Privacy Policy

1. What data we collect

When you use immidit, we may collect:

2. Why we collect it

• —Service delivery: Your address and health data are essential for the nurse to find you and provide safe, appropriate care.
• —Safety: Allergies and medical conditions help the nurse avoid contraindicated procedures and medications.
• —Billing: Payment records are needed to issue receipts, process refunds, and comply with GST regulations.
• —Communication: We send booking confirmations, nurse arrival alerts, and OTPs via SMS. We do not send unsolicited marketing without your consent.

3. Who we share it with

We share your data only with those who need it to fulfil your booking:

• —The assigned nurse: Receives your name, address, health data, and booking details before the visit.
• —Pharmacy partner: Where consumables or medicines are required for your service, the pharmacy receives the order details to prepare the kit.
• —Payment processor (Razorpay): Processes your payment under their own privacy policy and PCI-DSS standards.
• —Regulatory authorities: If required by law, court order, or government direction under applicable Indian law.

5. How long we keep it

Clinical records associated with completed home nursing visits are retained for 7 years from the date of service, as required under Indian healthcare regulations (Clinical Establishments Act and applicable state rules).

Non-clinical data — such as your profile name, saved addresses, and app preferences — can be deleted on your request at any time (see Section 6 below). If you delete your account, we remove all non-clinical data immediately and flag clinical records as inactive.

6. Your rights

You have the right to:

• —Access the personal data we hold about you — email us and we will provide a summary within 30 days.
• —Correct inaccurate information via the Profile section of the app or by emailing us.
• —Delete non-clinical data — use the option below, or email privacy@immidit.com. Clinical records linked to completed visits must be retained for the 7-year period mentioned above.

7. Health data security

All data transmitted between your device and our servers uses TLS 1.2+ encryption (HTTPS). Health data stored in our database is encrypted at rest. Access to health records is restricted to authorised staff and the specific nurse assigned to your booking.

We conduct regular internal security reviews. If a data breach occurs that affects your personal data, we will notify you within 72 hours as required by applicable law.

8. Cookies

immidit uses minimal cookies — only those strictly necessary for session management (keeping you logged in between pages). We do not use advertising cookies, tracking pixels, or third-party analytics cookies that follow you across the web.

9. Privacy requests

For any privacy-related requests — access, correction, or deletion — contact us at privacy@immidit.com. We will acknowledge your request within 5 business days and resolve it within 30 days.

10. Grievance Officer

As required under India's Information Technology Act 2000 and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, immidit has designated a Grievance Officer for data protection concerns: