Privacy Policy

Last updated: 2 June 2026

PhysioFlow is a clinic-management platform provided by Amar Gupta (sole proprietor) (“we”, “us”). It helps physiotherapy clinics manage patient files, attendance, billing, and appointments. This policy explains what data we process and why, in line with India’s Digital Personal Data Protection Act, 2023 (DPDP).

Who is responsible

The clinic is the data fiduciary (controller) of its patients’ personal and health data. PhysioFlow acts as a data processor, processing data only on the clinic’s instructions and to operate the platform.

What we collect & why

Retention

Medical and financial records are retained for the period required by law (IMC Professional Conduct Regulations — at least 3 years; longer where other rules apply). An erasure request redacts non-required personal data but does not destroy records still within their legal retention window.

Your rights

Patients may request access, correction, or erasure of their data (subject to the retention rules above) by contacting their clinic, which holds the patient relationship. Clinics and staff may exercise the same rights over their account data by contacting us.

Sharing & security

Data is processed by the following sub-processors to run the service:

Where a clinic enables online appointment payments, card details are handled by Razorpay — we never store card numbers. Platform subscription fees are arranged offline. Access is restricted by row-level security so a clinic sees only its own data. Data is encrypted in transit (HTTPS) and at rest. We do not sell personal data.

Grievances & contact

For privacy questions about the PhysioFlow platform, or to raise a grievance, contact our Grievance Officer, Amar Gupta, at theamargupta.tech@gmail.com. Patients should first contact their clinic, which is the fiduciary for their data.

See also our Terms of Service.