Skip to Content

Privacy Policy

Effective Date: 13 June 2025


At Health-Attai, we are deeply committed to safeguarding the privacy and security of your health data. This Privacy Policy outlines how we collect, use, disclose, and protect your personal and health information when you use our clinical management system, the "Portal" (including our website and mobile applications). We value your privacy and advise you to carefully read and understand this policy to ensure you are informed about the practices regarding your data.

Your use of the Portal and its Services constitutes your explicit consent and agreement to the terms in this Privacy Policy and Health-Attai's Terms of Use. If you are unwilling to be bound by these terms, please do not access the Portal and/or use Health-Attai's Services.


Information We Collect


We collect information that identifies you or could be used to personally identify you, whether provided directly by you or received from authorised third-party service providers.


  • Personal Information: We may collect personal information such as your name, contact details (e.g., email address, phone number), date of birth, sex, city, and zip/postal code. This information is necessary for identification, communication purposes, and to create your Account.
  • Health Data: Health-Attai is designed to store and manage your health records, including medical history, test results, prescriptions, and treatment plans. We only collect health data that you provide or that is shared with us by authorised healthcare providers. We also collect information you share in feedback, reviews, or comments on the Portal.
  • Usage Data: We gather information about how you use our platform, including log data, device information, and browsing activity. This may include the type of internet browser and operating system used, the website domain name you came from, the number of visits, average time spent on the site, and pages viewed. This data helps us enhance our services and improve user experience.
  • Camera and Image Permissions: We may request permission to use images or capture images from your device's camera for purposes such as updating your profile photo, uploading images as medical records, or facilitating teleconsultations with doctors. We will only save images and documents that have been explicitly uploaded by you through the Health-Attai app. We do not scan any other files from your storage system beyond those you explicitly upload.
  • Google API Data: Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. This may include syncing health records or appointments from multiple sources.
  • Location Data: We may use location data solely to show you relevant results for services such as booking vaccination slots. We do not save the collected location data or use it for any other activity on the app.

How We Use Your Information


All information gathered from you, whether voluntarily provided, received from authorised third-party service providers, or automatically collected, may be used by Health-Attai for the following purposes:


  • Provision of Services: To provide our clinical management system, enabling seamless communication between healthcare providers and patients, and to support personalised care. This includes collating all user medical records, reports, and other data.
  • Health Insights: With your consent, we may use de-identified and aggregated data to generate health insights and analytics. This helps us improve the system and contribute to medical research while preserving your anonymity. You specifically consent to and understand that Health-Attai has your permission to use your information as part of an aggregate, anonymised database as allowed under prevailing Indian laws, and that Health-Attai may gain monetarily from such distribution.
  • Communication: To send you relevant updates, appointment reminders, and other notifications related to your healthcare. We may contact you by email, notifications, phone, fax, or mail.
  • Service Improvement: To provide better products and services, to programmatically use your data to give you contextual services, and to enhance, personalise, and customise your experience using our Portal.
  • Customer Service: To respond to your comments, reviews, and questions, and provide better customer service.
  • Operational Purposes: To operate, improve, and maintain our site, and to prevent fraud and abuse.
  • Legal Compliance: To comply with central, state, or local laws that require disclosure, and to respond to law enforcement officials, judicial orders, subpoenas, or other legal processes. This also includes averting a serious threat to health or safety.
  • Internal Record Keeping: For internal record keeping and data analytics.
  • Marketing & Updates: To periodically send promotional emails and/or notifications about new products, special offers, or other information, and for market research purposes. You may have the option to opt out of non-essential communications.
  • Medico-legal Reasons: Doctors might choose to record teleconsultations for medico-legal reasons, and we will inform you on the teleconsultation screen if this occurs.

Data Retention Policy


We retain user data only for as long as necessary to fulfill the purposes for which it was collected, including legal, regulatory, tax, accounting, or operational requirements. For example:


  • Patient health records are retained for a minimum of 3 years as per applicable medical regulations.
  • Transactional and billing data are kept for 8 years for audit and legal compliance.
  • User account data is retained until the account is deleted or becomes inactive for 24 months.

Upon expiration of the retention period, data will be securely deleted or anonymized unless otherwise required by law.


Data Sharing and Disclosure


We may disclose Personal Information that we collect from you or that you provide:


  • Healthcare Providers: Health-Attai facilitates secure data sharing between patients and authorised healthcare providers, ensuring seamless collaboration in your care.
  • Contractors and Service Providers: To contractors, service providers, and other third parties for analytics and communications who are bound by contractual obligations to keep Personal Information confidential.
  • Legal Requirements: When required by law, regulation, or legal process to protect our rights or respond to a legal request. This includes providing information as required by a court order or in response to inquiries by Government agencies for verification of identity, or for prevention, detection, investigation (including cyber incidents), prosecution, and punishment of offences.
  • Business Transfers: To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of the company's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information maintained by the Portal is among the assets transferred. In such events, Records, Confidential Information, and sensitive data will continue to be governed by this Agreement, and we will make efforts to ensure adequate protection as per prevailing laws and obtain your consent for new policies.
  • With Your Explicit Consent: We will seek your explicit consent before sharing your identifiable health information for any purposes not mentioned in this Privacy Policy.
  • Aggregated Data: We may share aggregate, anonymised databases with third parties for monetary gain, with your specific consent.

