Neuro Care India ("NCI", "we", "us", "our") respects your privacy and is committed to protecting your personal and health information. This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, and the rights you have over your data — in line with India's Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and rules made thereunder, the NMC Telemedicine Practice Guidelines, 2020, NMC Ethics Regulation 7.14, NABH 6th Edition standards PCC 3.1 and PCC 3.2, JCI standards GLD.12 and PFR.1.6, and the criminal protection of patient confidentiality under BNS 2023 Section 316.
Contents
1 Who We Are
Neuro Care India is a network of neurology, neurosurgery, psychology, physiotherapy and rehabilitation specialists, founded and clinically directed by Dr Pankaj Kumar Jha (M.Ch Neurosurgery, AIIMS New Delhi). For the purposes of the DPDP Act, we are the Data Fiduciary for personal data you provide through this website and the connected portal.
Registered Office
📍 Shop No 101, Aarza Square 2, Gaur City 1, Greater Noida, Uttar Pradesh 201318, India
📞 +91-9311696923 · ✉ info@neurocareindia.in
2 Information We Collect
We only collect data that is necessary to provide you with care and run the platform. The categories are:
a. Identity & contact data
- Full name, age, gender, date of birth
- Email address, phone number, WhatsApp number
- Postal address (when needed for delivery or in-person OPD)
- Government ID (for doctors registering on the network — proof of qualification)
b. Health & medical data (sensitive personal data)
- Symptoms you report through forms or the symptom checker
- Medical history, family history, current medications
- MRI/CT scans, lab reports, prescriptions you upload or share
- Cognitive assessments (MMSE, mind index, body-mind scan results)
- Mental health and emotional well-being information
- Doctor consultation notes, diagnoses, treatment plans
All health data is treated as Sensitive Personal Data or Information (SPDI) under Indian law and processed only with your explicit consent.
c. Financial data
- Transaction records (membership fees, consultation fees, credits purchased)
- Billing information needed to issue invoices
- We do not store credit card or full payment instrument details — these are handled directly by our payment gateway partner (Cashfree Payments)
d. Technical data
- IP address, browser type, device type, operating system
- Pages visited, time spent, clicks, referring URL
- Approximate location (city level only — derived from IP address)
3 Why We Collect Your Data
We process your data only for the following specific purposes:
- Clinical care: To enable doctors in our network to evaluate your condition, give advice, and coordinate treatment
- AI-assisted screening: To run the symptom checker and cognitive assessment tools — always reviewed by a human specialist before any clinical opinion is shared
- Account & service delivery: To create and manage your account, process consultations, manage credits
- Communication: To respond to your queries, send appointment reminders, share health tips and platform updates
- Billing & payments: To process payments, issue receipts, maintain financial records as required by law
- Doctor verification: To verify the credentials of healthcare professionals applying to join the network
- Platform safety & security: To prevent fraud, abuse, and unauthorised access
- Legal compliance: To meet our obligations under Indian law (e.g. tax records, regulatory reports)
- Anonymised research: Where you have explicitly consented, we may use de-identified data for clinical research and platform improvement
We will not sell your personal data to advertisers, brokers or any third party for marketing purposes.
4 How We Get Your Consent
Under the DPDP Act 2023, your consent must be free, specific, informed, unconditional, unambiguous, and given by a clear affirmative action. We obtain your consent in the following ways:
- Checkbox during account registration confirming you have read and accept this Privacy Policy and the Terms of Service
- Separate explicit checkbox before processing health data through the symptom checker
- Specific consent before any consultation with a network doctor
- Optional consent for marketing emails and SMS (you can opt out anytime)
You may withdraw your consent at any time by writing to us — see "Your Rights" below. Withdrawal does not affect processing already done lawfully before withdrawal.
5 Who We Share Your Data With
We share your data only with the following categories of recipients, only when necessary, and only with appropriate safeguards:
- Network specialists: Doctors and therapists in the NCI network who need to review your case to provide care. They are bound by professional confidentiality and contracts with us.
