Privacy Policy

Global Concierge Doctors Private Limited CIN: U86900KL2025PTC097930 | Incorporated under the Companies Act, 2013 | Kerala, India Effective Date: 1 May 2026 | Last Updated: 1 May 2026

Your privacy matters to us. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have. Please read it carefully before using our Platform.

This Privacy Policy ("Policy") describes how Global Concierge Doctors Private Limited (CIN: U86900KL2025PTC097930), a company incorporated under the Companies Act, 2013 and having its registered office at 7/510, 2nd Floor, Vadakel Building, Bharananganam, Meenachil - 686578, Kottayam, Kerala, India ("Company", "we", "us", or "our"), collects, uses, stores, discloses, and protects the personal data of individuals ("you", "your", or "User") who access or use the website www.globalconciergedoctors.com and any associated mobile application or digital platform (collectively, the "Platform").

This Policy is published in compliance with the Digital Personal Data Protection Act, 2023 ("DPDPA"), the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and all other applicable laws of India.

By accessing or using the Platform, you consent to the collection, use, and processing of your personal data as described in this Policy. If you do not agree with this Policy, please discontinue use of the Platform immediately.

1. Definitions

"Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDPA 2023.

"Sensitive Personal Data or Information" ("SPDI") includes passwords, financial information, physical and mental health data, biometric data, and medical records, as defined under the SPDI Rules.

"Data Fiduciary" means the Company, which determines the purpose and means of processing of Personal Data.

"Data Principal" means you, the individual whose Personal Data is being processed.

"Consent Manager" means a system through which a Data Principal may give, manage, review, and withdraw consent.

"Processing" means any operation performed on Personal Data, including collection, recording, storage, use, disclosure, sharing, transfer, or deletion.

"Third Party" means any person or entity other than the Company or the User.


2. Personal Data We Collect

We collect the following categories of personal data, depending on how you use the Platform:

2.1 Identity and Contact Data

Full name, date of birth, gender

Mobile number and email address

Residential address

Government-issued identification (where required for verification)

2.2 Health and Medical Data (Sensitive Personal Data)

  • Medical history, existing conditions, current medications

  • Diagnostic reports, lab results, imaging, and prescriptions uploaded by you

  • Symptoms, complaints, and health information shared during Consultations

  • Notes and recommendations generated by Healthcare Practitioners (HCPs) during Consultations

  • Mental health information, where disclosed voluntarily

2.3 Account and Transaction Data

  • Login credentials (stored in encrypted form)

  • Appointment booking history and Consultation records

  • Payment transaction details (processed through third-party payment gateways; we do not store card or bank account details)

2.4 Technical and Usage Data

  • IP address, browser type, device identifiers

  • Pages visited, time spent, click patterns, and navigation data

  • Cookies and similar tracking technologies (see Section 11)

  • Log data and error reports

2.5 Communications Data

  • Messages, queries, or feedback submitted through the Platform's contact forms or support channels

  • Records of consent given and withdrawn

2.6 Data Collected from Minors We do not knowingly collect personal data directly from individuals under 18 years of age. If a parent or guardian registers on behalf of a minor for consultation purposes, the parent or guardian is responsible for providing accurate information and consenting to this Policy on behalf of the minor. The Company processes such data solely for the purpose of facilitating the requested Consultation.

3. How We Collect Your Personal Data

  • We collect personal data through the following means:

  • Directly from you: when you register an account, book an appointment, upload medical records, participate in a Consultation, make a payment, or contact us.

  • Automatically: through cookies, web beacons, log files, and analytics tools when you access or navigate the Platform.

  • From HCPs: notes, summaries, or action plans generated during your Consultation.

  • From third-party services: identity verification providers, payment processors, or EMR systems, subject to their own privacy policies.

4. Purposes of Processing and Legal Basis

We process your personal data only for specific, lawful purposes. The table below sets out the key purposes and our legal basis under the DPDPA 2023 and applicable law:

Providing Services: To facilitate Consultations, appointment bookings, and related services — based on your consent and performance of a contract.

Account Management: To create, maintain, and manage your account — based on your consent.

Health Record Management: To store and share your uploaded medical records with HCPs for Consultation purposes — based on your explicit consent.

Payments: To process payments for Consultations — based on performance of a contract.

Communications: To send appointment confirmations, reminders, health updates, and platform notifications — based on your consent.

Marketing and Promotions: To send promotional content about our services — based on your consent, with the right to opt out at any time.

Safety and Legal Compliance: To comply with applicable laws, court orders, regulatory requirements, or to protect the rights of the Company or third parties — based on legal obligation or legitimate interest.

