incident-response plan.

More details are available in our Security Policy.

11. Cookies & Tracking

SmartCarePlus uses cookies for session management and analytics. We do not use behavioral or advertising trackers. See our Cookie Policy for details.

12. User Rights

All SmartCarePlus users — Patients, Clinics, Doctors, Labs, Pharmacies, Radiologists — have these rights:

Access: Request a copy of your personal/medical data.
Correction: Rectify inaccurate or incomplete data.
Deletion: Request deletion, subject to medical retention laws.
Withdrawal of Consent: Stop non-essential processing anytime.
Portability: Export data in FHIR bundle or PDF format.
Access Control: Patients can manage or revoke facility access.
Transparency: Request a list of all processors handling your data.

To exercise these rights, contact privacy@smartcodejunctioninfinity.com.

13. Cross-Border Data Transfers

Data of international users is processed in the US Central region. Transfers outside India occur only under contracts ensuring equivalent data protection through Standard Contractual Clauses (SCCs) with our cloud partners.

14. Children & Minors

SmartCarePlus is not available for direct registration by minors (under 18 years). A parent or guardian may create and manage a dependent’s profile and must give explicit consent during registration.

15. Data Breach Notification

In case of a confirmed breach involving personal or health data, we will:

Notify affected users and relevant authorities without undue delay.
Take immediate containment and remediation measures.
Maintain transparent communication on impact and recovery actions.

16. Updates to This Policy

We may revise this Privacy Policy periodically to reflect legal, technical, or operational changes. Updated versions will include a new “Effective Date” and will be published at this URL.

17. Grievance Officer

As required under Rule 5 of the IT (SPDI) Rules 2011, we have appointed a Grievance Officer to address your concerns and complaints.

For complete details and contact information of our Grievance Officer, please visit: https://smartcodejunctioninfinity.com/legal/grievance

18. Contact Us

For any privacy-related questions or concerns:

Email: privacy@smartcodejunctioninfinity.com Website: https://smartcodejunctioninfinity.com

19. Linked Documents

This Privacy Policy should be read alongside:

© Smart Code Junction Infinity Private Limited

Last modified on October 21, 2025

Terms and Conditions

SmartCarePlus

Privacy Policy - SmartCarePlus

1. Introduction

By using SmartCarePlus, you agree to the terms of this Privacy Policy.

2. Scope

This policy applies to all categories of users on the SmartCarePlus platform, including:

Patients – individuals using SmartCarePlus for appointments, prescriptions, or self-tracking.
Clinics & Hospitals – healthcare facilities managing patient operations.
Doctors & Radiologists – professionals providing consultations and diagnostics.
Laboratories – facilities conducting and uploading test results.
Pharmacies – partners processing prescriptions and medication orders.
Any future healthcare entities onboarded by SmartCarePlus.

This policy also applies when a patient directly inputs or uploads their own data via their account or WhatsApp interaction.

3. Information We Collect

3.1 Personal Information

We may collect:

Name, gender, contact number, email, date of birth.
Account credentials and linked WhatsApp number.
Location (city, state, country) for facility mapping and regulatory compliance.

3.2 Health & Medical Records

SmartCarePlus facilitates the secure storage of the following record types (entered by facilities or patients):

Prescriptions & consultation notes
Diagnostic reports, imaging (PDF/DICOM)
Discharge summaries & medical certificates
Invoices & billing data
Vitals (BP, glucose, temperature, SpO₂, heart rate, respiratory rate)
Lifestyle & fitness metrics (steps, sleep, hydration, nutrition)
Immunization & medication history
Mood check-ins and stress monitoring

3.3 Sensitive Personal Data

We process mental-health records (mood/stress data) that qualify as Sensitive Personal Data under the Indian IT Rules.

3.4 User-Generated Data

Patients may voluntarily enter or upload data (vitals, prescriptions, lifestyle info) into their accounts. Such data is encrypted and visible only to the patient and authorized providers.

3.5 Payment Information

Payment data is processed exclusively by Razorpay. SmartCarePlus never stores card numbers, UPI IDs, or bank credentials.

3.6 Technical & Usage Data

IP address, browser type, operating system.
Device identifiers, session IDs, access logs.
App activity, timestamps, crash logs.

3.7 Communication Data

Includes WhatsApp messages, voice interactions, and in-app support communications.

4. How We Use Information

We process collected information to:

Provide healthcare management and scheduling services.
Send appointment confirmations, reminders, and WhatsApp updates.
Generate invoices and process secure payments via Razorpay.
Improve service reliability, security, and performance.
Personalize user experience and measure service quality.
Comply with medical, tax, and legal obligations.

We never sell or rent user data to third parties.

5. Legal Basis for Processing

SmartCarePlus processes personal and health data based on:

Consent: Explicit consent collected during signup or onboarding.
Contractual necessity: To deliver services subscribed by users or facilities.
Legitimate interest: To improve services and protect platform integrity.
Legal obligation: To comply with healthcare and tax laws.

