Privacy Policy

DPDPD Private Limited ("AIDO", "we", "our", or "us") operates AIDO healthcare platforms and related services.

This Privacy Policy applies to all AIDO mobile applications and related services operated by DPDPD Private Limited, including AIDO Patient, AIDO Partner, and AIDO Hospital.

This policy is provided in compliance with Google Play Store Developer Program Policies, the Digital Personal Data Protection (DPDP) Act, 2023, and applicable Indian laws governing the collection, use, storage, and disclosure of personal data.

By accessing or using AIDO applications or services, you agree to the collection and use of information in accordance with this Privacy Policy.

Where required by law or platform policy, explicit consent is obtained prior to collecting sensitive personal or health-related data. Users may withdraw consent at any time by contacting us at care@dpdpd.in.

AIDO acts only as a technology platform connecting users with healthcare providers and hospitals. AIDO does not provide direct medical care, diagnosis, or emergency treatment.

We may collect the following categories of personal and sensitive data:

• Personal Information — name, phone number, address, and email address
• Location Data — precise or approximate location to provide nearby healthcare services
• Health-Related Information — service needs, care requirements, and medical context shared voluntarily by the user
• Appointment and Service History — records of bookings, completed services, and care interactions
• Device and Usage Data — device identifiers (including Android ID where applicable), app usage analytics, and crash reports for app performance
• Phone and Communication Data — phone number used for verification and communication purposes
• Camera and Storage Data (if applicable) — images or documents uploaded by the user for healthcare purposes

Health-related personal data is treated as sensitive data and is subject to additional security controls, strict access restrictions, and is never used beyond the stated purposes of service delivery.

Data collected is used strictly for the following purposes:

• Facilitate booking of healthcare services
• Provide location-based healthcare discovery and routing services
• Connect patients with healthcare professionals and hospitals
• Deliver customer support and resolve service issues
• Improve app performance, stability, and user experience
• Ensure user safety, fraud prevention, and platform integrity
• Send service-related notifications via Firebase Cloud Messaging (FCM)
• Comply with applicable legal and regulatory obligations

Data is processed only for purposes that directly support the functionality of AIDO applications and that users would reasonably expect when using the service.

We may share your data with verified partners only for the purpose of service delivery:

• Verified healthcare partners and professionals assigned to your service request
• Partner hospitals for coordinating care
• Service providers for hosting, analytics, notifications, and payment processing

Data shared with third-party service providers (such as Firebase) is governed by their respective privacy policies. We require all partners to maintain appropriate data protection measures consistent with applicable laws.

AIDO applications request the following device permissions. Each permission is used strictly for service delivery and is never misused for unrelated purposes.

• Location (Precise / Approximate)
  Used to identify nearby healthcare providers and enable routing to the user's location. Access is requested at runtime with explicit user consent before activation.
• Phone
  Used for user verification, OTP authentication, and communication with healthcare professionals.
• Storage / Camera (if applicable)
  Used to allow users to upload medical documents, prescriptions, or profile images. Access is only requested when needed for a specific user-initiated action.
• Notifications
  Used to deliver service updates, appointment reminders, and important alerts via Firebase Cloud Messaging (FCM).

Permissions not required for core app functionality are not requested. Unused permissions are removed from the application.

We implement appropriate technical and organizational measures to protect your personal data:

• Secure servers with encrypted data transmission (SSL/TLS) in transit and at rest
• Access control and authentication mechanisms to restrict data access to authorized personnel only
• Regular security assessments and monitoring of our systems
• Strict internal data handling procedures and staff confidentiality obligations

Note: No digital system is completely secure. While we take all reasonable precautions, we cannot guarantee absolute security against unauthorized access.

We retain personal data only for as long as necessary to provide the requested services or to comply with applicable legal and regulatory obligations. The specific retention periods are:

• Account and Profile Data — retained for the duration of your active account
• Service and Appointment Records — retained for up to 3 years for legal and audit purposes
• Analytics and Usage Data — retained in aggregated, anonymized form as required

Once data is no longer required for its original purpose and no legal obligation exists to retain it, we securely delete or anonymize it. If certain data must be retained after an account deletion request (for legal or regulatory compliance), users are clearly informed of this in this policy and during the deletion process.

