At AlfaCare, your health data is sacred. We are committed to protecting your privacy with the highest standards of security, transparency, and compliance — including full HIPAA adherence.
Last Updated: June 14, 2026
Version: 3.2
Jurisdiction: India
01 — Introduction
Our Commitment to Your Privacy
AlfaCare Health Technologies Pvt. Ltd. ("AlfaCare," "we," "us," or "our") is a healthcare intelligence platform that connects doctors, patients, and clinical coordinators through advanced tools. We understand that health data is among the most sensitive information you can share, and we take that responsibility seriously.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform — including the Doctor Portal, Patient Portal, and Coordinator Portal. It also describes your rights regarding your personal and protected health information (PHI).
Important Notice
By accessing or using AlfaCare's services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with these terms, please discontinue use of our platform immediately.
Our mission is to make healthcare smarter and safer for everyone. Privacy is not an afterthought — it is foundational to everything we build. We are committed to:
Being fully transparent about what data we collect and why
Using your data only to improve your healthcare experience
Never selling your personal or health information to third parties
Giving you full control over your data at all times
Maintaining the highest standards of security and compliance
02 — Data Collection
What Information We Collect
We collect information in three primary ways: information you provide directly, information collected automatically, and information from third-party healthcare providers.
Information You Provide Directly
Data Category
Examples
Purpose
Account Information
Name, email, phone, date of birth
Identity verification & account creation
Health Records (PHI)
Lab reports, diagnoses, medications
Clinical decision support & health management
Vitals & Measurements
Blood pressure, BMI, glucose, heart rate
Predictive health tracking & monitoring
Medical History
Past diagnoses, allergies, surgeries
Comprehensive patient profile & insights
Family Health Data
Family member records (with consent)
Family Health Vault feature
Payment Information
Billing details (tokenized)
Subscription and service billing
Information Collected Automatically
When you use AlfaCare, we automatically collect certain technical information to ensure platform performance and security:
Device information (type, operating system, browser)
IP address and approximate geographic location
Usage logs and session data for security monitoring
Feature interactions to improve the user experience
Error logs and crash reports for system reliability
Data Minimization Principle
AlfaCare follows strict data minimization practices. We collect only the information that is necessary to deliver our services. We never collect data speculatively or for undisclosed purposes.
03 — How We Use Data
How Your Data Powers Better Healthcare
AlfaCare uses your information exclusively to deliver, improve, and protect our healthcare platform. We never use your data for advertising or sell it to marketers. Here is how your data works for you:
Clinical Support
Power Alfa Summary, Alfa Diagnosis, Alfa Vitals, and Alfa Suggestions with patient-consented health data.
Predictive Health Alerts
Generate personalized health reminders, screening schedules, and wellness trend analysis.
Clinic Operations
Enable OPD queue management, billing processing, and digital report generation for coordinators.
Security & Compliance
Detect fraud, prevent unauthorized access, and ensure regulatory compliance across all operations.
We Will Never:
Sell your health data to insurance companies, pharmaceutical companies, advertisers, or any third party for commercial gain. Your health information is used solely to improve your healthcare experience.
04 — Protection Measures
How We Protect Your Data
AlfaCare employs a defense-in-depth security architecture that protects your health data at every layer — from transmission to storage to access control.
Technical Safeguards
AES-256 Encryption: All health records are encrypted at rest using industry-leading AES-256 encryption standard
TLS 1.3 in Transit: All data transmitted between your device and our servers is protected by TLS 1.3 protocol
Zero-Knowledge Architecture: Sensitive PHI is processed in a manner where even AlfaCare engineers cannot access raw patient records
Multi-Factor Authentication: All clinical staff accounts require MFA for access
Role-Based Access Control: Strict RBAC ensures users only access data relevant to their role
Audit Logging: Every access to PHI is logged with timestamp, user ID, and action performed
Organizational Safeguards
Annual third-party security audits by certified healthcare cybersecurity firms
HIPAA-trained staff with signed business associate agreements (BAAs)
Documented incident response plan with 72-hour breach notification
Regular penetration testing and vulnerability assessments
ISO 27001 certified information security management system
Data Retention Policy
We retain your health data for as long as your account is active or as required by applicable law. Medical records are retained for a minimum of 7 years in compliance with healthcare regulations. You may request deletion of non-PHI personal data at any time.
