Privacy Policy

Last updated: April 11, 2026

Tvacha Clinic ("we," "our," or "us") operates the website tvacha-clinic.com and the Tvacha Clinic application (the "Service"). This privacy policy explains how we collect, use, store, and protect your personal information when you use our Service.

1. Information We Collect

We collect the following categories of information:

Account Information: When a doctor or clinic registers, we collect their name, email address, phone number, clinic name, clinic address, medical registration number, and professional qualifications.

Patient Information: When a doctor adds a patient through our Service, the following patient data is stored: patient name, age, gender, phone number, medical history, allergies, chronic conditions, and visit records.

Medical Images: Photographs of skin conditions uploaded by the doctor or clinic staff for the purpose of AI-assisted screening and diagnosis support. These images are stored securely and linked to the patient's record.

Screening Data: Responses to clinical screening questions including symptom duration, pain level, body location, and skin type (Fitzpatrick scale).

Prescription Data: Diagnosis information, prescribed medicines, dosages, instructions, consultation fees, and follow-up dates.

Usage Data: We automatically collect information about how you interact with our Service, including pages visited, features used, browser type, device information, and IP address.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our clinic management Service
  • Run AI-assisted skin condition screening to support (not replace) the doctor's clinical judgment
  • Generate prescription documents
  • Manage patient records, appointments, and follow-ups
  • Provide clinic analytics and reporting
  • Improve and optimize our AI screening models
  • Send important service-related communications
  • Provide technical support

3. AI Screening Disclaimer

Our AI skin screening feature is a clinical decision support tool only. It does not provide medical diagnoses. All AI-generated results are preliminary screenings that must be reviewed, confirmed, or overridden by a qualified medical professional. The final diagnosis and treatment decisions are always made by the treating doctor.

4. Data Storage and Security

  • All data is stored on secure cloud servers provided by Supabase (hosted on AWS infrastructure)
  • Data is encrypted in transit (TLS/SSL) and at rest
  • Access to patient data is restricted to the registered doctor/clinic account that created the record
  • We implement row-level security to ensure no clinic can access another clinic's data
  • We perform regular security reviews of our infrastructure
  • Medical images are stored in secure, access-controlled storage buckets

5. Data Sharing

We do NOT sell, rent, or trade any personal or patient information to third parties.

We may share data only in the following limited circumstances:

  • With service providers: We use third-party services (Supabase for database, Vercel for hosting) that process data on our behalf under strict data processing agreements
  • Legal compliance: If required by law, court order, or government regulation
  • With patient consent: If a doctor chooses to share a prescription via WhatsApp or email to a patient, this is initiated by the doctor

6. Data Retention

  • Account data is retained as long as the account is active
  • Patient records are retained as long as the associated doctor's account is active
  • If a doctor deletes their account, all associated patient records, images, prescriptions, and clinic data are permanently deleted within 30 days
  • Deleted data cannot be recovered after this period

7. Your Rights

As a user of our Service, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Export your patient data in standard formats (CSV)
  • Withdraw consent for data processing at any time by deleting your account

8. Doctor's Responsibilities

Doctors and clinic staff using our Service are responsible for:

  • Obtaining appropriate consent from patients before uploading their photographs and personal information
  • Ensuring the accuracy of patient data entered into the system
  • Complying with all applicable medical regulations and data protection laws
  • Not sharing login credentials with unauthorized personnel

9. Cookies

We use essential cookies to maintain your login session and remember your preferences (language, theme). We do not use advertising or tracking cookies.

10. Children's Privacy

Our Service is designed for use by medical professionals. We do not knowingly collect information from children under 18. Patient records of minors are entered by the treating doctor under their professional responsibility.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of significant changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Compliance

We are committed to complying with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India and all applicable data protection regulations.

13. Contact Us

If you have questions about this privacy policy or our data practices, contact us at:

Email: privacy@tvacha-clinic.com
Website: https://www.tvacha-clinic.com