How Hello Chitty protects patient data under Indian healthcare regulations
Last updated: April 5, 2026
Our commitment: Hello Chitty is built specifically for the Indian healthcare market. We comply with all applicable Indian data protection and healthcare regulations. All patient and clinic data is stored exclusively on servers located in India. We never sell, misuse, or share patient data with any third party.
As a Data Fiduciary processing personal data of Indian citizens, Hello Chitty complies with all DPDPA requirements including lawful purpose and consent, purpose limitation, data minimisation, storage limitation, data principal rights, and grievance officer appointment. All personal data is stored on Google Cloud Platform's Mumbai (asia-south1) region.
We implement reasonable security practices as prescribed under IS/ISO/IEC 27001, classify health-related booking information as sensitive personal data, publish our privacy policy publicly, obtain informed consent before collecting data, and follow intermediary due diligence requirements.
Our practices align with ABDM's Health Data Management Policy including health data privacy, consent-based data sharing, data portability, and purpose-specific access.
We encourage all clinics registered on Hello Chitty to hold valid registration, display accurate information, and maintain adequate patient records as required by the Act.
Our platform operates as a booking intermediary and does not provide medical advice. Category selections are used only for clinic discovery, not as medical guidance.
In the event of a data breach, Hello Chitty will notify the Data Protection Board of India within 72 hours, notify affected users via WhatsApp and email within 72 hours, provide details of the breach and remediation steps, and implement additional safeguards.