We will not share, sell, distribute, or lease your personal information to third parties unless we have your specific permission or are required by law to do so.


Cookie Details


We use cookies to improve user experience and website functionality. These include:


  • Session Cookies (expire when browser is closed): Used for maintaining user login and navigation.
  • Persistent Cookies (stored up to 30 days): Used for analytics and user preferences.
  • Analytics Cookies (e.g., Google Analytics): Track usage patterns to help improve our services.

Data Security


We implement industry-standard security measures to protect your health data from unauthorised access, alteration, disclosure, or destruction.


  • All data transmissions between your device and our platform are encrypted to ensure secure communication. All data, content, and/or all User information is encrypted during transmission and will be stored encrypted at rest.
  • We have put in place procedures in accordance with legal and industry standards to safeguard and secure your sensitive and Confidential Information.
  • We currently run checks and tests on our Website to ensure it is not prone to attacks from known viruses, malware, bloatware, trojans, and spyware. However, it is strongly recommended that any User/Customer runs their own antivirus program when accessing the Website or downloading any content from it.
  • Health-Attai assumes no liability or responsibility for disclosure of your Personal Information due to errors in transmission, unauthorised third-party access, or other causes beyond its control.


Your Choices and Control (User Rights)


  • Access and Correction: You have the right to access, review, and correct your health data stored on Health-Attai. You may also request updates or deletions of your information. You can access only your data and information stored in the database. If you wish to update or correct your Personal Information, you may exercise these rights by contacting us.
  • Consent Withdrawal: All information provided to Health-Attai by a User, including Personal Information, is voluntary. You can withdraw your consent at any time, by the terms of this Privacy Policy and the Terms of Use. However, please note that withdrawal of consent will not be retroactive, and we may be contractually obligated to retain certain Personal Information for continued provision of services or for which we are custodians on behalf of Third Party Service Providers.
  • Impact of Withdrawal: If you do not provide your information or consent for usage of Personal Information, or subsequently withdraw consent, Health-Attai reserves the right to discontinue Services for which the said information was sought.
  • Deletion of Information: If you have inadvertently submitted any Personal Information and do not agree with how it is collected, stored, or used, you can ask Health-Attai to delete and destroy all such information relating to you in its possession, by sending an email to us. Please note that there may be limited circumstances where we are unable to remove information, particularly if it was shared on public forums.
  • Marketing Opt-Out: You may opt out of receiving certain notifications regarding promotional or marketing offers. If you opt out, Health-Attai or its affiliates will not send non-essential communications, but we may still send non-promotional emails about your account or services.


Cookies and Other Technologies


  • Use of Cookies: Cookies are alphanumeric identifiers with a small amount of data stored on your device's hard drive. Health-Attai and other third-party service providers collect information about you using these cookies. Cookies are commonly used as anonymous unique identifiers and help us analyse web traffic, improve services by allowing customisation of the Website to your preferences, and recall Personal Information previously indicated by you. A cookie in no way gives us access to your device or any additional information other than the data you share.
  • Your Control: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject them. Access to cookies can also be denied during installation by modifying your web browser settings. However, if you choose to remove or reject cookies, this could affect certain features of the Portal and prevent you from taking full advantage of the Website.
  • Third-Party Cookies: Other websites may place their own cookies or other files on your device, collect data, or solicit personal information from you, for which we shall not be held responsible or liable. We encourage you to read the privacy policies of all external sites.


Third-Party Services and Links


Health-Attai may integrate with third-party services to enhance your experience. These services may have their own privacy policies, and we encourage you to review them as we do not control their practices. Health-Attai does not have any control over third-party links displayed on the Website and is therefore not responsible for the protection and privacy of your information on these third-party websites. The inclusion of any third-party links, unless specifically stated, does not imply a recommendation or endorsement of the views expressed within them.


Updates to This Policy


We may update these Terms at any time. Significant changes will be notified via email or within the software. By continuing to use Health Attai after changes take effect, you accept the updated Terms. If you disagree, please stop using the software. We may add, change, or discontinue services at any time without liability.


Grievance Redressal and SLA


If you have concerns regarding your data or our handling of your information, you can write to our Grievance Officer at contact@destratum.com. We commit to:


  • Acknowledge complaints within 3 working days.
  • Resolve most requests (including access or deletion) within 15 working days.

Contact Us


For any questions, comments, or concerns regarding this Privacy Policy or your health data, or if you wish to exercise any of the above-mentioned rights, please contact us at contact@destratum.com. We are committed to continually improving our services and protecting your privacy.