Privacy Policy
Last Updated: 01-07-2026
Welcome to Felixatouch (the "Application", "Services", "we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us at contact@intpurple.com.
When you use our Services, you trust us with your information. We take your privacy very seriously. In this privacy notice, we seek to explain in the clearest way possible what information we collect, how we use it, what rights you have, and how we comply with applicable laws, including the Digital Personal Data Protection Act, 2023 (DPDPA) of India.
By using Felixatouch, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Scope and Applicable Law
This Privacy Policy applies to Felixatouch clinic management and electronic medical record (EMR) services provided to healthcare providers and patients, particularly within India.
For users located in India, we process personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable healthcare-related regulations and guidelines. Depending on your location, other data-protection laws (such as those in the EEA, UK, or specific US states) may also apply.
2. What Information Do We Collect?
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise contact us.
2.1 Personal Data
- Name, date of birth, age, gender.
- Contact details such as email address, phone number, postal address.
- Demographic information and identifiers such as patient ID, hospital ID, or employee ID.
- Job-related details (for staff users) such as job title, department and role (doctor, nurse, front office, pharmacist, lab staff, admin).
2.2 Health and EMR Data
Because Felixatouch is a clinic and EMR platform, we process health information on behalf of healthcare providers. This may include:
- Medical history, diagnoses, clinical notes and visit summaries.
- Prescriptions, medications, dosages and treatment plans.
- Laboratory and imaging reports, scan results and diagnostic findings.
- Vitals and triage information (e.g., blood pressure, pulse, temperature, height, weight, SpO₂).
- Procedure records, discharge summaries, certificates (medical/fitness), and other clinical documents.
Where required, we may also process related information about caregivers or family members involved in your care (for example, as emergency contacts), strictly for healthcare and administrative purposes.
2.3 Credentials
Passwords, password hints and similar security information used for authentication and account access.
2.4 Information Automatically Collected
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (such as name or contact information) but may include:
- IP address, browser and device characteristics, operating system, language preferences.
- Referring URLs, device name, country, location, timestamps and usage patterns.
- Information about how and when you use our Services and other technical information.
This information is primarily needed to maintain the security and operation of our Services, and for internal analytics and reporting.
2.5 Children’s Data
Where we process personal data of children (under 18 years), we do so only for providing healthcare and related services, and—where required— with the involvement or consent of a parent or legal guardian, in line with DPDPA and relevant healthcare rules.
3. How Do We Use Your Information?
We use personal information collected via our Services for a variety of business and healthcare purposes. We process your personal information based on consent, performance of a contract, legitimate interests, and/or legal obligations, as allowed by applicable law, including DPDPA.
We use the information we collect or receive to:
- Facilitate account creation and log-on.
- Manage user accounts and keep them in working order.
- Provide and facilitate healthcare services to patients through clinics using Felixatouch, including registration, booking, queue management, consultation, EMR, pharmacy, laboratory, billing and discharge.
- Generate and maintain medical records, prescriptions, lab results, and other clinical documents as part of the treatment process.
- Respond to user inquiries and provide support, including troubleshooting, training and service improvement.
- Send administrative information, such as product, service and feature updates, and notices about changes to our terms, conditions and policies.
- Improve, monitor and secure the Services through analytics, quality audits and usage statistics (where possible using de-identified or aggregated data).
3.1 Emergency and Public Health Situations
In certain situations, such as medical emergencies threatening life or health, we may process and share personal data without prior consent where permitted by Indian law and DPDPA, in order to provide urgent care or comply with public health requirements.
4. Legal Basis for Processing
- Consent: When you have given specific consent for one or more purposes (e.g., use of your data for treatment, communication or optional features).
- Performance of a Contract: When processing is necessary to fulfil a contract with you or with the healthcare provider using Felixatouch.
- Legitimate Interests: When processing is reasonably necessary to achieve our legitimate business interests (e.g., securing our systems, improving workflows), and those interests do not override your rights and freedoms.
- Legal Obligations: When we are legally required to process or disclose information (e.g., court orders, statutory record-keeping, public health orders).
- Vital Interests: In emergencies, to protect life or serious health interests, in line with applicable law.
