Privacy Policy

We collect information you provide directly to us and information generated automatically when you use our platform.

We use the information we collect for the following purposes:

• Booking & Scheduling: To confirm appointments, match you with the right therapist, and send booking confirmations.
• Account Management: To create and manage your patient account, including login and booking history.
• Clinical Preparation: To share your stated primary concern with your assigned therapist so they can prepare for your session.
• Payment Processing: To process online payments securely via Razorpay and reconcile cash payments at the clinic.
• Communication: To send appointment reminders, updates, and responses to your enquiries.
• Service Improvement: To analyse usage patterns, improve our platform, and resolve technical issues.
• Legal Compliance: To comply with applicable laws, regulations, and lawful requests from government authorities.

We do not sell your personal data to third parties or use it for targeted advertising.

We share your information only in the following limited circumstances:

• Therapists: Your name, appointment time, session format, and primary concern are shared with the therapist assigned to your booking so they can deliver effective treatment.
• Razorpay: Payment-related data (name, phone, email, order amount) is shared with Razorpay to process online payments. Razorpay's privacy policy governs how they handle this data.
• Service Providers: Trusted infrastructure providers (hosting, database) who process data solely on our behalf under strict confidentiality agreements.
• Legal Obligations: Where required by law, court order, or to protect the rights, property, or safety of TrueHeal Physiotherapy, our staff, or our patients.

We take the security of your data seriously and implement appropriate technical and organisational measures, including:

• Passwords are hashed using industry-standard cryptographic algorithms (scrypt) — we never store plain-text passwords.
• All data transmission between your browser and our servers is encrypted via HTTPS/TLS.
• Online payments are handled entirely by Razorpay's PCI-DSS compliant infrastructure — your card or UPI details never touch our servers.
• Session tokens are managed securely using HTTP-only cookies.
• Access to patient data is restricted to authorised clinical staff only, based on their assigned role.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• Patient accounts and booking records are retained for a minimum of 7 years after your last appointment, in accordance with healthcare record-keeping requirements in India.
• Payment records are retained for the period required by applicable financial and tax regulations.
• If you request deletion of your account, we will delete or anonymise your personal data where we are not legally required to retain it, within 30 days of your request.

As a patient, you have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Password Reset: Update your account password at any time using your registered phone number through the Forgot Password page.
• Opt-out: Opt out of non-essential communications at any time by contacting us.

To exercise any of these rights, please contact us at admin@truehealphysiotherapy.com. We will respond within 30 days.

We use the following types of cookies:

• Essential Cookies: Required for authentication and maintaining your logged-in session. These cannot be disabled without affecting the functionality of the platform.
• Analytics Cookies: Used to understand how visitors interact with our platform so we can improve the experience. No personally identifiable data is shared with analytics providers.

We do not use advertising or cross-site tracking cookies. You can control cookies through your browser settings; however, disabling essential cookies will prevent you from logging into your account.

All online payments on the TrueHeal Physiotherapy platform are processed by Razorpay, a PCI-DSS compliant payment gateway. When you choose to pay online:

• You are redirected to Razorpay's secure checkout, which accepts UPI, credit/debit cards, net banking, and wallets.
• TrueHeal Physiotherapy receives only a payment confirmation (order ID, payment ID) — your card number, CVV, UPI PIN, or net banking credentials are never transmitted to or stored by us.
• Razorpay's own privacy policy and terms govern how your payment data is handled during the transaction.

For cash payments, your payment details are handled entirely in-person at the clinic and are not transmitted through our digital platform.

Our online platform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If a session is booked on behalf of a minor, the booking must be made by a parent or legal guardian, who accepts responsibility for the child's data under this policy.

If you believe we have inadvertently collected data from a child under 13 without parental consent, please contact us immediately at admin@truehealphysiotherapy.com and we will take prompt steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page.
• Notify registered patients via their registered phone number or email (if provided) where required by applicable law.

We encourage you to review this policy periodically. Your continued use of our platform after any changes constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

We aim to respond to all privacy-related enquiries within 30 business days.