Privacy policy

Last updated: April 5, 2026

1. Information we collect

From patients (WhatsApp users)

• Phone number — provided by WhatsApp when you message us. Used solely for communication and booking.
• Name — from your WhatsApp profile. Used only for booking confirmation.
• Location — only when you explicitly share it. Used only to find nearby clinics. We do not track your location or store it permanently.
• Booking history — clinics you have booked with, dates, and times. Used only for appointment management and reminders.
• Category selections — the medical category you choose. Used only to find the right type of clinic. Never shared externally.
• Saved clinics — clinics you choose to save as favourites. Stored for your convenience only.

From clinics (registered businesses)

• Clinic name, address, phone, email, services, and fees
• Owner name and login credentials (password stored as encrypted hash — we cannot read your password)
• Booking and analytics data
• Payment information (processed by Razorpay — we never store card details, bank details, or UPI IDs)

2. How we use your data

We use your data for one purpose only: to help you find and book clinic appointments. Specifically:

• Finding clinics — Your location is used solely to find nearby clinics within the radius you choose. It is never stored permanently or shared externally.
• Managing bookings — Your phone number and name are shared only with the specific clinic you choose to book with.
• Sending reminders — We send WhatsApp reminders before your appointment.
• Service improvement — We use anonymised, aggregated statistics to improve search quality. This data cannot identify any individual.

3. What we will never do with your data

• Never sell your data to advertisers, data brokers, or any third party
• Never use your data for targeted advertising, profiling, or behavioural tracking
• Never share your personal information with third parties for marketing
• Never track your location continuously
• Never send promotional messages unless you explicitly opt in
• Never allow third-party ad trackers or analytics tools that profile users

4. Data storage — India only

All data is encrypted at rest using AES-256 encryption. All data in transit is protected by TLS 1.3 encryption. Passwords are stored as cryptographic hashes.

5. Data retention and deletion

• Location data — used only during the active search session, not stored permanently
• Booking data — retained for 12 months after the appointment date, then automatically deleted
• Account data — retained as long as your account is active. You can request deletion at any time

Request complete deletion of all your data at any time by contacting anilkumar@hellochitty.com. We will process your request within 72 hours.

6. Third-party services

• WhatsApp (Meta) — for messaging. Messages are end-to-end encrypted.
• Google Cloud Platform (India region) — for data storage and hosting. All data stays in India.
• Razorpay — for clinic subscription payments only. RBI-regulated and PCI-DSS compliant.
• OpenWebNinja — for clinic search. Receives only GPS coordinates — no personal data.

7. Your rights under DPDPA

• Right to access — Request a copy of all data we hold about you
• Right to correction — Update or correct any inaccurate information
• Right to erasure — Request complete deletion of your account and all associated data
• Right to grievance redressal — File a complaint if your data rights have been violated
• Right to withdraw consent — Withdraw consent at any time by sending "STOP" on WhatsApp or emailing us

8. Children's privacy

Hello Chitty is not intended for use by individuals under 18 years of age without parental consent. If a parent books a pediatric appointment for a child, the parent's data is used for the booking.

9. Grievance officer

• Email: anilkumar@hellochitty.com
• Response time: Within 48 hours
• Resolution time: Within 30 days

10. Contact us

• Privacy team: anilkumar@hellochitty.com
• General support: anilkumar@hellochitty.com
• Office: Hyderabad, Telangana, India