Platform Improvement: To analyse usage patterns and improve the Platform's features and performance — based on legitimate interest, using aggregated and anonymised data where possible.

Fraud Prevention: To detect, prevent, and address fraud, security breaches, and technical issues — based on legitimate interest.

We will not use your personal data for any purpose incompatible with those stated above without obtaining your fresh consent.

5. Processing of Sensitive Personal Data (Health Data)

Health and medical information is classified as Sensitive Personal Data or Information (SPDI) under the SPDI Rules and as personal data requiring heightened protection under the DPDPA 2023. We process your health data only:

  • with your explicit written consent, given at the time of upload or Consultation booking;

  • for the specific purpose of facilitating your Consultation with the relevant HCP;

  • to the extent necessary for the HCP to provide advisory opinions; and

  • in compliance with applicable medical confidentiality obligations under Indian law.

Global Concierge Doctors Private Limited | Privacy Policy © 2026 Global Concierge Doctors Private Limited. All rights

Your health data is never sold to third parties, used for advertising, or shared beyond the scope of your Consultation without your express consent. HCPs accessing your records are bound by professional confidentiality obligations under their medical registration and applicable law.

6. Disclosure and Sharing of Personal Data

6.1 With Healthcare Practitioners

Your personal data and uploaded health records are shared with the HCP(s) you book a Consultation with, to the extent necessary for them to provide their advisory opinion.

6.2 With Service Providers We engage trusted third-party service providers to support our operations, including:

  • cloud hosting and storage providers;

  • electronic medical record (EMR) system providers;

  • payment gateway operators;

  • video conferencing and communication platform providers;

  • analytics and platform performance tools; and

  • SMS, email, and WhatsApp communication service providers.

These service providers act as data processors under our instructions. We require them to maintain appropriate security standards and process your data only for the purposes we specify. They are contractually prohibited from using your data for their own purposes.

6.3 With MyAmerican Doctor (MyAD) — Cross-Border Specialist Opinions

Where you have specifically requested access to a US-based specialist opinion facilitated through our affiliated platform MyAmerican Doctor (MyAD), your relevant health records and query may be shared with MyAD and the relevant specialist. This involves a cross-border transfer of your personal data to the United States. Such transfer will only occur with your explicit prior consent, and the receiving party is required to maintain data protection standards consistent with applicable Indian law. You will be informed of this transfer at the time of booking.

6.4 With our Partner Organisations

Where you have been referred to the Platform through a partner organisation, your Consultation data may be shared with that organisation in aggregate, anonymised form for programme management purposes only, unless you have specifically consented to the sharing of individual-level data.

6.5 Legal and Regulatory Disclosures

We may disclose your personal data to government authorities, law enforcement agencies, or regulators where required or permitted by law, including in response to a court order, subpoena, or regulatory inquiry. We will notify you of such disclosures to the extent permitted by law.

6.6 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or substantially all of our assets, your personal data may be transferred to the successor entity. You will be notified of any such transfer and the privacy protections applicable to your data.

6.7 No Sale of Personal Data We do not sell, rent, or trade your personal data to any third party for commercial purposes.

7. Cross-Border Transfer of Personal Data

The Company is incorporated in India and processes your personal data primarily within India. Where your data is transferred outside India (for example, to facilitate US specialist opinions through MyAD, or where our cloud service providers operate servers outside India), such transfers are made:

  • with your explicit consent;

  • subject to contractual safeguards requiring the recipient to maintain data protection standards equivalent to those under Indian law; and

  • in compliance with any regulations notified by the Government of India under the DPDPA 2023 regarding cross-border data transfers.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following general retention periods apply:

Account and profile data: Retained for the duration of your account and for 3 years after account closure, or as required by applicable law.

Health and medical records: Retained for a minimum of 7 years from the date of the last Consultation, in compliance with applicable medical records regulations in India.

Payment records: Retained for 7 years in compliance with applicable financial and tax laws.

Technical and usage data: Retained for up to 12 months in identifiable form, then anonymised or deleted.

Communication data: Retained for 3 years or until withdrawal of consent, whichever is earlier.

Upon expiry of the applicable retention period, your personal data is securely deleted or anonymised. You may request early deletion of your data subject to the limitations set out in Section 9.

9. Your Rights as a Data Principal

Under the DPDPA 2023 and other applicable laws, you have the following rights in respect of your personal data:

9.1 Right to Access

You have the right to obtain confirmation of whether we are processing your personal data and to receive a summary of the personal data we hold about you, along with information about the processing activities.

