1. Who we are
DoctorAppointments.in ("we", "us", "our") is an online appointment booking platform that lets individual doctors, clinics, and hospitals manage their schedules, embed booking calendars on their websites, and accept patient bookings from a unified calendar. This Policy applies to information collected through our website, dashboard, WordPress plugin, and APIs.
2. Information we collect
We collect only the information needed to operate the service. The categories below are exhaustive.
2.1 Account information (from doctors / clinics / hospitals)
- Identification: name of the doctor or account owner, hospital / clinic name, role, and the city of practice;
- Contact: email address (used for login and notifications) and phone number;
- Authentication: hashed password (we never store passwords in plaintext); session cookies;
- Professional details (optional, supplied by you): qualifications, specialisation, consultation fee, bio, photo, gallery images, social media links;
- Billing: chosen subscription plan, invoice history, GSTIN where supplied; payment is processed by Razorpay — we never see or store your card / UPI details.
2.2 Booking information (from patients)
- Patient name, age, gender, email, phone, location, and the brief description of the issue, captured at the time of booking and stored against the relevant appointment;
- The doctor selected, the slot booked, and the WordPress site that originated the booking (used to give clinics visibility into where their patients come from).
2.3 Technical information
- IP address, user-agent string, and request timestamps — used for rate limiting, fraud prevention, and debugging;
- Server logs (access and error logs), kept for a limited operational window;
- Cookies strictly necessary for keeping you logged in. We do not use third-party advertising cookies, and we do not run third-party trackers on the dashboard.
3. Why we collect this information
We collect account information — including your name, email, phone, and clinic / hospital details — for billing and account-maintenance purposes. Specifically:
- To create and operate your account, authenticate you, and let you sign in securely;
- To generate invoices, take payment via Razorpay, send subscription receipts, and recover overdue dues;
- To deliver transactional emails — appointment confirmations to patients, doctors and clinic admins; invoice notifications; password resets; security alerts;
- To render the public clinic and doctor pages you have asked us to publish on your behalf;
- To detect, prevent, and respond to fraud, abuse, and security incidents;
- To comply with applicable law, valid legal process, and our own legitimate business interests.
4. Monitoring of published pages
To uphold platform standards and good web-policy hygiene, the complete contents of every public clinic and doctor page hosted on DoctorAppointments.in — including text, images, gallery photos, bios, and embedded calendars — are monitored by our team. This monitoring is performed solely to:
- Maintain quality standards expected of a healthcare platform;
- Comply with web-content guidelines, search-engine policies, advertising regulations, and applicable laws;
- Detect impersonation, fake doctor profiles, objectionable images, misleading medical claims, or any other content that violates our Terms & Conditions;
- Take corrective action where required — see the disclaimer and moderation rights set out in the Terms.
This monitoring is not used for advertising, profiling, or commercial analytics. It is a safety and compliance function.
5. We never share your data with third parties
The information you entrust to DoctorAppointments.in is never sold, rented, exchanged, or shared with any third party for advertising, marketing, profiling, or any other commercial purpose. The only narrow categories of disclosure are:
- Service providers we strictly need: Razorpay (for payment processing), our SMTP / transactional email provider, our hosting provider, and similar processors. Each is bound by a confidentiality agreement and may use the information only to perform the service for us. They are not permitted to use it for their own purposes.
- Within your account: a booking made on a doctor's calendar is naturally visible to that doctor and the clinic / hospital admin who owns the account — this is the inherent purpose of an appointment booking platform.
- Legal compliance: when required by a lawful order, subpoena, court direction, or to protect the rights, property, or safety of users or the public, narrowly tailored to the request.
- Business transfer: in the event of a merger or acquisition, with notice to you and continued protection under a privacy policy at least as protective as this one.
We do not run third-party ad networks. We do not embed advertising trackers on dashboards or public pages.
6. Cookies
We use a single first-party cookie strictly necessary for authentication — keeping you logged in to your dashboard. We do not use third-party tracking, advertising, or cross-site analytics cookies. Clearing this cookie will log you out; no other functionality is affected.
7. Security
We apply reasonable and industry-standard security measures, including but not limited to:
- HTTPS / TLS for all data in transit;
- Bcrypt password hashing — plaintext passwords are never stored;
- CSRF protection on all state-changing requests, timing-safe secret comparison for webhooks and cron endpoints;
- IP-based rate limiting on login, signup, and booking endpoints to mitigate brute-force and abuse;
- Database-level constraints (including a unique constraint on each slot) to prevent double bookings and protect data integrity;
- Restricted database user privileges and isolated config storage outside the web root.
No system is perfectly secure. If you become aware of any security issue, please write to security@doctorappointments.in.
8. Data retention
We retain account information for as long as your account is active. After cancellation, account information and appointment history are retained for up to 24 months to satisfy tax, accounting, and legal-record obligations, after which they are deleted or anonymised. Server logs are retained for a shorter operational window — typically 30 to 90 days.
9. Your rights
Subject to applicable law (including India's Digital Personal Data Protection Act), you have the right to:
- Access the personal data we hold about you;
- Correct any inaccurate information directly from your dashboard or by contacting us;
- Request export of your appointment data in a structured, machine-readable format;
- Request deletion of your account, subject to legal-record retention obligations described above;
- Withdraw consent and close your account at any time.
To exercise any of these rights, write to privacy@doctorappointments.in from the email address registered on your account.
10. Children
The DoctorAppointments.in platform is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us so we can remove it.
11. Data location
The platform is hosted on servers located within India. We do not transfer personal data outside India for marketing purposes. Payment processing is handled by Razorpay within their certified PCI-DSS infrastructure.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified by email to the registered account holder or by a banner on the dashboard. The "Last updated" date at the top of this page reflects the current version.
Questions about this Privacy Policy can be sent to privacy@doctorappointments.in. For general support write to support@doctorappointments.in.