Privacy Policy

1. About Us and Scope

QueueToken Doctor App is operated by Codetown Technologies & Bliss Technologies, a technology company incorporated under the laws of India (“Company”, “we”, “us”, “our”). The Doctor App is a software platform that enables registered medical practitioners and clinic operators to manage appointments, patient queues, payment methods, and clinic data. This Privacy Policy governs all personal data and clinic data you provide to us when using the Doctor App.

This Policy is compliant with the Information Technology Act, 2000 (“IT Act”), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and is aligned with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the DPDP Rules, 2025, as they come into force.

2. Personal and Professional Data We Collect

When you register and use the Doctor App, we collect the following categories of data:

2.1 Registration and Identity Data

Full legal name, gender, and professional designation
Mobile number (used for OTP-based authentication — primary identifier)
Email address
Government-issued identity documents: Aadhaar Card (front and back) and PAN Card — submitted for verification purposes
Professional photograph (if provided)

2.2 Professional and Clinical Credentials

Medical qualifications (e.g., MBBS, BDS, MD, AYUSH)
Years of clinical experience
Medical registration number and State Medical Council details
Medical specialisations and services offered
Professional accolades, awards, and achievements (optional)

2.3 Clinic and Business Data

Clinic name, full address, city, state, PIN code
Google Business Profile URL
Consultation fee amount and free follow-up period
Weekly clinic operating hours and slot configuration
Maximum patients per slot setting
Clinic facility photographs (up to 5 images)
Clinic bio / “About Me” description
UPI ID and/or digital payment QR code image

2.4 Subscription and Transaction Data

Subscription plan selected (Monthly Unlimited or Pay Per Token)
Wallet balance and top-up transaction records
Payment receipts and invoice data
Subscription start date, end date, and renewal history

2.5 Appointment and Patient Queue Data

Daily appointment records (patient names, time slots, token numbers, appointment type)
Payment status per appointment (paid, pending, free follow-up)
Appointment completion, cancellation, and no-show records
Revenue reports generated through the platform
Patient-submitted medical problem descriptions that you receive through the booking system

2.6 Technical and Device Data

Device type, operating system, and device identifier
IP address and approximate geographic location
App usage patterns, feature interaction logs, and crash reports
Login timestamps and session duration

SENSITIVE DATA NOTICE: Aadhaar and PAN documents are classified as Sensitive Personal Data under applicable Indian law. Patient health information received via the appointment system is treated with the highest protection. We collect this data solely for the purposes specified herein and do not use it for any other purpose without fresh consent.

3. Legal Basis for Processing

We process your data on the following legal grounds:

Consent: By registering and continuing to use the Doctor App, you provide free, specific, informed, and unambiguous consent under Rule 5 of the SPDI Rules and Section 6 of the DPDP Act.
Contractual Necessity: Processing is necessary to deliver the appointment management, queue token, payment facilitation, and reporting services as agreed in the Doctor User Terms and Conditions.
Legal Obligation: Processing required to comply with the IT Act, tax laws (GST records), and verification requirements under applicable Indian law.
Legitimate Interests: Security monitoring, fraud prevention, platform improvement, and abuse detection.

You may withdraw consent at any time by contacting us. Withdrawal will not affect lawfulness of processing prior to withdrawal but will result in account suspension as we cannot provide Services without necessary data.

4. Purposes for Which We Use Your Data

We use your data strictly for the following purposes and no others without fresh consent:

To create, verify, and maintain your Doctor User account
To verify your identity and medical credentials through document review
To display your clinic profile to patients who scan your QR code or enter your registered phone number
To manage appointment scheduling, queue token assignment, and patient flow for your clinic
To facilitate payment setup (UPI, QR, cash) and process subscription charges
To generate revenue reports and appointment analytics for your personal use
To send push notifications regarding new appointments, cancellations, and subscription renewals
To provide customer support and resolve technical issues
To detect and prevent fraud, abuse, misuse, or unauthorised access
To comply with legal obligations including tax, identity verification, and regulatory reporting
To improve and develop our platform features using anonymised, aggregated data only

We will NOT use patient health information received via the appointment system for marketing, profiling, or any commercial purpose.

