Privacy Policy
Prvaha is operated by Bhuneshvar, a sole proprietorship based in India. We are committed to protecting your privacy and the security of your personal and healthcare-related information.
Last Updated: June 23, 2026
Our Role: Data Fiduciary vs. Data Processor
Prvaha is a business-to-business platform used by clinics, polyclinics, diagnostic centres, and hospitals ("Healthcare Organizations") to manage their operations.
- Patient and clinical data entered by a Healthcare Organization: the Healthcare Organization is the Data Fiduciary — it decides why and how the data is processed and is responsible for obtaining patient consent. Prvaha acts only as a Data Processor, processing such data on the Healthcare Organization's documented instructions.
- Account, billing, website, and marketing data of our direct users and visitors: Prvaha acts as the Data Fiduciary.
If you are a patient and wish to access, correct, or delete your medical records, please contact the Healthcare Organization that treats you; we will support them in fulfilling your request.
Information We Collect
Personal Information
- Name, email address, phone number
- Date of birth, gender
- Account credentials
Health & Medical Information
- Appointment details and clinical notes
- Medical records and prescriptions
- Lab investigations, diagnoses, and reports
Usage Data
- IP address and device information
- Browser type and pages visited
- Actions performed within the platform
Cookies & Tracking
We use cookies and similar technologies to enhance user experience and analyze usage. See our Cookie Policy for details.
How We Use Your Information
We use the collected data to:
- Provide and maintain our services
- Manage appointments and patient records
- Improve platform performance and user experience
- Communicate important updates and notifications
- Ensure security and prevent fraud
- Comply with legal and regulatory requirements
Data Sharing & Disclosure
We do not sell your personal data.
We may share your information with:
- The Healthcare Organization you belong to or are treated by
- Authorized staff and administrators within that organization
- Third-party service providers ("sub-processors", see §5)
- Legal or regulatory authorities when required by law
All third parties are bound by contractual obligations to maintain confidentiality and data security.
Sub-processors
We use trusted third-party service providers to operate the platform. They process data only as needed to provide their service and under appropriate data-protection commitments. Current categories include:
- Cloud hosting & infrastructure — running the application and databases
- Payment processing — Razorpay, for subscription billing
- Email delivery — transactional and notification emails
- Video consultations — real-time audio/video infrastructure
- AI assistant — to power in-app assistance features
- Object storage — for files and documents
- Monitoring & error tracking — to keep the service reliable and secure
We review our sub-processors and will update this list as it changes.
Data Security
We implement industry-standard security measures, including:
- Encryption of sensitive data in transit and at rest
- Secure authentication mechanisms
- Role-based access control and tenant data isolation
- Audit logging and regular security reviews
However, no system is 100% secure, and we cannot guarantee absolute security.
Data Retention
We retain your information only as long as necessary to:
- Provide services
- Comply with legal obligations
- Resolve disputes
You may request deletion of your data, subject to legal and medical record retention requirements. See our Data Retention & Deletion page for how to submit a request.
Your Rights
Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you may have the right to:
- Access a summary of your personal data and how it is processed
- Correct, complete, or update inaccurate information
- Request erasure of your data
- Withdraw consent at any time
- Nominate another individual to exercise your rights in the event of death or incapacity
- Grieve and seek redressal through our Grievance Officer (see §12)
To exercise your rights, contact us using the details in §12. Patients should contact their Healthcare Organization, as it is the Data Fiduciary for clinical records.
Children's Privacy
Prvaha is not intended for use by individuals under the age of 18 without verifiable parental or guardian consent. We do not knowingly process children's data for tracking or targeted advertising.
Third-Party Services
Our platform may contain links to or integrations with third-party services. Their use of your data is governed by their own privacy policies, and we are not responsible for their practices.
Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Last Updated" date. Continued use of Prvaha after updates constitutes your acceptance of the revised policy.
Grievance Officer & Contact
If you have any questions, concerns, or grievances about this Privacy Policy or how your data is handled, please contact our Grievance Officer. We aim to acknowledge grievances promptly and resolve them within the timelines required by law.
Contact Us
- Operator
- Bhuneshvar
- hello@prvaha.com
- Phone
- +91 7888812282
- Address
- 317, Ahri, Jhajjar, Haryana
Compliance
We strive to comply with applicable data protection laws, including:
- The Digital Personal Data Protection Act, 2023 (DPDP Act)
- The Information Technology Act, 2000 and the SPDI Rules, 2011
- The General Data Protection Regulation (GDPR), where applicable