PraxisPulse
← Back to Settings

Legal

Data Processing Agreement (DPA)

Effective 1 June 2026 · DPDP Act, 2023 compliant

This DPA forms part of the Terms of Service between your clinic ("Data Fiduciary") and PraxisPulse Technology Pvt. Ltd., a unit of Aarka Ventures, SAS Nagar ("Data Processor") for the processing of patient data under India's Digital Personal Data Protection Act, 2023.

1. Roles

  • You (the clinic / doctor) are the Data Fiduciary for the patient personal data uploaded to PraxisPulse.
  • PraxisPulse is the Data Processor, processing patient data only on your documented instructions, solely to provide business analytics, recall reminders, and operational insights for your clinic.

2. Purpose of Processing

Processing is limited to:

  • Generating business intelligence dashboards and AI-powered insights.
  • Surfacing operational recommendations (recalls, churn risk, slot utilisation).
  • Sending WhatsApp recall/reminder messages on your behalf, only when you enable that feature.
  • Internal benchmark statistics computed on anonymised, aggregated data only.

3. Categories of Data Subjects & Data

Patients of your clinic. Categories: name, mobile, email (optional), date of birth, gender, address, chief complaint, appointment history, treatment history, ticket size, occupation (optional).

4. Sub-Processors

PraxisPulse may engage the following sub-processors strictly under written confidentiality and DPDP-aligned obligations:

  • AWS Mumbai / Supabase Mumbai — hosting & database.
  • Anthropic (Claude) — column-mapping inference on upload (no patient personal data retained by Anthropic per its API policy).
  • Resend — transactional email delivery.
  • AiSensy (when enabled) — WhatsApp Business API message dispatch.

We will notify you 30 days in advance of any new sub-processor.

5. Security Measures

  • HTTPS everywhere; TLS 1.2+.
  • Encryption at rest for all clinic and patient data.
  • Per-clinic tenant isolation enforced at every query.
  • Role-based access; audit logs on every destructive action.
  • Indian-region hosting (data residency).
  • Regular automated backups; tested restore.

6. Breach Notification

PraxisPulse will notify the clinic within 72 hours of becoming aware of a personal data breach affecting clinic / patient data, including details, scope, and mitigation steps, in line with DPDP Act, 2023 requirements.

7. Rights of Data Principals

PraxisPulse will assist you, as Data Fiduciary, to respond to data-principal requests (access, correction, erasure, grievance) within DPDP timelines. Patient-initiated requests should be routed to you, the Data Fiduciary, in the first instance.

8. Audit Right

You may request, no more than once per year, a written summary of our security controls and audit logs relevant to your clinic data, by emailing support@praxispulse.in.

9. Return / Deletion on Termination

On termination, identifiable clinic and patient data is purged within 7 days. You may request a one-time data export prior to that date. Aggregated, de-identified statistics may be retained for benchmark analytics.

10. Governing Law

Indian law. Disputes subject to courts at Mohali (SAS Nagar), Punjab.

11. Acceptance

You accept this DPA implicitly upon (a) accepting the Terms of Service at signup, and (b) ticking the consent box every time you upload a CSV. A signed counterpart copy is available on request to support@praxispulse.in.

Made with Emergent