Effective Date: 7 August, 2025
Last Updated: -Nil-
PractiPal LLP (“PractiPal,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy sets out how we collect, use, store, disclose, and protect your information when you use our web-based mental health practice management platform and associated services (“Platform”).
This Policy complies with the applicable laws of India, including the Information Technology Act, 2000, (IT Act, henceforth) The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules, henceforth), and the Digital Personal Data Protection Act, 2023 (DPDP Act, henceforth).
1. SCOPE OF THIS POLICY
This Privacy Policy applies to:
- Therapists and other professionals, inclusive of counsellors, psychiatrists etc., who use the Platform to provide mental health services ( All collectively referred to has Mental Health Professional or MHPs, or Therapists);
- The Clients who receive mental health services through the Platform from the MHPs
- Visitors and users of our website or platform in India.
PractiPal does not recommend or match Clients to Therapists and does not onboard Therapists for the purpose of public listing or discovery. Therapists independently manage and bring their own Clients to the platform. This Policy does not apply to third-party websites or services that may be linked through our Platform.
2. DEFINITIONS
“Personal Data” means any data about an individual who is identifiable by or in relation to such data. Personal Data would include the details available as on date of signing up with our platform.
“Sensitive Personal Data” includes data relating to physical or mental health, medical records, biometric data, and financial information of the individual.
“Data Principal” means the individual to whom the personal data relates i.e., the client and the MHP.
“Data Fiduciary” means the person who determines the purpose and means of processing personal data, in this case, PractiPal.
“Processing” means an automated or manual operation or set of operations performed on personal data, and includes collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, alignment, combination, restriction, erasure, or destruction.
“Emergency” means a situation where, in the reasonable opinion of the Therapist, there is a credible risk of serious harm to the Client or to others, including but not limited to suicide, self-harm, or threats of violence. In such cases, limited and necessary personal data may be disclosed to a next of kin, emergency contact, or legal enforcement authority to prevent harm under Clause 6 of this Policy.
3. INFORMATION WE COLLECT
We may collect the following categories of Personal Data:
From Therapists:
Full name; contact details inclusive of any alternative means of communication, professional registration and qualifications; Login credentials; Communication with clients inclusive of but not limited to medical records, notes and other data of the client.
From Clients:
Name, age, gender, contact details inclusive of any alternative means of communication; Health and diagnostic information (maintained by Therapists/ MHPs on our website); Medical reports, forms and other relevant medical data uploaded by the client; Appointment and session data; Payment information including details of payment history (handled via third-party gateway) and other relevant data required to run the website and provide effective mental health service.
Automatically Collected Data:
IP address, browser type, device information; necessary Cookies and usage data (See Section 9 below) and other Cookies and usage date unless specifically disabled by the client.
We state that we do not, wilfully, collect the data of minors without verifiable parental/guardian consent.
4. LEGAL BASIS FOR PROCESSING
We process Personal Data based on one or more of the following legal grounds:
- Consent of the data principal
- Performance of a contract arising out of provision of the required services by the MHP to the client through the use of our platform.
- Compliance with legal obligations
- Legitimate interest for platform operations, improvement, and security (with minimal impact on user rights)
5. PURPOSES OF COLLECTION AND USE
Your Personal Data may be used for the following purposes:
- To facilitate therapy sessions and client management
- To enable therapists to record notes, diagnoses, and session outcomes
- To manage appointments, schedules, and reminders
- To process payments via integrated third-party gateways
- To comply with legal and regulatory obligations
- To improve Platform performance (using anonymized and aggregated data only)
Currently, we do not use Personal Data for profiling, targeted advertising, or automated decision-making, however, if such features are introduced in the future, they will be subject to explicit, separate user consent and this policy will be updated accordingly.
6. DISCLOSURE OF PERSONAL DATA
We do not sell or rent your data. Disclosure of data occurs only with explicit user consent:
- To the Therapist providing services to a client
- To law enforcement or government authorities, in the case of emergencies, and any legal proceedings in which the client/MHP maybe involved in.
- To service providers (e.g., hosting, payments) under binding confidentiality and data protection obligations for processing payment and hosting and other required services.
- To the changed administration in connection with a corporate restructuring, merger, or acquisition that may take place.
All third-party disclosures comply with the “same level of protection” requirement under SPDI Rules. However, the Samel level of protection is not guaranteed when the information is provided to the alternative emergency contact, the next of kin or the legal and policing authorities as the use of the information so provided to them will not be monitored by PractiPal
7. DATA STORAGE AND SECURITY
All data is end-to-end encrypted in transit and when stored.
Access is role-based and restricted to authorized personnel only.
Regular audits, firewalls, intrusion detection systems, and access logs are maintained.
Servers are hosted in India in compliance with data localization standards.
8. RETENTION AND DELETION
Data is retained for as long as necessary to fulfil its purpose or to comply with legal obligations.
Inactive accounts may be deleted after 100 days of inactivity.
Users may request deletion of their account and data. Upon verification, data will be securely deleted.
9. COOKIES AND ANALYTICS
We use cookies only for essential platform functionality. We do not track users for advertising. Any analytics tools used are configured to avoid collection of personal or sensitive health data. Users may disable non-essential cookies through their browser settings.
10. CHILDREN’S PRIVACY
Use of the Platform by minors (under 18 years) requires verified parental or guardian consent. We do not knowingly collect personal data directly from minors without such consent.
11. YOUR RIGHTS
As a Data Principal under Indian law, you have the right to:
Access your personal data, Correct inaccuracies, Withdraw consent, Request deletion of data, Lodge a complaint with the Data Protection Board (once notified under the DPDP Act) in exercise of your rights under law.
12. GRIEVANCE OFFICER CONTACT
In compliance with Rule 5(9) of the SPDI Rules and Section 13 of the DPDP Act Practipal hereby constitutes a grievance redressal committee whose contact point officer is:
Name:
Designation: Grievance Officer
Email:
CC.Email:
Response Time: Within 30 days of receipt of request/complaint
13. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect legal or operational changes. Updates will be posted on our website with the date of revision. Material changes will be notified to users through the Platform.
14. DATA BREACH NOTIFICATION
In the unlikely event of a data breach that results in unauthorized access to personal or sensitive personal data, PractiPal shall promptly notify the affected users and, where required, the Data Protection Board of India in accordance with applicable law. Such notification shall include details of the nature of the breach, the data involved, and the remedial measures undertaken to protect the affected users.
15. GOVERNING LAW
This Privacy Policy is governed by the laws of India. Disputes shall be subject to the exclusive jurisdiction of the courts in Visakhapatnam.