6. Role-Based Data Handling

User Role	Type of Data	Typical Use	Controller	Processor
Patients	Personal & self-added health data	Record management, reminders	SmartCarePlus + Patient	—
Clinics/Hospitals	Patient & appointment data	Healthcare delivery	Clinic	SmartCarePlus
Doctors/Radiologists	Medical notes, diagnostic uploads	Consultation records	Doctor	SmartCarePlus
Labs	Diagnostic test results	Report generation	Lab	SmartCarePlus
Pharmacies	Prescription orders, invoices	Medicine fulfillment	Pharmacy	SmartCarePlus
SmartCarePlus	Platform analytics & operational data	Platform improvement	SmartCarePlus	—

We share limited data only with trusted service providers necessary for operations:

Service	Purpose	Region	Access Scope
Razorpay	Secure payment processing	India	Transaction metadata
Meta (WhatsApp Cloud API)	Automated appointment/reminder messages	Global	Message content + recipient
Hostinger VPS	Platform hosting (non-sensitive data)	India	Config data only
Google Cloud Healthcare & Storage	Health-record storage & media	India/US	Encrypted records
AWS	Reminder scheduling engine	India/US	Timing metadata
Firebase Cloud Messaging	Push notifications	Global	Message payload
Google Analytics	Website analytics	Global	Anonymized traffic data

All partners adhere to strong contractual or policy-based data protection standards.

8. Data Storage & Region

Indian users’ data is stored in the Mumbai (India) region.
International users’ data is stored in the US Central region.
Backups remain within the same jurisdiction as primary data.
Facility configuration data (non-sensitive) is hosted on Hostinger (India).

9. Data Retention & Deletion

Records retained minimum 7 years from last interaction or as required by law.
Users may request deletion anytime → processed within 30 days after verification.
Data retained for legal or analytics purposes is anonymized.
After 7 years, patients on the Basic Care plan may retrieve archives for a nominal retrieval fee (per cloud-storage cost).

10. Data Security

We implement controls inspired by HIPAA and ISO 27001:

End-to-end encryption for data in transit and at rest.
Role-Based Access Control (RBAC).
Regular internal/external security audits & penetration testing.
Data minimization and least-privilege principles.
Comprehensive incident-response plan.

More details are available in our Security Policy.

11. Cookies & Tracking

SmartCarePlus uses cookies for session management and analytics. We do not use behavioral or advertising trackers. See our Cookie Policy for details.

12. User Rights

All SmartCarePlus users — Patients, Clinics, Doctors, Labs, Pharmacies, Radiologists — have these rights:

Access: Request a copy of your personal/medical data.
Correction: Rectify inaccurate or incomplete data.
Deletion: Request deletion, subject to medical retention laws.
Withdrawal of Consent: Stop non-essential processing anytime.
Portability: Export data in FHIR bundle or PDF format.
Access Control: Patients can manage or revoke facility access.
Transparency: Request a list of all processors handling your data.

To exercise these rights, contact privacy@smartcodejunctioninfinity.com.

13. Cross-Border Data Transfers

14. Children & Minors

15. Data Breach Notification

In case of a confirmed breach involving personal or health data, we will:

Notify affected users and relevant authorities without undue delay.
Take immediate containment and remediation measures.
Maintain transparent communication on impact and recovery actions.

16. Updates to This Policy

We may revise this Privacy Policy periodically to reflect legal, technical, or operational changes. Updated versions will include a new “Effective Date” and will be published at this URL.

17. Grievance Officer

As required under Rule 5 of the IT (SPDI) Rules 2011, we have appointed a Grievance Officer to address your concerns and complaints.

For complete details and contact information of our Grievance Officer, please visit: https://smartcodejunctioninfinity.com/legal/grievance

18. Contact Us

For any privacy-related questions or concerns:

Email: privacy@smartcodejunctioninfinity.com Website: https://smartcodejunctioninfinity.com

19. Linked Documents

This Privacy Policy should be read alongside:

Last modified on October 21, 2025

Terms and Conditions

1. Introduction

2. Scope

3. Information We Collect

3.1 Personal Information

3.2 Health & Medical Records

3.3 Sensitive Personal Data

3.4 User-Generated Data

3.5 Payment Information

3.6 Technical & Usage Data

3.7 Communication Data

4. How We Use Information

5. Legal Basis for Processing

6. Role-Based Data Handling

7. Data Sharing & Third-Party Processors

8. Data Storage & Region

9. Data Retention & Deletion

10. Data Security

11. Cookies & Tracking

12. User Rights

13. Cross-Border Data Transfers

14. Children & Minors

15. Data Breach Notification

16. Updates to This Policy

17. Grievance Officer

18. Contact Us

19. Linked Documents

© Smart Code Junction Infinity Private Limited

1. Introduction

2. Scope

3. Information We Collect

3.1 Personal Information

3.2 Health & Medical Records

3.3 Sensitive Personal Data

3.4 User-Generated Data

3.5 Payment Information

3.6 Technical & Usage Data

3.7 Communication Data

4. How We Use Information

5. Legal Basis for Processing

6. Role-Based Data Handling

7. Data Sharing & Third-Party Processors

8. Data Storage & Region

9. Data Retention & Deletion

10. Data Security

11. Cookies & Tracking

12. User Rights

13. Cross-Border Data Transfers

14. Children & Minors

15. Data Breach Notification

16. Updates to This Policy

17. Grievance Officer

18. Contact Us

19. Linked Documents

© Smart Code Junction Infinity Private Limited