Privacy Policy
Last updated: 3 July 2026
This Privacy Policy explains how Astanga Wellness Pvt. Ltd., operating the MyVaidya platform ("MyVaidya", "we", "us"), collects, uses, and protects information about physicians, clinics, and patients who use MyVaidya. It applies whether you use MyVaidya as a Physician User managing a clinic, or a Patient User booking and receiving care.
1. Information we collect
From physicians/clinics:
- Name, credentials, specialty, clinic name, email, and login credentials
- Consultation fees and clinic settings you configure
- Records you create while treating patients (case notes, prescriptions, procedure plans)
From patients:
- Contact and identity information: name, phone number, email, date of birth, gender, address, occupation, marital status
- Health information: chief complaints, medical history, examination findings, diagnosis, prescriptions, procedure records, and other clinical documentation entered by your physician
- Booking information and your self-reported UPI payment confirmation (paid directly to your clinic — MyVaidya does not process or store payment details; see Section 4)
- Consent records: what you agreed to, when, and how (in-person tap or remote link approval)
2. How we use this information
- To operate the booking, case documentation, prescription, and consent features of MyVaidya
- To process payments and manage cancellations, refunds, and credits
- To send appointment confirmations and reminders (via WhatsApp, using Twilio) where enabled
- To schedule and host online consultations (via Google Calendar/Meet) where you book an online appointment
- To maintain accurate clinical records for continuity of your care with your treating physician
3. Who your information is shared with
Your health and personal information is visible only to your treating physician and their clinic staff (if any)— never to other, unrelated clinics or physicians on the platform. Each clinic's data is kept logically separate. We do not sell your personal or health information to third parties.
4. Third-party service providers
We rely on the following service providers to operate MyVaidya, each of which processes a limited slice of information necessary for their function:
- Supabase — database hosting and authentication for all account and clinical data
- Google — calendar scheduling and video calling (Google Meet) for online consultations
- Twilio — WhatsApp message delivery for booking confirmations and reminders
Payments do not go through MyVaidya at all. Each clinic sets up their own UPI ID and receives payment directly from patients through their own UPI app or bank — MyVaidya never collects, holds, or has visibility into your payment credentials, and does not use any external payment processor.
5. Your consent
Before treatment, and again before specific actions such as receiving a prescription or undergoing a procedure, MyVaidya requires you to read and approve consent forms specific to your treating clinic. You can approve these either in person on your physician's device, or remotely via a link sent to your phone/email. These records are retained as part of your clinical file.
6. Data retention
We retain clinical records for as long as your account and treatment relationship with a clinic remain active, and thereafter as required for legal, medical record-keeping, or regulatory purposes. You may request deletion of your account data, subject to any retention obligations that apply to healthcare records under Indian law.
7. Data security
We use industry-standard technical measures (encrypted connections, access controls scoped to your own clinic, and authenticated access) to protect your information. No system is completely secure, and we encourage you to use a strong, unique password for your account.
8. Your rights
Under the Digital Personal Data Protection Act, 2023 and applicable Indian law, you have the right to access, correct, or request deletion of your personal data, and to withdraw consent where processing is based on consent. To exercise these rights, contact us using the details below.
9. Children's data
If a patient is a minor, booking and consent should be completed by a parent or legal guardian on the minor's behalf.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above.
11. Contact us
For privacy questions or to exercise your data rights, contact drkembhavikpl@gmail.com.