At SpotSense, we are committed to ensuring that patient data remains private. We only collect medical and personal data that is absolutely necessary to provide our services, and we uphold the highest standards of data privacy and security. This Privacy Policy outlines how we collect, use, store, and protect patient information.

​

1. Information We Collect

1.1 Personal Information

We may collect information that identifies the patient as an individual, such as:

• Full name

• Email address

• Phone number

• Billing information (e.g., credit card details)

1.2 Medical Information

To provide our medical devices and diagnostic services, we only collect the data required for these purposes, such as:

• Device usage data

• Test results essential for diagnostics (only if explicitly consented to by the patient)

1.3 Usage Data

To enhance our services, we may collect non-medical usage data, including:

• IP address

• Browser type

• Device information

• Pages visited and actions taken within the app or website

​

2. How We Use the Patient's Information

SpotSense uses the collected information to:

• Provide, maintain, and improve the service

• Process payments for subscriptions and services

• Send the patient important notifications about their account or services

• Analyze usage patterns to optimize performance and features

​

3. Sharing the Patient's Information

We do not sell, rent, or share personal or medical information of the patients with third parties, except if and when required by law. Any OEM who working with us is also liable to uphold this patient privacy value and we expect no sale of personal information of patients to happen using white-labeled devices. 

​

4. Data Security

We take data security seriously and implement stringent measures to protect the patient's personal and medical information:

• Encryption: All data is encrypted in transit and at rest using industry-standard protocols.

• Access Controls: Only authorized personnel have access to personal information of the patients, and they are bound by strict confidentiality agreements.

• Secure Authentication: We use secure authentication methods, such as two-factor authentication (2FA), to protect patient accounts.

Despite our efforts, no method of transmission over the internet is 100% secure. While we strive to protect patient information, we cannot guarantee absolute security.

 

5. Data Retention

We retain the patient's personal and medical information only for as long as necessary to provide our services or as required by law. Once their account is deactivated, we delete the patient's data unless retention is required to meet legal obligations.

​

6. The Patient's Data Rights

The patient has the following rights concerning their personal and medical information:

• Access: Request access to the personal information we hold about them.

• Correction: Request corrections to any inaccurate or incomplete information.

• Deletion: Request the deletion of their personal information, subject to legal or regulatory obligations.

• Data Portability: Request a copy of their data in a structured, machine-readable format.

• Objection: Object to certain processing activities, such as receiving marketing emails.

In the event of a conflict between patient and a provider regarding usage of their data, preference will be given to the patient without any exceptions.

To exercise these rights, the patient can contact us at amrita@spotsense.in.

​

7. Cookies and Tracking Technologies

We use minimal tracking technologies to enhance user experience:

• Essential Cookies: Necessary for the website to function correctly.

• Performance Cookies: Help us analyze usage to improve performance.

We do not use marketing cookies or engage in targeted advertising.

​

8. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We recommend reviewing their privacy policies.

​

9. Privacy of minors

Patient name for children below the legal age of consent is not collected and they are referred as C/o . <Parent’s name>. If age is detected less than 18 years in a test report, the patient name is automatically excluded from the system and replaced with a numerical identification. Hence labs and hospitals are requested to cooperate with the same.

​

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be communicated via email or in-app notifications. We encourage users to review this policy periodically.