- Payment processor: Cashfree Payments processes your transactions. They have their own privacy policy.
- Communication service providers: WhatsApp Business, SMS gateway, and email service providers for sending you appointment reminders and updates.
- Hosting and infrastructure providers: Our servers and data backups are managed by reputable hosting providers under data processing agreements.
- Analytics: Google Analytics and Google Tag Manager (only anonymised behavioural data, never your health data).
- Legal authorities: When required by Indian law, court order, or to protect the safety of any person.
6 Special Protections for Health Data
Because health data is highly sensitive, we apply additional safeguards:
- All health data is encrypted both in transit (HTTPS/TLS) and at rest in our database
- Access to your health records is logged and auditable; only the specialists actively involved in your care can view them
- Network doctors operate under the Hippocratic principle of patient confidentiality and the Indian Medical Council Code of Ethics
- Telemedicine consultations follow the Telemedicine Practice Guidelines, 2020 issued by the Board of Governors in supersession of the Medical Council of India
- Medical records (consultation notes, prescriptions, reports) are retained for a minimum of 3 years as required by Indian medical record-keeping norms, unless you request earlier deletion
6A Clinical Photography & Imaging Consent
Clinical photographs, X-rays, CT/MRI scans, ECGs, ultrasound images, and any visual record of a patient's body or condition are treated as Sensitive Personal Data under the DPDP Act 2023. In line with NABH 6th Edition PCC 3.2 and JCI PFR.1.6, we collect a separate, specific written consent for clinical photography — distinct from the general treatment consent — before any image is captured.
Every clinical photography consent specifies:
- The specific purpose of capturing the image (clinical record, second opinion, teaching, publication, research)
- Exactly who will have access to the image
- The duration for which it will be retained
- Your unconditional right to withdraw consent at any later time
Images captured for a clinical record cannot subsequently be used for teaching, publication, social media, or research without obtaining fresh, purpose-specific consent. No exceptions.
6B Digital Communication & WhatsApp Privacy Policy
Sharing a patient's X-ray, CT scan, ECG, photograph, diagnosis, prescription, or detailed case history in any WhatsApp group, Telegram channel, Instagram post, LinkedIn update, hospital staff chat, or other digital channel constitutes processing of sensitive personal health data under the DPDP Act 2023 — regardless of whether the group is labelled "internal", "private", or "for doctors only".
Our binding rules for all NCI-affiliated doctors, counsellors, technicians and staff:
- Patient images, reports, or identifiable case details shall not be shared on personal WhatsApp groups, public social media, or any channel outside the secure NCI clinical record system — without the patient's specific, written, purpose-bound consent recorded in advance
- OT selfies, ward selfies, and photographs with patients in the background are prohibited without the patient's specific written consent — even if the patient's face is masked or draped
- Clinical discussion for second opinion must happen only through the secure NCI platform or through formal hospital MDT channels with documented patient consent
- Any suspected breach must be reported within 24 hours to our Data Protection Officer (see Section 15)
These rules are enforced under NABH 6th Edition PCC 3.1 (patient confidentiality policy covering all digital communication channels), JCI GLD.12 (data protection governance), NMC Ethics Regulation 7.14 (prohibition on disclosure of patient information without consent), and carry criminal exposure under BNS 2023 Section 316 (criminal breach of trust). DPDP Act penalties can reach ₹250 crore for organisational violations and ₹10,000 to ₹50 crore for individual violations, depending on severity.
As a patient, if you believe any image or health information about you has been shared without your explicit consent, contact our Data Protection Officer immediately (see Section 15). We will investigate, take remedial action, and if appropriate file an internal disciplinary report with the NMC.