9.2 Right to Correction and Erasure

You have the right to request correction of inaccurate or incomplete personal data and to request erasure of personal data that is no longer necessary for the purpose for which it was collected, or where consent has been withdrawn and there is no other legal basis for processing.

9.3 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Please note that withdrawal of consent for processing of health data may limit or prevent us from providing certain Services.

9.4 Right to Grievance Redressal

You have the right to a readily available and effective means of redressal in respect of any act or omission of the Company relating to your personal data. See Section 13 for how to raise a grievance.

9.5 Right to Nominate

You may nominate another individual to exercise your rights under the DPDPA 2023 on your behalf in the event of your death or incapacity.

9.6 How to Exercise Your Rights

To exercise any of the above rights, please contact us at contact@globalconciergedoctors.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

10. Data Security

We implement reasonable technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

  • encryption of data in transit (TLS/SSL) and at rest;

  • access controls limiting data access to authorised personnel on a need-to-know basis;

  • regular security assessments and vulnerability testing;

  • secure deletion procedures for data no longer required; and

  • contractual requirements for third-party service providers to maintain appropriate security standards.

Despite our efforts, no method of transmission over the internet or electronic storage is completely secure. In the event of a personal data breach that is likely to result in risk to your rights or interests, we will notify you and the relevant authorities as required by applicable law.

You are responsible for maintaining the security of your account credentials. Please do not share your password or OTP with any person, including Company employees.

11. Cookies and Tracking Technologies

The Platform uses cookies and similar tracking technologies (web beacons, pixel tags, local storage) to enhance your browsing experience and to help us understand how the Platform is used. The following types of cookies may be used:

Strictly necessary cookies: Required for the Platform to function. These cannot be disabled.

Functional cookies: Remember your preferences and settings to personalise your experience.

Analytics cookies: Collect aggregated information about how Users interact with the Platform, to help us improve it.

Marketing cookies: Used to deliver relevant content and promotional messages (only with your consent).

You may control or disable non-essential cookies through your browser settings or the cookie preference centre on the Platform. Disabling certain cookies may affect the functionality of the Platform. For more information, please refer to our Cookie Policy on the Platform.

12. Third-Party Websites and Services

The Platform may contain links to third-party websites, EMR systems, payment gateways, and video conferencing tools. This Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service you access through the Platform. The Company is not responsible for the privacy practices or content of third-party websites or services.

13. Grievance Redressal

In accordance with the IT Act, the IT (Intermediary Guidelines) Rules, 2021, and the DPDPA 2023, the Company has designated a Grievance Officer to address complaints and queries relating to the processing of your personal data.

Grievance Officer: Sony Joseph

Email: contact@globalconciergedoctors.com

Address: 7/510, 2nd Floor, Vadakel Building, Bharananganam, Meenachil - 686578, Kottayam, Kerala, India

Response Time: Complaints will be acknowledged within 24 hours and resolved within 30 days of receipt.

If you are not satisfied with the resolution provided by the Grievance Officer, you may escalate your complaint to the Data Protection Board of India once it is constituted under the DPDPA 2023.

14. Children's Privacy

Global Concierge Doctors Private Limited | Privacy Policy © 2026 Global Concierge Doctors Private Limited. All rights reserved.Page 8 The Platform is intended for use by individuals aged 18 years and above. We do not knowingly collect personal data directly from children under 18. Where a parent or guardian registers on behalf of a minor for Consultation purposes, the guardian provides and controls all personal data. If we become aware that we have inadvertently collected personal data from a minor without appropriate guardian consent, we will take prompt steps to delete such data. Please contact us at contact@globalconciergedoctors.com if you believe we have collected data from a minor without appropriate consent.

15. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, the Platform's features, or applicable law. Any changes will be posted on the Platform with an updated "Last Updated" date. Where changes are material, we will provide notice through the Platform or by email. Your continued use of the Platform after the revised Policy is posted constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.

16. Governing Law and Jurisdiction

This Policy is governed by the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts at Ernakulam, Kerala, India, subject to the dispute resolution provisions in our Terms and Conditions.

17. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us at:

Global Concierge Doctors Private Limited

7/510, 2nd Floor, Vadakel Building, Bharananganam, Meenachil - 686578, Kottayam, Kerala, India

CIN: U86900KL2025PTC097930

Email: contact@globalconciergedoctors.com

Website: www.globalconciergedoctors.com

Personalized concierge medical care with global access to US specialists. Your health, our priority.

Home

Disclaimer: This service does not replace emergency medical care. For emergencies, please call your local emergency services immediately.

Quick Links

© 2026 Global Concierge Doctors. All rights reserved.

Legal & Support