Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

When you contact us, request a demo, or subscribe to Octor, we may collect:

• Full name, email address, phone number
• Clinic or organization name and city
• Number of doctors and services required
• Messages and requirements you submit via our contact forms
• Payment information (processed securely through Razorpay or Stripe — we do not store raw card data)

1.2 Information Collected Automatically

When you visit octor.co, we may automatically collect:

• IP address and approximate geographic location
• Browser type, device type, operating system
• Pages visited and time spent on each page
• Referring URL (how you found our website)

2. How We Use Your Information

We use the information we collect to:

• Respond to demo requests and provide custom quotes
• Set up and configure your Octor platform account
• Provide technical support and account management
• Send product updates, invoices, and service communications
• Improve our website and software based on usage patterns
• Comply with legal obligations

We will never sell your personal information to third parties or use it for unsolicited marketing without your consent.

3. Patient Data & Clinic Data

When your clinic uses Octor, all patient records — including medical histories, prescriptions, lab results, vitals, and appointment details — are stored on Octor's secure, encrypted servers.

Ownership: All patient data entered into Octor belongs entirely to the subscribing clinic and their patients. Octor acts as a data processor, not a data controller, for patient records.

Our commitment:

• We will never access patient data without explicit written authorization from the clinic, except for the minimum required to provide technical support
• We will never share, sell, or disclose patient data to any third party
• Patient data is encrypted at rest and in transit using AES-256 and TLS 1.3
• Daily automated backups are performed and stored in geographically redundant locations

Clinics using Octor are responsible for obtaining patient consent for data collection and processing in accordance with applicable healthcare regulations in their jurisdiction (e.g., HIPAA, India's DPDPA, UK GDPR).

4. Data Sharing & Disclosure

We may share your information only in the following limited circumstances:

• Service providers: With trusted third-party service providers (e.g., payment processors Razorpay/Stripe, cloud hosting providers) who are contractually obligated to protect your data
• Legal requirements: If required by law, court order, or government authority
• Business transfer: In the event of a merger or acquisition, with user notification provided in advance

We do not share, rent, or sell personal data to advertisers, data brokers, or any third party for commercial purposes.

5. Data Security

We implement industry-standard security measures including:

• End-to-end encryption (AES-256 at rest, TLS 1.3 in transit)
• Role-based access controls limiting data access to authorized personnel only
• Regular security audits and vulnerability assessments
• Daily automated backups with point-in-time recovery
• Two-factor authentication (2FA) for admin accounts
• Intrusion detection and real-time monitoring

While we take every reasonable precaution, no system is 100% immune to security breaches. In the event of a data breach affecting your data, we will notify you within 72 hours of discovery as required by applicable laws.

6. Cookies & Tracking Technologies

Our website uses cookies and similar technologies for the following purposes:

• Essential cookies: Required for the website to function (session management, form CSRF protection)
• Analytics cookies: To understand how visitors use our website (e.g., Google Analytics — data is anonymized)
• Preference cookies: To remember your settings and preferences

You can control cookies through your browser settings. Disabling cookies may affect some website functionality. We do not use cookies for targeted advertising.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a machine-readable format
• Objection: Object to certain types of processing
• Withdrawal: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Data Retention

We retain personal data for as long as necessary to provide our services and comply with legal obligations:

• Lead form submissions: 3 years from submission date
• Active subscription data: For the duration of the subscription plus 2 years
• Clinic and patient data: Available for export for 30 days after subscription cancellation, then securely deleted
• Financial records: 7 years (as required by Indian tax laws)

9. Children's Privacy

Octor's software and website are not directed at individuals under 18 years of age for account creation. Clinics may store patient records for minors as part of their healthcare operations — this data is handled with the same security standards and is subject to the clinic's own patient consent and data protection obligations.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify active subscribers via email at least 14 days before changes take effect

Your continued use of Octor after changes are effective constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: