Privacy Policy | PhysioWay - Home Physiotherapy in Ahmedabad

1. Introduction

PhysioWay ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our home physiotherapy management platform at www.physioways.com, in compliance with India's Digital Personal Data Protection Act (DPDP Act), 2023 and other applicable data protection laws.

2. Data Controller

PhysioWay, founded by Dr. Rajavi Dixit, acts as the data controller for the personal data processed through our platform. For any questions regarding your data, please contact us at contact@physioways.com or call +91 6353202177.

3. Information We Collect

3.1 Patient Information

When you register as a patient, we collect:

Full name, email address, phone number
Date of birth, age, and gender
Address, city, state, and postal code
Emergency contact details (name, phone number, and relationship)
Medical history, disease/condition, and referral information
Treatment location preference (home or clinic)
Residential area for therapist matching

3.2 Therapist Information

When you register as a therapist, we collect:

Full name, email address, phone number
Profile photographs (two required for verification)
Aadhaar number (12-digit) for identity verification
Professional license number or alternative identification
Certification and verification documents
Specialization, years of experience, and professional background
Residential address and preferred service areas

3.3 Health and Treatment Data

Assessment reports and treatment plans
Session records, progress notes, and patient feedback
Therapist daily analytical reports
Appointment scheduling and session codes
Session ratings and patient notes

3.4 Location Data

With your explicit consent, we collect precise location data (GPS coordinates) for the following purposes:

Patient Home Location: To record and verify where home-based physiotherapy treatments are conducted
Therapist Visit Tracking: To verify therapist arrival and attendance at patient locations during scheduled appointments
Safety Monitoring: To ensure the safety of both patients and therapists during home visits
Proximity Alerts: To alert administrators if a therapist is near a patient's location outside of scheduled appointment times (safety feature)

Important: For therapists, location permission is required during home visits and is permanent once granted as a condition of providing home-based services. Patients may optionally share their home location for improved service delivery.

3.5 Technical Data

IP address and device information
Browser type and version
Login timestamps and session data
Audit logs of platform activity

4. User Roles and Data Access

Our platform supports four user roles, each with different data access levels:

Patients: Can view their own appointments, treatment plans, progress, and session history
Therapists: Can access assigned patient records, submit session reports, and view their schedules. Therapist accounts require admin approval before full access is granted
Doctors: Can oversee patient treatment plans, add patients to the platform, and review therapist reports. Doctor accounts require verification and approval
Administrators: Have full platform access for operational management, safety monitoring, and compliance

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under the DPDP Act, 2023:

Consent: For location data collection, marketing communications, and optional data sharing
Contract Performance: To provide our physiotherapy management and scheduling services
Legal Obligation: To comply with healthcare regulations and maintain medical records as required by law
Legitimate Interests: For safety monitoring (proximity alerts), fraud prevention, and service improvement

6. Data Security

We implement robust security measures including:

File encryption: Therapist profile photos, certification documents, and verification documents are stored using encrypted file fields
HTTPS encryption for all data in transit
Role-based access controls tied to user roles (Patient, Therapist, Doctor, Admin)
Comprehensive audit logging for all platform activity
Account approval workflows for therapists and doctors before granting access
Session codes (e.g., PT-YYYYMMDD-XXXX) for secure appointment tracking

7. Data Retention

In compliance with the DPDP Act 2023, we retain your data for the following periods:

Medical & Treatment Records: 7 years after last treatment (as required by healthcare regulations)
Location Data: Retained only for the duration needed for safety monitoring and visit verification
Account Data: Until account deletion request is processed
Audit Logs: Retained for compliance and security purposes

Soft Deletion & Data Retention Override

When you request account deletion, your data is soft-deleted (marked as inactive) rather than permanently erased. This ensures compliance with medical record retention requirements. Data may be retained beyond the deletion request if there is a legal or medical obligation to do so. After the 7-year retention period, data becomes eligible for permanent deletion.

8. Your Rights Under DPDP Act, 2023

You have the following rights regarding your personal data:

Right to Access: Request a summary of your personal data and how it is being processed
Right to Correction: Request correction of inaccurate or incomplete data. Therapists can submit profile change requests that require admin approval
Right to Erasure: Request deletion of your data, subject to medical record retention requirements
Right to Grievance Redressal: File a complaint with our Data Protection Officer or the Data Protection Board of India
Right to Withdraw Consent: Withdraw consent for optional data processing at any time

To exercise any of these rights, please contact us at contact@physioways.com. We will respond within 30 days.

9. Data Sharing and Disclosure

We may share your data with:

Assigned Healthcare Providers: Your assigned therapists and doctors can access relevant treatment data through the platform
Technology Partner: Codingbull Technovations Pvt. Ltd (Codingbullz) provides our technology infrastructure and may have access to data for technical support and maintenance purposes
Legal Authorities: When required by law or to protect vital interests

We do not sell your personal data to third parties.

10. Payment Information

PhysioWay accepts payments through both online methods (UPI, bank transfer) and offline methods (cash). We maintain payment records and session history within the platform for your reference. We do not store any bank account numbers, credit card details, or other sensitive financial instrument data on our platform.

11. Cookies and Tracking

We use essential cookies and local storage to maintain your login session and application preferences. We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes via email or through our platform. Continued use of our services after such changes constitutes acceptance of the updated policy.

13. Governing Law

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act (DPDP Act), 2023 and the Information Technology Act, 2000. Any disputes shall be subject to the exclusive jurisdiction of courts in Ahmedabad, Gujarat, India.

14. Contact Us

For any privacy-related questions or to exercise your rights, please contact:

PhysioWay

Founded by Dr. Rajavi Dixit

Email: contact@physioways.com

Phone: +91 6353202177

Service Areas: Ahmedabad, Gujarat, India

You also have the right to lodge a complaint with the Data Protection Board of India if you believe your data protection rights have been violated.

Terms and Conditions|Home