Data Processing Agreement (DPA)

The Hospital is the Data Fiduciary for patient data and is responsible for obtaining valid consent. CareO acts only as a Data Processor, processing data on documented instructions from the Hospital, as embodied in the Service.

Processing covers the operation of the Service for the term of the subscription, plus a 60-day post-termination data-retention window for export.

Storing, organising, retrieving, transmitting and erasing personal data necessary for clinical documentation, billing, statutory reporting, security and customer support.

Patients (incl. minors via guardian), hospital users (doctors, optometrists, nurses, billing, admin, super-admin).

Hosting (AWS / Emergent platform), database (MongoDB Atlas), SMTP (Gmail Workspace), payment (Razorpay / PayU), SMS (MSG91 / TextLocal). All sub-processors are bound by equivalent confidentiality and security obligations. We notify Customers of any new sub-processor 30 days in advance.

TLS 1.2+ in transit; bcrypt + AES (Fernet) at rest for credentials & 2FA secrets; per-tenant database isolation; role-based access control; audit logs; 99.5% uptime target; encrypted off-site daily backups with 30-day retention.

We will notify the Hospital and (where required) the Data Protection Board of India within 72 hours of becoming aware of a personal-data breach, providing nature of breach, categories & approximate number of records affected, and mitigation measures.

All primary data is hosted in India. Disaster-recovery snapshots may briefly transit through Singapore / EU regions with equivalent contractual safeguards in place.

We provide tooling (CSV / JSON export, deletion API) so the Hospital can fulfil access, correction, portability and erasure requests within the timelines mandated by the DPDP Act.

The Hospital may, with reasonable notice and during business hours, audit our compliance with this DPA — including third-party reports, ISO/SOC certifications when available — once per year.