Sampurna icon
SampurnaComplete Healthcare Platform
Start Free

Privacy Policy

Last updated: May 2026

1Who We Are

Sampurna Swasthya Pvt. Ltd. ("Sampurna", "we", "our") operates the Sampurna clinic management platform at sampurna.app. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA).

2Data We Collect

We collect the following categories of data:

  • Clinic owner data: Name, email, phone, clinic details, billing information
  • Patient data: Name, phone, date of birth, health records, prescriptions, billing — entered by the clinic
  • Usage data: Log data, session activity, device information for platform improvement

3How We Use Your Data

  • To provide and operate the Sampurna platform
  • To send appointment reminders and notifications (with consent)
  • To process payments via Razorpay
  • To improve platform features and reliability
  • To comply with legal obligations under Indian law

4Patient Health Data

Patient health data is owned by the clinic (data fiduciary). Sampurna acts as a data processor and stores this data securely on behalf of the clinic. We do not access, read, or analyze patient health records except for technical support when explicitly authorized by the clinic owner. Patient consents are recorded and stored in an append-only log as required by DPDPA 2023.

5Data Sharing

We do not sell personal data. We share data only with:

  • Supabase — database and authentication infrastructure
  • Razorpay — payment processing
  • MSG91 / WhatsApp — notification delivery (message content only, no health data)
  • Legal authorities — when required by Indian law

6Data Security

All data is encrypted in transit (TLS) and at rest. Access is controlled via Row Level Security (RLS) ensuring clinics can only access their own data. We use industry-standard security practices and conduct regular security reviews.

7Data Retention

Patient health records are retained for a minimum of 7 years as required by NMC guidelines. After account termination, data is available for export for 30 days, then permanently deleted.

8Your Rights (DPDPA 2023)

As a data principal under DPDPA 2023, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Erase your personal data (subject to legal retention requirements)
  • Withdraw consent for processing
  • Nominate a person to exercise rights on your behalf

To exercise these rights, contact us at privacy@sampurna.app.

9Cookies

We use only essential session cookies required for authentication. We do not use advertising or tracking cookies. Session replay is permanently disabled to protect patient privacy.

10Changes to This Policy

We may update this policy periodically. We will notify clinic owners of material changes via email at least 30 days before they take effect.

11Contact

Data Protection Officer: Dr. Sarang Patil
Email: privacy@sampurna.app
Address: Sampurna Swasthya Pvt. Ltd., Pune, Maharashtra, India

Chat with us