Privacy Policy

Last updated: September 19, 2025

Contents

1. Introduction
2. Data We Collect
3. How We Use Your Data
4. Sensitive & Health Data
5. Sharing & Disclosure
6. Third-Party Services
7. Location & Maps
8. Push Notifications
9. Security
10. Data Retention
11. Your Rights
12. Children
13. Changes to This Policy
14. Contact Us

1. Introduction

Welcome to EMTUPO. EMTUPO provides a mobile platform that helps users find and consult doctors, book clinic or home visits, and access health-related educational content. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and how users can exercise their privacy rights.

2. Data We Collect

We collect information that is necessary to provide and improve our Service. This includes:

Account & identity data: name, username, email address, phone number, profile photo, and other registration details.
Authentication data: passwords (stored securely), authentication tokens (JWT or similar), and device identifiers.
Contact & profile: address, city/locality, profile preferences.
Health & appointment data (sensitive): doctor/patient relationship, appointment dates & times, consultation notes, diagnoses, prescriptions, test recommendations, and consultation history.
Location data: GPS coordinates (when you enable location permissions), used for nurse/doctor house visits and route guidance.
Media & content: photos, videos, and files you upload (for blog posts, profile, or for consultations).
Notification tokens: FCM/APNs tokens so we can send push notifications to your device.

3. How We Use Your Data

We process personal data for the following core purposes:

Provision of Services: schedule and manage appointments, show doctor profiles, enable chat and video consultations, and support in-person visits.
Billing & Payments: charging for consultation fees, issuing receipts, and handling refunds.
Communication: confirmations, reminders and user support messages.
Content Publishing: managing blog posts, images, and videos uploaded by your company.
Improvement & Analytics: analyze usage patterns to improve our features and reliability.
Security & Fraud Prevention: detect abuse, investigate incidents, and comply with legal obligations.

4. Sensitive & Health Data

Health-related data (diagnoses, prescriptions, consultation notes) is treated as sensitive personal data. We:

Collect and process this data only when you (or your healthcare provider) provide consent.
Limit access to authorized healthcare providers, the patient, and system administrators as necessary.
Store this data securely and only keep it as long as required to provide the Service, comply with law, or for legitimate business needs.

We may share personal data in these circumstances:

With healthcare providers: Your appointment, consultation details, and relevant medical history are shared with your selected doctor or nurse to enable care.
Legal reasons: If required by law, litigation, or to protect safety and rights.
Business transfers: In the event of merger, acquisition, or sale of assets, personal data may be transferred subject to confidentiality and privacy obligations.

6. Third-Party Services

We use certain third-party services to operate features in the app. Typical providers include (but are not limited to):

Firebase (authentication, analytics, push notifications)
Google Maps & Directions APIs (maps, geocoding, routes)
ZEGOCLOUD (video call SDK)
Payment processors such as Stripe, Razorpay, or others that you choose (for processing payments)
Cloud hosting & storage (for media and database servers)

Each provider has its own privacy policy; we recommend reviewing those policies for details about their use of data.

7. Location, Maps & Live Routing

For home visits and route guidance we may:

Request and use your device location while the app is running.
Send the provider’s live location to our backend and to the patient (only for the duration required).
Use Google Maps/Directions to compute routes and ETAs.

Control: You can disable location permissions at any time from your device settings. If you revoke location permission, some features (e.g., live tracking, route guidance) will not function.

8. Push Notifications & Reminders

We use push notifications to send appointment confirmations, reminders, status updates, and other transactional messages. To receive push notifications, you must allow notification permissions and we will store a device token (FCM/APNs) on our servers.

9. Security

We implement appropriate technical and organizational measures to protect personal information, including:

Encryption in transit (HTTPS/TLS) for network communications.
Secure password storage (industry-standard hashing).
Access control, role-based permissions, and logging for admin actions.
Regular audits, patching, and secure coding practices.

However, no system is perfectly secure. If a breach occurs, we will comply with applicable laws and notify affected users and authorities as required.

10. Data Retention

We retain personal data as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. For example:

Account data: until the account is deleted.
Appointment & consultation records: retained as required by medical recordkeeping policies and law.
Logs & analytics: retained for a limited period for troubleshooting and analytics.

11. Your Rights

Depending on your jurisdiction, you may have rights including:

Access: request a copy of your personal data.
Rectification: correct inaccurate data.
Deletion: request deletion of personal data (subject to legal exceptions).
Portability: request a machine-readable copy of certain data.
Restriction & objection: object to certain processing activities.

To exercise rights, contact us at the address below. We may need to verify your identity before fulfilling requests.

12. Children

Our Service is not intended for children under the age of 16. We do not knowingly collect personal data from children without parental consent. If you believe we have inadvertently collected data about a child, contact us to request deletion.

13. Changes to This Policy

We may update this Privacy Policy periodically. When changes are significant, we will notify you by email, in-app notice, or by posting a prominent notice on the site. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, please contact:

EMTUPO
Email: privacy@emtupo.example
(Replace with your official contact details)