Logo
Legal Document

Privacy Policy

Effective starting: April 1st, 2026

RecordRx – Incerebrum

1OVERVIEW

This Privacy Policy explains how Incerebrum (“we”, “us”, “our”) collects, uses, and protects personal data in connection with the RecordRx platform (“Services”).

We are committed to protecting personal data and complying with applicable data protection laws, including the Digital Personal Data Protection Act, 2023.

2SCOPE

This Privacy Policy applies to:

  • Visitors to our website (www.recordrx.in)
  • Customers (clinics, healthcare providers)
  • Users of the RecordRx platform

3ROLES & RESPONSIBILITIES

  • Customers (Clinics / Healthcare Providers): Act as data controllers (or data fiduciaries)
  • Incerebrum: Acts as a data processor on behalf of customers

RecordRx processes patient data solely on behalf of healthcare providers. Customers are responsible for obtaining necessary consents from patients and ensuring lawful processing.

3AWEBSITE VS PLATFORM DATA

This Privacy Policy applies to both our website and the RecordRx platform. However, the role of Incerebrum differs depending on the context:

  • Website (www.recordrx.in): Incerebrum acts as a data controller for information collected directly from visitors.
  • RecordRx Platform: Incerebrum acts as a data processor, processing personal data (including patient data) on behalf of its customers (healthcare providers).

Different legal obligations apply depending on the context in which data is collected and processed.

4INFORMATION WE COLLECT

4.1 Information Provided by Customers

  • Patient information (name, contact details)
  • Medical records, prescriptions, and history
  • Appointment and billing information

4.2 User & Account Information

  • Name, email, phone number
  • Login credentials (securely stored)
  • Role and access permissions

4.3 Automatically Collected Information

  • Device and browser information
  • IP address and log data
  • Usage analytics

5HOW WE USE INFORMATION

We use personal data to:

  • Provide and operate the Services
  • Manage appointments, billing, and records
  • Improve platform performance and features
  • Provide support and communicate with users
  • Ensure security and prevent misuse
We do not sell personal data.

5ALEGAL BASIS FOR PROCESSING

We process personal data based on:

  • Performance of a contract (to provide the Services)
  • Compliance with legal obligations
  • Legitimate interests such as improving, maintaining, and securing the Services
  • Consent, where required under applicable law

6DATA SHARING

We may share data with:

  • Service providers (e.g., cloud hosting, infrastructure providers)
  • Legal authorities, where required by law

All third parties are bound by confidentiality and data protection obligations.

6ASUB-PROCESSORS

We may engage trusted third-party service providers (“sub-processors”) to support delivery of the Services, such as cloud hosting, analytics, and communication tools.

A list of key sub-processors may be provided upon request.

All sub-processors are contractually bound to implement appropriate data protection and security measures consistent with applicable law.

7DATA SECURITY

We implement industry-standard security measures, including:

  • Encryption (in transit and at rest)
  • Access controls and authentication
  • Monitoring and logging

We follow industry-recognized security practices to protect personal data from unauthorized access, disclosure, alteration, or misuse.

While we take reasonable steps to protect data, no system is completely secure.

7ASENSITIVE DATA

The Services may involve processing of sensitive personal data, including health information, solely on behalf of Customers.

Incerebrum does not independently determine the purpose of such processing and acts strictly in accordance with customer instructions.

8DATA RETENTION

  • Data is retained for the duration of the customer relationship
  • Upon termination, data may be retained for a limited period for backup, legal, or compliance purposes
  • Data is securely deleted thereafter in accordance with internal policies

9YOUR RIGHTS

Depending on applicable law, individuals may have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Request deletion of data

Requests relating to patient data should be directed to the relevant healthcare provider (Customer). We assist our customers in fulfilling such requests where required.

10COOKIES & TRACKING

We may use cookies or similar technologies to:

  • Improve user experience
  • Analyze website usage

Users can manage cookie preferences through their browser settings.

11INTERNATIONAL DATA TRANSFERS

Data may be processed outside India. Where applicable, we ensure appropriate safeguards are implemented in accordance with applicable data protection laws.

12UPDATES TO THIS POLICY

We may update this Privacy Policy from time to time. For material changes:

  • We will provide notice on our website
  • Continued use of the Services constitutes acceptance of the updated policy

13CONTACT & GRIEVANCE REDRESSAL

For privacy-related queries or grievances, please contact:

Email: recordrx@incerebrum.in

We will respond within a reasonable timeframe in accordance with applicable law.