05 — Your Rights
Your Privacy Rights
Under GDPR, HIPAA, and applicable local data protection laws, you have comprehensive rights over your personal and health information. AlfaCare is committed to honoring all of these rights promptly and transparently.
Right to Access
Request a complete copy of all personal data and PHI we hold about you at any time. We will respond within 30 days.
Right to Rectification
Correct any inaccurate or incomplete personal information in your account through the platform settings or by contacting us.
Right to Erasure
Request deletion of your personal data, subject to legal retention requirements for medical records under applicable healthcare law.
Right to Restriction
Ask us to restrict or suspend processing of your data in specific circumstances while a dispute or review is in progress.
Right to Portability
Export your health records in standard formats (PDF, FHIR, HL7) to share with other healthcare providers of your choice.
Right to Object
Object to certain types of processing, including any direct communications not directly related to your clinical care.
Exercising Your Rights
To exercise any of these rights, contact our Data Protection Officer at [email protected] or through the Privacy Center in your account settings. We will respond within 30 calendar days of receiving your verified request.
06 — Third-Party Sharing
Third-Party Data Sharing
AlfaCare does not sell, rent, or trade your personal health information. We may share data with trusted third parties only under the following limited and specific circumstances:
Permitted Sharing
Healthcare Providers: Sharing PHI with treating physicians and clinical teams as authorized by the patient, in accordance with HIPAA's Treatment, Payment, and Operations (TPO) provisions
Cloud Infrastructure Partners: Encrypted data stored with ISO 27001-certified cloud providers (AWS, Azure) under strict data processing agreements
Payment Processors: Tokenized payment data shared with PCI-DSS compliant payment processors only — we never store raw card details
Legal Compliance: Disclosure required by law, court order, or regulatory authority, only to the minimum extent necessary
Business Successors: In the event of a merger or acquisition, with equivalent privacy protections guaranteed contractually
Strictly Prohibited Sharing
AlfaCare will NEVER share your health data with insurance companies for underwriting purposes, employers, pharmaceutical advertisers, data brokers, or any entity for commercial profiling. All third-party partners sign strict Business Associate Agreements (BAAs) prohibiting such use.
De-Identified Research Data
With your explicit opt-in consent, AlfaCare may contribute anonymized and fully de-identified aggregate data to medical research initiatives. This data cannot be traced back to any individual and is used only to advance healthcare science. You may opt out at any time.
07 — Cookie Policy
Cookies & Tracking
AlfaCare uses cookies and similar technologies to operate our platform securely and efficiently. We use only the minimum cookies necessary and never use tracking cookies for advertising purposes.
Essential
Strictly Necessary Cookies
Required for the platform to function — including session management, authentication tokens, and security verification. Cannot be disabled.
Functional
Functional Cookies
Remember your preferences (language, region, display settings) to provide a personalized experience. You may opt out, but some features may be affected.
Analytics
Analytics Cookies
Anonymized usage data to understand how the platform is used and improve it. All analytics data is aggregated and cannot be linked to individuals. Opt-in only.
You can manage your cookie preferences at any time through your account settings or browser configuration. Withdrawing consent for non-essential cookies will not affect the functionality of core healthcare features.
08 — HIPAA Compliance
HIPAA Compliance & Healthcare Regulations
AlfaCare is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, including the Privacy Rule, Security Rule, and Breach Notification Rule. As a Business Associate under HIPAA, we have specific obligations for handling Protected Health Information (PHI).
HIPAA Key Obligations
Business Associate Agreements (BAAs) with all clinical partners
Minimum necessary standard for PHI access and disclosure
72-hour breach notification to affected individuals and HHS
Annual HIPAA risk assessments and staff training programs
Patient right to access and amend their PHI at any time
Audit controls and activity logs for all PHI access events
Patient Rights Under HIPAA
As a patient using AlfaCare, you have specific rights under the HIPAA Privacy Rule:
The right to receive a Notice of Privacy Practices (this document serves that purpose)
The right to access and receive copies of your health records within 30 days
The right to request amendments to your health records
The right to receive an accounting of disclosures of your PHI
The right to request restrictions on certain uses and disclosures
The right to file a complaint with AlfaCare or the U.S. Department of Health and Human Services
09 — Contact Us
Privacy Team Contact
If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please reach out to our dedicated Privacy Team. We are committed to responding to all privacy inquiries within 5 business days.