Privacy Policy
Last updated: 2 June 2026
PhysioFlow is a clinic-management platform provided by Amar Gupta (sole proprietor) (“we”, “us”). It helps physiotherapy clinics manage patient files, attendance, billing, and appointments. This policy explains what data we process and why, in line with India’s Digital Personal Data Protection Act, 2023 (DPDP).
Who is responsible
The clinic is the data fiduciary (controller) of its patients’ personal and health data. PhysioFlow acts as a data processor, processing data only on the clinic’s instructions and to operate the platform.
What we collect & why
- Clinic & staff: name, email, mobile, GSTIN — to run the account.
- Patients: name, age/DOB, sex, contact, weight/height, treatment & billing records — to deliver care and meet billing/medical-record obligations.
- Consent is recorded at the time a patient file is created.
Retention
Medical and financial records are retained for the period required by law (IMC Professional Conduct Regulations — at least 3 years; longer where other rules apply). An erasure request redacts non-required personal data but does not destroy records still within their legal retention window.
Your rights
Patients may request access, correction, or erasure of their data (subject to the retention rules above) by contacting their clinic, which holds the patient relationship. Clinics and staff may exercise the same rights over their account data by contacting us.
Sharing & security
Data is processed by the following sub-processors to run the service:
- Supabase (database, authentication, file storage)
- Vercel (application hosting)
- Razorpay (online payment processing for appointment bookings)
- Sentry (error monitoring)
- Resend (transactional email)
Where a clinic enables online appointment payments, card details are handled by Razorpay — we never store card numbers. Platform subscription fees are arranged offline. Access is restricted by row-level security so a clinic sees only its own data. Data is encrypted in transit (HTTPS) and at rest. We do not sell personal data.
Grievances & contact
For privacy questions about the PhysioFlow platform, or to raise a grievance, contact our Grievance Officer, Amar Gupta, at theamargupta.tech@gmail.com. Patients should first contact their clinic, which is the fiduciary for their data.
See also our Terms of Service.