1. Who we are
Clinerva Health is a telemedicine platform operated by Clinerva LLP ("Clinerva", "we", "us", or "our"), a limited liability partnership incorporated in India. Clinerva acts as a Data Fiduciary as defined under the Digital Personal Data Protection Act 2023 ("DPDP Act") in respect of personal data collected through the clinerva.health platform and its associated services.
Questions about this Privacy Policy or our data practices may be directed to our Data Protection Officer at privacy@clinerva.health.
2. Personal data we collect
We collect personal data that you voluntarily provide to us and data that is generated through your use of the Clinerva platform. Categories of personal data we may collect include:
- Identity data: name, date of birth, gender
- Contact data: email address, mobile number, address
- Health data: symptoms, medical history, consultation notes, diagnoses, prescribed medications, and other information shared during consultations
- Practitioner data (for doctors): NMC registration number, qualifications, specialisation, and practice details
- Pharmacy data (for pharmacies): pharmacy licence details, contact person, address
- Verification data: prescription IDs queried through the public verification portal (no account data is collected from anonymous verification queries)
- Technical data: IP address, browser type, device information, and usage logs, collected automatically when you access the platform
We do not collect sensitive personal data beyond what is necessary for the provision of telemedicine services and prescription management. We do not collect biometric or financial account data.
3. How we use your data
We process personal data for the following purposes, each of which is supported by a lawful basis under the DPDP Act:
- Providing the service: To facilitate consultations between patients and doctors, issue and verify prescriptions, and manage your Clinerva account.
- Credential verification: To verify NMC registrations and qualifications of doctors applying to join the network.
- Safety and compliance: To maintain audit records, detect and prevent fraud or misuse, and comply with our obligations under the NMC Telemedicine Practice Guidelines 2020 and applicable law.
- Communication: To send you service-related notifications, appointment reminders, and responses to your enquiries.
- Platform improvement: To analyse aggregate, anonymised usage patterns to improve the performance and design of the platform.
We do not use your health data for advertising purposes. We do not sell personal data to third parties.
4. Sharing of personal data
We share personal data only in the following limited circumstances:
- Between patients and their treating physician on the Clinerva platform, for the purpose of delivering the consultation.
- With pharmacies that verify a prescription through the Clinerva portal — limited to the information displayed on the verified prescription (doctor name, registration number, prescribed medications, issue date).
- With technology service providers who assist in operating the platform (cloud infrastructure, communications), under contractual data processing obligations equivalent to those in this Policy.
- With regulatory authorities or courts where required by law, court order, or to protect the rights and safety of our users or the public.
We do not share health data with employers, insurers, or marketing companies.
5. Data retention
We retain personal data for as long as necessary to provide our services and comply with our legal obligations. Specific retention periods include:
- Consultation records and prescriptions: Retained for a minimum of 7 years from the date of consultation, in accordance with standard medical records retention practice and potential legal requirements.
- Account data: Retained for the duration of your active account and for up to 3 years following account closure, unless a longer period is required by law.
- Technical logs: Retained for up to 12 months for security and operational purposes.
Following the applicable retention period, personal data is securely deleted or anonymised.
6. Your rights under the DPDP Act 2023
As a Data Principal under the Digital Personal Data Protection Act 2023, you have the following rights in respect of your personal data held by Clinerva:
- Right to access: You may request a summary of the personal data we hold about you and the purposes for which it is processed.
- Right to correction: You may request correction of inaccurate or incomplete personal data.
- Right to erasure: You may request deletion of your personal data, subject to our right to retain data where required by law or for legitimate purposes such as maintaining medical records.
- Right to grievance redressal: You may raise a grievance with our Data Protection Officer, who will respond within the timeframes prescribed by the DPDP Act.
- Right to nominate: You may nominate another individual to exercise your data rights in the event of your death or incapacity.
To exercise any of these rights, please contact us at privacy@clinerva.health. We will acknowledge your request within 72 hours and respond substantively within the period prescribed under the DPDP Act.
7. Security of personal data
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Measures include encryption in transit and at rest, access controls, regular security reviews, and audit logging. Consultations are conducted over encrypted connections.
In the event of a personal data breach that is likely to result in harm to Data Principals, we will notify the Data Protection Board of India and, where required, affected individuals, in accordance with the DPDP Act.
8. Health data — additional protections
Health data is a category of sensitive personal data. In addition to the general security measures described above, access to health data is strictly limited to the patient to whom it relates and the treating physician involved in the relevant consultation. Clinerva staff access health data only when required for technical support, audit, or legal compliance, and under strict internal authorisation protocols.
Health data is never used for commercial profiling, targeted advertising, or sale to third parties under any circumstances.
9. Cookies and technical data
The Clinerva platform uses essential cookies and session tokens necessary for the platform to function. We do not use third-party tracking cookies or advertising cookies. Technical data collected automatically (such as IP address and device type) is used solely for security monitoring and platform optimisation, and is not linked to identifiable health data without necessity.
10. Changes to this Policy
We may update this Privacy Policy from time to time as our services evolve or as regulatory requirements change. Material changes will be notified to registered users by email or via a prominent notice on the platform. The effective date at the top of this Policy reflects the date of the most recent revision. Continued use of the platform following notification of changes constitutes acceptance of the updated Policy.
11. Contact and grievances
For any questions, requests, or grievances regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:
- Email: privacy@clinerva.health
- Address: Data Protection Officer, Clinerva LLP, India
- Response time: We will acknowledge all queries within 72 hours
If you are not satisfied with our response, you have the right to approach the Data Protection Board of India in accordance with the provisions of the DPDP Act 2023.