Skip to main content
How It WorksFor ProvidersAboutInstitutionsResources
Get Started

Privacy Policy

Last updated: 24 March 2026

1. Who We Are

Aptcure is a technology platform operated by Aptcure Health Technologies that connects families navigating neurological recovery with verified rehabilitation specialists for home-based care.

  • Registered address: [To be updated before launch]
  • CIN: [To be updated before launch]
  • Contact: support@aptcure.com

2. What Data We Collect

Account Data

Name, phone number, email address, city, and role (patient/caregiver or provider).

Health Data

Patient condition details, exercise logs, pain scores, clinical assessment scores (Barthel Index, Tinetti, FIM, PHQ-9, grip strength), recovery progress data, session notes, and care plans.

Payment Data

UPI ID, transaction records, payment history, and invoices. We do not store full card numbers — payment processing is handled by PCI-DSS compliant third-party processors.

Device Data

Device type, operating system, app version, device identifiers, and push notification tokens.

Usage Data

Feature usage patterns, session duration, screen views, and interaction data to improve the platform experience.

3. Why We Collect It

  • Account creation and authentication — to verify your identity and provide secure access.
  • Care delivery — specialist matching, exercise plan creation, progress tracking, and clinical assessments.
  • Payment processing — to process session payments, issue refunds, and settle provider earnings.
  • Communications — exercise reminders, session alerts, SOS notifications, and care updates.
  • Platform improvement — to analyse usage patterns, improve features, and fix issues.
  • Legal compliance — to fulfil our obligations under applicable Indian law.

4. How We Use Health Data

Health data is treated with the highest level of sensitivity. Specifically:

  • Shared with your assigned providers — your rehabilitation specialist and care team can access your health data to deliver and coordinate care.
  • Recovery score calculation — clinical assessment data is used to compute recovery scores and track progress over time.
  • Institutional partners — health data is shared with referring hospitals or institutional partners only with your explicit consent.
  • Research — anonymised and aggregated health data may be used for clinical research only with opt-in consent. You can withdraw this consent at any time.

5. Data Sharing

We share your data only as necessary for the purposes described in this policy:

  • Rehabilitation providers — for care delivery and clinical coordination.
  • Payment processors — for transaction processing (Razorpay or similar PCI-DSS compliant processors).
  • Cloud infrastructure — data is hosted on AWS India region (ap-south-1, Mumbai).
  • Institutional partners — only with your explicit consent, for care continuity and outcome tracking.

We do not sell your personal or health data to any third party, ever.

6. Data Retention

  • Active accounts — data is retained for the duration of active care plus 3 years, in line with medical record-keeping requirements under Indian law.
  • Account deletion — upon receiving an account deletion request, personal data is deleted within 30 days. Certain data may be retained longer where required by law.
  • Anonymised data — data that has been fully anonymised (such that it can no longer identify you) may be retained indefinitely for research and platform improvement purposes.

7. Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian law, you have the right to:

  • Access — request a summary of the personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data, subject to legal retention requirements.
  • Withdrawal of consent — withdraw consent for data processing at any time. This may affect your ability to use certain platform features.
  • Nomination — nominate a representative to exercise your data rights on your behalf.
  • Portability — request your data in a structured, machine-readable format.
  • Grievance redressal — file a complaint with our Grievance Officer or the Data Protection Board of India.

To exercise any of these rights, contact us at support@aptcure.com.

8. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption in transit — all data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at rest — all stored data, including health records, is encrypted using AES-256.
  • Access controls — role-based access controls ensure only authorised personnel can access your data.
  • Audit logging — all access to sensitive data is logged and auditable.
  • Security framework — our security practices are aligned with the ISO 27001 framework.

9. Children's Data

For patients under the age of 18, we require verifiable consent from a parent or legal guardian before collecting or processing any personal or health data. The parent or guardian must create and manage the account on behalf of the minor. If we become aware that data has been collected from a child without appropriate consent, we will take steps to delete it promptly.

10. Cross-Border Data Transfers

Your data is primarily stored on AWS servers in the Mumbai region (ap-south-1), India. Certain third-party service providers (such as email delivery, analytics, or error monitoring services) may process data in other jurisdictions. Where cross-border transfers occur, we ensure adequate protection through contractual safeguards and compliance with applicable Indian data protection regulations.

11. Cookies

The Aptcure website uses essential cookies only, required for basic site functionality such as session management. We do not use third-party tracking cookies or advertising cookies. Our mobile applications do not use cookies.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDPA 2023, we have appointed a Grievance Officer:

  • Name: [To be updated before launch]
  • Email: support@aptcure.com
  • Response time: within 30 days of receiving your complaint

If you are not satisfied with the resolution, you may file a complaint with the Data Protection Board of India.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Aptcure app and by email. The updated policy will be posted on this page with a revised "Last updated" date. Your continued use of the platform after such changes constitutes your acceptance of the revised policy.

14. Contact Us

For questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at support@aptcure.com.