7 AI & the Symptom Checker
Our symptom checker uses an artificial intelligence (AI) language model to interpret the symptoms you report. We want you to understand exactly what this means:
- The AI generates an educational analysis based on your inputs, identifies possible red flags, and suggests next steps
- The AI does not provide a diagnosis. Its output is reviewed and validated by a human network specialist before any clinical opinion is shared with you
- The data you enter is processed through our AI service provider under a data processing agreement; it is not used to train public AI models
- You have the right to opt out of AI analysis and request a human-only review
8 Cookies & Tracking
We use small text files called "cookies" to remember your session, your language preference, and to understand how visitors use the website. The cookies we use are:
- Essential cookies: Session management, login persistence, security (we cannot turn these off — the platform won't work without them)
- Preference cookies: Language (EN/HI), display preferences
- Analytics cookies: Google Analytics, to understand traffic patterns (anonymised)
- Marketing cookies: Google Ads conversion tracking (only set if you click an ad)
You can disable cookies in your browser settings, but parts of the platform may not work correctly.
9 Payment Information
All online payments are processed by Cashfree Payments India Pvt Ltd, a payment aggregator licensed by the Reserve Bank of India. We never see or store your full card number, CVV, UPI PIN, or net-banking credentials. Cashfree's PCI-DSS certification governs the security of your payment instruments. Please review their privacy policy at cashfree.com/privacy-policy.
10 How Long We Keep Your Data
- Account data: As long as your account is active. Deleted within 90 days of account closure unless we are legally required to retain it longer
- Medical records: Minimum 3 years as required by Indian medical record-keeping standards. May be retained longer for ongoing chronic care
- Financial records: Minimum 8 years as required by Indian tax laws (Income Tax Act, GST Act)
- Server logs: 180 days, then automatically deleted
11 How We Protect Your Data
- SSL/TLS encryption on all pages (HTTPS)
- Encrypted password storage (bcrypt or stronger hashing)
- Role-based access control — only authorised network specialists can access your records
- Regular security updates, monitoring, and audit logs
- Backups stored securely with encryption
- All staff and network doctors are bound by confidentiality agreements
No system is 100% secure. While we apply industry-standard practices, we cannot guarantee absolute security. You also play a role: keep your password confidential and log out of shared devices.
12 Your Rights Under the DPDP Act
As a Data Principal under India's Digital Personal Data Protection Act 2023, you have the following rights:
- Right to access — Request a copy of the personal data we hold about you
- Right to correction & erasure — Ask us to correct inaccurate data or delete data that is no longer needed
- Right to grievance redressal — Lodge a complaint with our Grievance Officer (see below)
- Right to nominate — Nominate another individual to exercise your rights in case of your death or incapacity
- Right to withdraw consent — Withdraw your consent to data processing at any time
- Right to escalate — File a complaint with the Data Protection Board of India if you are not satisfied with our response
To exercise any of these rights, email us at info@neurocareindia.in with the subject line "Data Rights Request". We will respond within 30 days.
13 Children's Data
Under the DPDP Act, a "child" means anyone under 18 years of age. We do not knowingly process the personal data of children without verifiable parental or legal guardian consent. Health data of minors will only be processed when:
- A parent or legal guardian creates the account on behalf of the child
- Verifiable parental consent is provided
- No targeted advertising or behavioural tracking is performed on a child's account
14 Data Breach Notification
In the unlikely event of a personal data breach that is likely to affect your rights, we will:
- Notify you and the Data Protection Board of India without undue delay
- Investigate the cause and take corrective steps
- Provide you with information on how to protect yourself
- Publish a transparency notice if a large number of users are affected
15 Grievance Officer
As required by the IT Act, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, and the DPDP Act 2023, we have appointed a Grievance Officer to address your concerns:
Grievance Officer
Dr Pankaj Kumar Jha
Founder & Clinical Director, Neuro Care India
📍 Shop No 101, Aarza Square 2, Gaur City 1, Greater Noida, UP 201318
✉ info@neurocareindia.in · 📞 +91-9311696923
We will acknowledge your complaint within 24 hours and resolve it within 15 days.
16 Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, laws, or best practices. The "Last Updated" date at the top of the policy will reflect the most recent change. Significant changes will be communicated to you via email or a prominent notice on the website. Continued use of NCI after such changes constitutes acceptance of the updated policy.
By using neurocareindia.in, you acknowledge that you have read and understood this Privacy Policy.