You have the following rights regarding your personal data under applicable Indian law:

• Access a copy of your personal data held by us
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data (subject to legal retention obligations)
• Withdraw consent at any time without affecting the lawfulness of prior processing
• Nominate a representative to exercise these rights on your behalf
• Lodge a complaint with the Data Protection Board of India (once operational)

To exercise any of the above rights, please contact us at care@dpdpd.in. We will respond within 7–15 business days.

AIDO services are intended only for individuals aged 18 years or older.

We do not knowingly collect personal information from children under 18 years of age. If we become aware that personal data of a minor has been collected without appropriate consent, we will take immediate steps to delete such information promptly.

If you believe a minor has provided us with personal data, please contact us immediately at care@dpdpd.in.

We comply with applicable Indian laws and data protection regulations, including the Digital Personal Data Protection (DPDP) Act, 2023 and all subordinate rules issued thereunder.

We implement reasonable administrative, technical, and organizational safeguards to protect personal information from unauthorized access, disclosure, alteration, or misuse.

Our applications also comply with Google Play Developer Program Policies, including the User Data policy, Data Safety section requirements, and Health Apps policies applicable to healthcare-related applications.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Changes will be posted on this page with an updated effective date.

For significant changes, we will notify users through an in-app notice or via email where applicable. Continued use of the platform after the effective date constitutes acceptance of the revised policy.

Users may request deletion of their AIDO account and all associated personal data at any time using any of the following methods:

• Using the in-app account deletion option available within Settings (if enabled in your app version)
• By sending an email to care@dpdpd.in with the subject line "Account Deletion Request" — include your registered phone number for identity verification
• Through our dedicated web-based account deletion page at https://aidohomehealth.com/whatsapp/chatbot/delete-record-login/

Deletion requests are processed after identity verification and are completed within 30 days of the verified request. Temporary account deactivation does not qualify as account deletion.

AIDO applications use trusted third-party services for functionality, analytics, notifications, mapping, hosting, and payment processing. These services may collect limited technical data necessary for secure and reliable app functionality.

• Google Play Services
  Used for app distribution, licensing, and core Android functionality.
• Firebase Analytics
  Collects device identifiers (including Android ID), app usage data, session information, and crash reports to support app performance and stability improvements. Data is sent to Google servers and is governed by Google's Privacy Policy.
• Firebase Cloud Messaging (FCM)
  Collects and processes device registration tokens to deliver push notifications. No message content is stored by FCM beyond delivery.
• OpenStreetMap (OSM)
  Used to provide map rendering and display of nearby healthcare services. OSM is an open-data platform; tile requests may include approximate IP-based location.
• OSRM Routing Services
  Used for navigation and routing to healthcare locations. Route calculation requests may include origin and destination coordinates.
• Cloud Hosting Providers
  User data is stored on secure cloud servers. Hosting providers are contractually bound to maintain confidentiality and security standards.
• Payment Gateway Providers (if applicable)
  Payment transactions are processed through certified, PCI-DSS compliant payment gateways. AIDO does not store card or banking details.

It is your responsibility as the user to review the privacy policies of these third-party services. We are not liable for data practices of external providers beyond our disclosed purposes.

AIDO is an India-based service and primarily stores and processes data within India. However, certain third-party services integrated into AIDO applications — including Firebase (Google LLC) and related cloud infrastructure — may process or store data on servers located outside India, including in the United States and other countries.

Such cross-border data transfers are made only where necessary for service delivery and are governed by the privacy policies and data processing terms of the respective service providers. We ensure that adequate contractual and technical protections are in place for any data transferred outside India.

In accordance with the Digital Personal Data Protection (DPDP) Act, 2023 and applicable Indian regulations, DPDPD Private Limited has designated a Grievance Officer to address privacy-related concerns raised by users.

Privacy grievances and data protection inquiries will be acknowledged within 72 hours and resolved within 30 days of receipt. If you are unsatisfied with the resolution, you may escalate to the Data Protection Board of India once it becomes operational.