Privacy Policy

This Privacy Policy is published by SYNQORA TECHNOLOGIES PRIVATE LIMITED, a company incorporated under the Companies Act, 2013, operating the platform AtYourHome accessible at atyourhome.co.in (collectively, the "Platform").

Registered Address: 6-65/2/102 Datta Sai Enclave, Chanda Nagar, Hyderabad – 500050, Telangana, India.

This policy governs how we collect, use, store, share, and protect personal information of users, patients, and visitors who access or use our Platform or services. By using our Platform, you agree to the practices described in this policy.

We collect only the information necessary to provide you with our services safely and effectively.

We do not collect information beyond what is stated above. You may choose not to provide certain information, but this may limit your ability to use some features of the Platform.

Health and medical information you share with us is classified as Sensitive Personal Data or Information (SPDI) under the SPDI Rules, 2011, and as a special category of personal data under the DPDPA, 2023. This data receives the highest level of protection we apply.

Health data shared by you includes:

• Medical conditions, diagnoses, or symptoms described in booking notes
• Prescriptions or medical reports you upload
• Observations recorded by our professionals during a service visit (with your consent)
• Post-visit care instructions and clinical notes shared with your treating physician

You may withdraw consent for the processing of your health data at any time by contacting our Grievance Officer. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

We use your personal information for the following purposes only:

• Service Delivery: To match you with the appropriate healthcare professional, schedule visits, and coordinate care.
• Account Management: To create and maintain your account, verify your identity, and manage your bookings and preferences.
• Payment Processing: To process transactions securely through our PCI-DSS-compliant payment gateway partners.
• Communications: To send booking confirmations, appointment reminders, service updates, and support responses via SMS, WhatsApp, or email.
• Safety & Verification: To verify the identity of professionals, screen for compliance, and ensure the safety of all parties.
• Legal Compliance: To comply with applicable Indian laws, court orders, or regulatory requirements.
• Platform Improvement: To analyse anonymised usage data, detect bugs, and improve our services — this analysis does not involve identifiable personal data.
• Marketing (with consent only): To send promotional messages about new services, offers, or health content — only if you have opted in. You may unsubscribe at any time.

Under the Digital Personal Data Protection Act, 2023, we process your personal data on one or more of the following lawful grounds:

• Consent: You have given explicit consent for specific purposes (e.g., health data collection, marketing communications).
• Contractual Necessity: Processing is necessary to fulfil the service contract between you and us when you place a booking.
• Legal Obligation: Processing is required to comply with applicable Indian law (e.g., GST records, court orders).
• Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., fraud prevention, platform security) provided this does not override your rights.

We do not sell, rent, or trade your personal information. We share your data only in the following limited circumstances:

• Healthcare Professionals: We share relevant booking details and health information with the assigned nurse, physiotherapist, or caregiver to enable them to deliver the service safely. They are contractually bound to maintain confidentiality.
• Payment Gateways: Transaction data is shared with our PCI-DSS-compliant payment partners (e.g., Razorpay) to process payments. We do not store full card numbers or CVV data.
• SMS / WhatsApp Providers: Your mobile number is shared with communication service providers (e.g., Twilio, MSG91) solely for the purpose of sending booking notifications and OTPs.
• Analytics Providers: Anonymised, aggregated usage data may be shared with analytics tools (e.g., Google Analytics). No personally identifiable information is included.
• Legal & Regulatory Authorities: We disclose personal information when required by law, court order, government authority, or to protect our legal rights.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.

Your data is stored on secure servers located within India, in compliance with the data localisation requirements of applicable Indian law.

We retain your personal data for the following periods:

• Account data: For the duration of your account, plus 3 years after account deletion (required for legal and audit purposes).
• Booking and health data: For 7 years from the date of the service, in compliance with medical records standards under the Clinical Establishments Act and applicable guidelines.
• Payment transaction records: For 8 years, as required under the Prevention of Money Laundering Act (PMLA) and GST regulations.
• Communication records (support queries, emails): For 3 years.
• Uploaded documents: Retained for the period required to deliver the service, then deleted unless longer retention is mandated by law.

After the applicable retention period, data is securely deleted or anonymised so it can no longer be linked to any individual.

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, or disclosure:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Encryption at rest: Sensitive personal and health data is encrypted at rest using AES-256.
• Access controls: Access to personal data is restricted to authorised personnel on a strict need-to-know basis. All access is logged and audited.
• Secure payment processing: Payment data is handled by PCI-DSS-certified payment gateways. We never store full card numbers or CVV codes on our systems.
• Regular security reviews: We conduct periodic security assessments of our infrastructure, code, and data handling practices.
• Staff training: All employees and contractors with data access receive training on data protection obligations and confidentiality.

We use cookies and similar technologies on our Platform. Cookies are small text files stored on your device that help us provide a better experience.

• Strictly Necessary Cookies: Required for the Platform to function (e.g., session authentication, shopping cart). Cannot be disabled.
• Preference Cookies: Remember your settings and preferences (e.g., language, location). Can be disabled in browser settings.
• Analytics Cookies: Collect anonymised data about how users interact with the Platform to help us improve it (e.g., Google Analytics). You may opt out via your browser settings or the Google Analytics opt-out tool.
• Communication Cookies: Used for WhatsApp chat widgets or similar tools integrated on the Platform.

You can manage or delete cookies at any time through your browser settings. Disabling cookies may affect the functionality of some parts of the Platform. We do not use cookies for cross-site advertising or behavioural profiling.

Under the Digital Personal Data Protection Act, 2023 and the IT (SPDI) Rules, 2011, you have the following rights with respect to your personal data:

To exercise any of these rights, contact our Grievance Officer at contact@synqora.in. We will respond within 30 days of receiving your request.

Our Platform is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@synqora.in and we will delete that information promptly.

When a booking is made on behalf of a minor patient by a parent or guardian, the parent or guardian is the account holder and is responsible for providing consent for the collection and processing of the minor's health data.

Our Platform may contain links to third-party websites or services (e.g., payment gateways, social media pages, WhatsApp). This Privacy Policy applies only to the AtYourHome Platform. Once you leave our Platform by clicking a third-party link, we have no control over and assume no responsibility for the privacy practices or content of those third-party sites.

We encourage you to review the privacy policies of every third-party website you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this page.
• Notify registered users via email or an in-app notification before the changes take effect (for significant changes).
• Seek fresh consent where required by applicable law.

Your continued use of the Platform after any changes constitutes acceptance of the updated policy. If you do not agree with the changes, you may close your account and request deletion of your data.

In accordance with the Information Technology Act, 2000 and the SPDI Rules, 2011, we have appointed a Grievance Officer to address any complaints or concerns regarding the processing of your personal data.

If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India once constituted under the Digital Personal Data Protection Act, 2023.