Skip to content
CronoCare
Legal

Privacy Policy

Your medical records are among the most sensitive data you have. This policy explains exactly what CronoCare collects, why, and the control you keep over it.

Last updated: 5 June 2026

This Privacy Policy describes how CronoCare ( "CronoCare", "we", "us") handles your information when you use the CronoCare mobile application and this website (together, the "Service"). We have written it to align with India's Digital Personal Data Protection Act, 2023 (the "DPDP Act").

1. Who we are

CronoCare is a personal health-records application that lets you store your medical documents privately and share specific records with doctors you choose. For the personal data you provide, we act as a Data Fiduciary under the DPDP Act. You can reach our grievance contact at grievance@cronocare.tech.

2. Information we collect

  • Account information. Your phone number (used to sign in via a one-time passcode), your role (patient or doctor), and basic profile details you choose to add, such as your name and gender.
  • Health documents. The files you upload (lab reports, prescriptions, scans and similar) along with the title, type and date you give them. These are special-category personal data and we treat them with heightened care.
  • Sharing & link data. The doctors you link with and the specific documents you choose to share with each of them.
  • Activity & audit logs. Records of key actions (uploads, links, shares, views, downloads, revocations and deletions) kept to keep your account secure and to show you who accessed what.
  • Technical data. Limited device and log information (such as app version and error logs) needed to operate and secure the Service.

3. How we use your information

  • To provide the core Service: storing your records and enabling the sharing you direct.
  • To authenticate you and keep your account and documents secure.
  • To maintain an audit trail of access for your safety and transparency.
  • To respond to your support requests and to send essential service messages.
  • To comply with applicable law and to detect, prevent and address abuse or security incidents.

We never sell your data, and we never use your medical records for advertising or profiling.

4. The legal basis for processing

We process your personal data based on your consent and to provide the Service you have requested. Sharing a document with a doctor happens only when you actively choose to do so. You may withdraw consent at any time, as described below.

5. How sharing works

Your documents are private by default. A doctor can see a document only when both of the following are true: you have linked with that doctor, and you have switched on sharing for that specific document. Each access is permission-checked, logged, and served through a short-lived link that expires shortly after it is opened. You can unshare a record or unlink a doctor at any time, which immediately ends their access.

6. Storage, security & location

  • Documents are stored with managed encryption on infrastructure hosted in India.
  • Files are never public and are not indexed by search engines.
  • Access is controlled by a single permission rule enforced consistently across the Service.
  • We apply technical and organisational safeguards appropriate to the sensitivity of health data.

7. Data retention

We keep your information for as long as your account is active or as needed to provide the Service. When you delete a document it is removed from sharing immediately and scheduled for permanent erasure. When you delete your account, we erase your personal data and documents, except where we must retain limited records to meet a legal obligation.

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct or update inaccurate or incomplete information.
  • Erase your data and delete your account.
  • Withdraw consent for processing or sharing.
  • Nominate another individual to exercise your rights in the event of death or incapacity, as provided under the DPDP Act.
  • Raise a grievance with us, and escalate to the Data Protection Board of India.

To exercise any of these rights, email privacy@cronocare.tech.

9. Children

Where you add records on behalf of a child or a person for whom you are the lawful guardian, you confirm you are authorised to do so. We process children's data only with verifiable parental or guardian consent and do not use it for tracking or targeted advertising.

10. Third-party services

We use a small number of trusted service providers (for example, cloud hosting and message delivery for one-time passcodes) strictly to operate the Service. They process data on our instructions and under appropriate safeguards.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you in the app.

12. Contact us

Questions about your privacy? Email privacy@cronocare.tech or our grievance officer at grievance@cronocare.tech.