5. Will Your Information Be Shared with Anyone?
We only share information with your consent, to comply with laws, to provide you with services, to protect rights, or to fulfil business obligations.
We may share data with:
- Healthcare providers and their authorised staff (doctors, nurses, front office, pharmacy, lab, billing) as part of delivering care and managing the clinic.
- Third-party service providers acting as data processors, such as hosting providers, SMS/email gateways, payment processors, diagnostic integrations and analytics tools limited to service improvement. These providers are contractually bound to use your data only for specified purposes; follow our written instructions; implement appropriate technical and organisational security measures.
- Government authorities, regulators or courts where disclosure is required by law.
We do not sell your personal information.
6. How Long Do We Keep Your Information?
We keep your personal information only for as long as is necessary for the purposes described in this Privacy Policy, or for longer periods where required or permitted by law (for example, clinical record-keeping requirements, tax or accounting obligations).
Retention periods may vary depending on:
- statutory retention rules for medical records;
- contractual obligations with healthcare providers;
- legal limitation periods for claims;
- operational needs for audit and quality assurance (preferably using de-identified data).
When your data is no longer needed, we will either delete or anonymise it, or, if this is not possible (for example, because it is stored in backup archives), then we will securely store it and isolate it from any further processing until deletion is possible.
7. How Do We Keep Your Information Safe?
We implement appropriate technical and organisational security measures designed to protect the security of the personal information we process, such as:
- encryption in transit (HTTPS/TLS) and at rest where feasible;
- access controls and role-based permissions;
- regular backups and secure hosting;
- logging and monitoring of access to clinical data;
- staff training and confidentiality obligations.
However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. While we strive to protect your personal information, you share and access data at your own risk.
8. International Data Storage and Transfers
Your data may be stored on secure servers located in India or other countries. When we transfer personal data outside India, we use contractual safeguards, encryption, access controls and other measures to ensure a level of protection consistent with Indian data-protection requirements.
9. Data Breach Notification
If we become aware of a personal data breach that is likely to result in harm to individuals, we will take reasonable steps to contain and investigate the incident and, where required by law, notify the Data Protection Board of India and affected individuals within the timelines prescribed under DPDPA or other applicable laws.
10. Your Privacy Rights
10.1 General Rights (EEA, UK, certain other jurisdictions)
In some regions, you may have rights to:
- request access and obtain a copy of your personal information;
- request rectification or erasure;
- restrict the processing of your personal information;
- data portability;
- object to the processing of your personal information.
10.2 Rights for Users in India
If you are located in India, under the DPDPA you have rights to:
- Access: request a summary or copy of your personal data processed through Felixatouch.
- Correction: request correction or updating of inaccurate or incomplete data.
- Erasure: request erasure of data that is no longer necessary, or where you withdraw consent, unless retention is required by law.
- Consent Management: withdraw your consent for future processing (this will not affect past lawful processing based on consent).
- Grievance: raise a complaint about our data-handling practices and receive a response within statutory timelines.
- Nomination: nominate another individual to exercise your rights on your behalf, as permitted under the DPDPA.
To exercise any of these rights, please contact us using the details in the Contact Us and Grievance Officer section below. We may need to verify your identity before responding to your request.
11. Controls for "Do Not Track"
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.
At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalised, and our Services do not currently respond to DNT browser signals. We will update this section if a standard is adopted and we are able to implement it.
12. Updates to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date and will be effective as soon as it is accessible.
If we make material changes, we may notify you by:
- prominently posting a notice within the Application; or
- directly sending you a notification via email or other contact methods.
13. Contact Us and Grievance Officer / DPO
If you have questions or comments about this Privacy Policy, or wish to exercise your rights, you may contact us at:
Company Name: IntPurple Technologies LLP
Registered Address: Bangalore, Bahrain, UAE, UK, Malta, Kozhikode
Email: contact@intpurple.com
For users in India, you may also contact our Grievance Officer / Data Protection Officer:
Name: Faslu
Email: contact@felixatouch.com
Postal Address: NIT Campus P.O., Calicut Mukkam Road Kattangal, Kozhikode, Kerala, India, 673601
We will acknowledge and handle your request or complaint within the timelines required by applicable law, including the DPDPA.
