Privacy notice
This notice explains what personal data CuraVis processes, why, how it is protected, and the rights you hold under India's Digital Personal Data Protection Act, 2023.
About this notice
CuraVis is a practice management app for homeopathy doctors in India, operated by Qbler Technolabs Private Limited ("CuraVis", "we", "us"), with its registered office at No. 4/461, 2nd Floor, Suite No. 202, Valamkottil Towers, Judgemukku, Kakkanad, Kochi, Kerala 682021, India. This notice covers the website at curavis.io and the CuraVis mobile, tablet, and web apps.
We have written it to align with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the principles of lawful, fair, and transparent processing. Where a term such as Data Fiduciary, Data Processor, or Data Principal is used, it carries the meaning given to it in that Act.
Who is responsible
There are two kinds of personal data in CuraVis, and responsibility for them is different.
- Your account data. For the data that identifies you and runs your account, such as your name, phone number, and practice details, CuraVis is the Data Fiduciary and decides how that data is handled.
- Your patients' records. For the case notes, prescriptions, vitals, labs, attachments, and other records you enter about your patients, you are the Data Fiduciary. CuraVis acts as your Data Processor: we hold that data and sync it automatically across your devices to provide the service. You remain responsible for obtaining your patients' consent and for the lawful basis of those records.
Data we process
Account and identity
Your name, mobile number, practice name, and role. If you add an assistant, their name and mobile number, added by you with their knowledge.
Patient records you enter
Patient demographics, chief complaints, case history, symptoms, prescriptions, appointments, follow-ups, vitals, lab results, diary entries, and any files you attach. You decide what to record.
Technical and security data
Limited log data such as the device type, app version, approximate time of a request, and the network address it came from. We use this to keep the service secure and working, and to meet our legal obligations.
If you turn on notifications, we store a notification token for your device so we can deliver them, and you can turn them off at any time. When you use CuraVis in a web browser, an abuse-prevention check helps us tell a real person from automated misuse; to do this it receives technical signals from your browser, such as your network address and how you interact with the page.
We do not run advertising trackers, we do not sell personal data, and we never use your records or your patients' records to train machine learning models.
How we use it
- To provide the app: storing your records, syncing them across your devices, and showing the materia medica.
- To sign you in, using a one-time code sent to your mobile number.
- To keep the service secure, diagnose faults, and prevent abuse.
- To respond to your questions and support requests.
- To send notifications you have turned on, such as appointment and follow-up reminders.
- To meet legal and regulatory obligations that apply to us.
We process your account data on the basis of your consent and to perform the service you have asked for. We process your patients' records on your behalf, as your processor, to provide the service you have asked for.
Storage and security
- On your phone, records are held in an encrypted local database, so the device works fully even with no signal.
- When records sync, they travel over TLS and are encrypted at rest on the server, behind strict access control.
- Every record is scoped to your practice and isolated from all others. An assistant can manage patients and the calendar but can never see case notes, prescriptions, or attachments, which is enforced on the server.
- Sign-in uses a one-time code rather than a password, so there is no password to guess or to leak.
No system can promise perfect security, but we design CuraVis to keep the surface small and the data protected at each step. If we ever become aware of a breach affecting your data, we will act and notify as the law requires.
How long we keep it
We keep account data for as long as your account is active, and for a short period afterwards to handle closure and any legal need.
Patient records are medical records. The National Medical Commission requires them to be kept for at least three years, so they are retained for at least that period before they can be removed. Security logs are kept for 180 days, in line with the CERT-In directions. When a retention period ends and no obligation remains, data is deleted or anonymised.
Your rights
As a Data Principal under the DPDP Act, you can:
- ask for access to a summary of the personal data we process about you;
- ask us to correct or complete data that is wrong or incomplete;
- ask us to erase data we no longer need to keep;
- withdraw a consent you have given, as easily as you gave it; and
- nominate another person to exercise your rights if you are unable to.
To exercise any of these, write to privacy@curavis.io. Where you act as the fiduciary for your patients' records, you can export or delete those records from within the app at any time.
Children
CuraVis is a professional tool intended for registered practitioners, not for use by children. Where a patient in your care is a child, you are responsible, as the fiduciary for that record, for any consent the law requires from a parent or guardian.
Grievance and complaints
If you have a concern about how your data is handled, contact our Grievance Officer, Anshad Ali, at grievance@curavis.io. We will acknowledge and work to resolve it.
If you are not satisfied with our response, you have the right to complain to the Data Protection Board of India.
Changes to this notice
We may update this notice as the app and the law evolve. Each version carries a number and an effective date, and a published version is never altered in place: a change means a new version. Where a change is significant, we will tell you before it takes effect.