How we handle your data

1. Who we are

PulseDesk is a clinic management platform operated by Zhecker Technologies Private Limited, a company incorporated under the Companies Act, 2013, with its registered office at 45-A, 2nd Floor, Alaknanda Tower, City Center, Gwalior, Madhya Pradesh 474011, India.

For the purposes of this policy, "we", "us", and "our" refer to Zhecker Technologies Private Limited. "You" refers to clinics, receptionists, doctors, and patients who use PulseDesk.

2. What data we collect

2.1 Clinic and staff data

When a clinic is onboarded to PulseDesk, we collect:

• Clinic name, address, phone number, and email address
• Names, email addresses, and phone numbers of doctors and receptionists
• Doctor schedules and OPD availability settings
• WhatsApp Business Account credentials (stored encrypted)

2.2 Patient data

When a patient books an appointment through PulseDesk (via WhatsApp or walk-in), we collect:

• Name and WhatsApp phone number
• Date of birth and gender (optional, collected during first booking)
• Appointment history with the clinic
• WhatsApp conversation messages related to booking and queue management

Patient data is strictly scoped to the clinic they interact with. A patient's data at one clinic is never shared with another clinic on PulseDesk.

2.3 Usage data

We automatically collect:

• Log data (IP addresses, browser type, pages visited, timestamps)
• Feature usage within the dashboard
• Queue events and appointment status changes (for analytics and audit trails)

3. How we use your data

We use the data we collect to:

• Provide and operate the PulseDesk platform
• Send appointment confirmations, reminders, and queue updates to patients via WhatsApp
• Enable receptionists to manage patient queues and appointments
• Improve platform performance and fix issues
• Comply with legal obligations under Indian law

We do not use patient data for advertising, profiling, or any purpose unrelated to clinic operations.

4. WhatsApp and Meta

PulseDesk uses the Meta WhatsApp Business Cloud API to send and receive messages on behalf of clinics. By using PulseDesk's WhatsApp integration:

• Messages sent through PulseDesk are subject to WhatsApp's Privacy Policy
• Message content is transmitted through Meta's infrastructure
• Each clinic's WhatsApp account is separately managed — we do not co-mingle message data across clinics
• Patients can opt out of WhatsApp communications by replying "STOP" to any message

5. Data storage and security

All PulseDesk data is stored on Supabase (PostgreSQL), hosted on secure cloud infrastructure. We implement the following security measures:

• Encryption at rest — all data is encrypted using AES-256
• Encryption in transit — all data transmission uses TLS 1.2 or higher
• Row-level security — each clinic can only access their own data
• Access controls — staff access is role-based (admin, receptionist, doctor)
• Credential encryption — WhatsApp access tokens are stored encrypted and never exposed via API responses

6. Data sharing

We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

• Service providers — with infrastructure providers (Supabase, Railway, Vercel) who process data on our behalf under strict data processing agreements
• Meta/WhatsApp — message data is transmitted through Meta's Cloud API as necessary to deliver WhatsApp communications
• Legal requirements — if required by Indian law, court order, or government authority

7. Data retention

• Appointment and patient records are retained for the duration of the clinic's subscription plus 12 months after termination
• WhatsApp message logs are retained for 90 days
• Queue event logs are retained for 24 months for analytics purposes
• After the retention period, data is permanently deleted from all systems

8. Your rights

Under the Information Technology Act, 2000 and applicable Indian data protection regulations, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Withdraw consent for WhatsApp communications

To exercise any of these rights, contact us at support@pulsedesk.in. We will respond within 30 days.

9. Children's privacy

PulseDesk is not directed at children under the age of 13. We do not knowingly collect personal data from children. If a child's data is submitted as part of a clinic's patient records, it is processed solely in the context of their medical appointment.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify clinics of material changes by email and post the updated policy on this page with a revised effective date. Continued use of PulseDesk after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related queries or to exercise your rights: