This policy explains what data webwala.ai (“we”, “us”) processes on behalf of clinics (“you”) and the patients you serve, and the rights available under the DPDP Act, 2023. This is a plain- language summary and a starting template — have it reviewed by counsel before you rely on it.
1. Who is the Data Fiduciary
For patient data collected through your clinic's website and tools, your clinic is the Data Fiduciary and webwala.ai acts as a Data Processor under your instructions. For your own account data, webwala.ai is the Fiduciary.
2. What we process
- Clinic account data: name, phone, email, city, billing details.
- Patient contact data: name, phone, enquiry/booking details submitted through your site or chatbot. Stored encrypted at rest and isolated per clinic.
- Analytics: aggregate visit and attribution metrics. We do not sell personal data, ever.
3. Purpose & consent
Patient data is processed only for the purposes a patient would reasonably expect — responding to enquiries, booking appointments, and (with explicit opt-in) WhatsApp recall via the official Meta platform. Consent is recorded, and patients can withdraw it at any time.
4. Per-clinic data isolation
Every patient record is tenant-isolated to the clinic that collected it. One clinic can never access another clinic's patients. Access is logged for accountability.
5. Data principal rights
Patients (Data Principals) may request access, correction, or erasure of their personal data, and may withdraw consent. Requests are routed to the relevant clinic and actioned promptly. Erasure retains only what law requires (e.g. medical-record retention), anonymised.
6. Retention & security
Data is retained only as long as needed for the stated purpose or as required by law. We use encryption in transit and at rest, least-privilege access, and audit logging.
7. Grievances
For any privacy question or complaint, contact hello@webwala.ai. We will acknowledge and respond within the timelines set by applicable law.