Legal

Privacy Policy

Last updated: February 2026

1. Introduction

NexOPD AI Assistant ("NexOPD", "we", "our", "us") is committed to protecting the privacy of patients, doctors, and clinic administrators who use our platform. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our services.

By using NexOPD, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our services.

2. Information We Collect

2.1 Information You Provide

  • Account registration details (name, email, phone number, clinic information)
  • Patient health information (PHI) entered by authorised clinic staff
  • Visit notes, prescriptions, and clinical records
  • Payment and billing information (processed by Razorpay — we do not store card details)
  • Support requests and correspondence

2.2 Automatically Collected Information

  • Log data (IP address, browser type, pages visited, timestamps)
  • Device information (device type, operating system)
  • Cookies and session identifiers necessary for platform operation

3. How We Use Your Information

  • To provide, operate, and improve the NexOPD platform
  • To process AI-assisted clinical notes and summaries on your behalf
  • To send appointment reminders, OTPs, and operational notifications via WhatsApp/SMS
  • To manage subscriptions and process payments
  • To respond to support requests and enquiries
  • To detect and prevent fraudulent or unauthorised activity
  • To comply with applicable legal obligations

4. Data Security

We implement industry-standard security measures to protect your data:

  • AES-256 field-level encryption for all Protected Health Information (PHI)
  • Blind indexes for secure, encrypted patient search without exposing plaintext data
  • TLS encryption for all data in transit
  • Role-based access controls ensuring staff only access data relevant to their clinic
  • Regular security audits and vulnerability assessments

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal data. We may share information with:

  • AI inference providers (Groq) — anonymised visit notes for generating AI summaries; no PHI is sent
  • Payment processors (Razorpay) — billing and subscription management only
  • Messaging providers (Twilio) — for WhatsApp OTPs and appointment reminders
  • Legal authorities — when required by law or to protect our rights

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Patient health records are retained for a minimum of 7 years in compliance with Indian Medical Council regulations. You may request deletion of your account data at any time, subject to legal retention obligations.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to or restrict certain processing activities
  • Data portability (export your clinic's records)

To exercise these rights, contact us at info@nexopd.com.

8. Cookies

We use strictly necessary session cookies for authentication and CSRF protection. We do not use third-party tracking cookies or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. Continued use of NexOPD after such changes constitutes your acceptance of the revised policy.

10. Contact Us

For privacy-related questions or concerns, please contact:
NexOPD AI Assistant
Email: info@nexopd.com
Support: nexopd.in/support