When a patient books an appointment with you, your name, clinic name, address, available slots, consultation fee, operating hours, services, and clinic photos are displayed to that patient through the Patient App. By using the Doctor App, you consent to this specific, limited disclosure to patients who seek to book with you.

We engage processors including cloud hosting, OTP gateway, notification, and payment service providers. All are contractually bound to process data only on our instructions, maintain confidentiality, and implement security measures.

Identity documents (Aadhaar, PAN) are processed for verification purposes only. We do not retain them beyond the legally required period and do not share them with third parties except for verification services.

We may disclose your data to law enforcement, courts, or regulators when legally required under Sections 69, 69A, and 69B of the IT Act, court orders, or other applicable law. We will notify you if permitted by law.

In the event of a merger, acquisition, or asset sale, your data may transfer to the successor entity, subject to the same protections.

We will NEVER sell, rent, or monetise your professional data, identity documents, or any patient data received through the platform to any advertiser, data broker, third party, or commercial entity.

6. Your Responsibilities Regarding Patient Data

As a Doctor User, you receive personal and health data from patients through the booking system. You are independently responsible under applicable law for:

Maintaining strict confidentiality of all patient information received through the platform
Complying with the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002 regarding patient privacy
Not storing, sharing, or using patient data for any purpose beyond the booked consultation
Securing any patient data accessible on your device
Promptly notifying us if you become aware of any breach involving patient data received through the platform

The Company is not responsible for your handling of patient data beyond the platform. You are the independent data controller for patient data you receive and are solely liable for any breach of patient confidentiality on your part.

7. Data Retention

Account and profile data: Retained for the duration of active subscription plus 3 years after account closure, or as required by law.
Identity verification documents (Aadhaar, PAN): Retained for the period required by applicable Indian law, then securely deleted.
Appointment and revenue records: Retained for 7 years to comply with financial, GST, and tax regulations.
Subscription and payment records: Retained for 7 years.
Technical logs: Retained for 90 days.

Account deletion requests will be processed subject to mandatory legal retention periods.

8. Security Measures

We implement reasonable security practices under Section 43A of the IT Act and the SPDI Rules, including:

TLS/SSL encryption for all data in transit
Encryption of sensitive data at rest
OTP-based two-factor authentication
Role-based access controls — data accessible only to authorised personnel on need-to-know basis
Regular security audits and vulnerability assessments
Breach response protocol with 72-hour notification under the DPDP Act

No electronic system is 100% secure. You are responsible for maintaining the confidentiality of your login credentials. Do not share your OTP, password, or device access with any third party.

9. Your Data Rights

Under the DPDP Act, 2023 and the SPDI Rules, you have the right to:

Access: Request a summary of personal data we hold about you
Correction: Request rectification of inaccurate or incomplete data
Erasure: Request deletion of your data, subject to mandatory retention periods
Withdrawal of Consent: Withdraw consent at any time (note: will affect Service availability)
Grievance Redressal: Have complaints addressed by our Grievance Officer within 30 days
Nomination: Nominate another person to exercise your rights under the DPDP Act

To exercise any right, contact our Grievance Officer at queuetoken@gmail.comwith subject line “Data Rights Request — Doctor App”.

10. Changes to This Policy

We may update this Policy at any time. Material changes will be notified via in-app notification or email at least 15 days before taking effect. Continued use after the effective date constitutes acceptance.

11. Grievance Officer

In compliance with Rule 5(9) of the SPDI Rules and the IT Act:

Company:Codetown Technologies & Bliss Technologies
Grievance Officer Email: queuetoken@gmail.com
Phone: +91 95096 47637
Response Time: Acknowledgement within 24 hours; resolution within 30 days
Jurisdiction: Courts at Udaipur, Rajasthan, India

12. Governing Law

This Privacy Policy is governed by the laws of India. Disputes shall be subject to the exclusive jurisdiction of courts at Surat, Gujarat, India.