AIMCare — Privacy Policy

Introduction

AIMCare ("we", "our", "us") is a Hospital Management Information System developed and operated by AIMDek Technologies. This Privacy Policy explains how we collect, use, store, share, and protect information when you use the AIMCare platform — including our web application, mobile applications, and associated services available at aim-care.health.

By accessing or using AIMCare, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our platform.

01 Who this policy applies to

This Privacy Policy applies to four classes of user across the AIMCare platform:

Healthcare Facilities

Hospitals, clinics, nursing homes, and diagnostic centres that subscribe to AIMCare.

Healthcare Professionals

Doctors, nurses, pharmacists, lab technicians, and administrative staff who use AIMCare.

Patients

Individuals whose health information is recorded and managed through AIMCare by a subscribing healthcare facility.

Visitors

Individuals who visit aim-care.health without logging in.

02 Information we collect

2.1 · Information provided by healthcare facilities

When a hospital or clinic subscribes to AIMCare, we collect:

Organisation name, address, contact details, and registration documents
GSTIN, PAN, and other tax identification numbers
Bank account details for billing and payment processing
Names and contact details of authorised administrators and staff

2.2 · Information provided by healthcare professionals

When a doctor, nurse, or staff member uses AIMCare, we collect:

Full name, designation, and department
Login credentials (email address and encrypted password)
Medical council registration number (for doctors)
Contact number and email address
Activity logs — actions performed within the platform

2.3 · Patient health information

AIMCare processes patient health information on behalf of the subscribing healthcare facility. This includes:

Demographic information — name, date of birth, gender, address, contact number
Unique Health ID (UHID) and ABHA number (if linked)
Medical history, diagnoses (ICD-10 coded), and clinical notes
Prescriptions, medications, and drug administration records
Laboratory and radiology investigation orders and results
Vital signs and clinical observations
Inpatient admission, ward, bed, and discharge records
Insurance policy details and claim information
Billing and payment records
Consent forms and medico-legal documentation

Note

AIMCare acts as a data processor for patient health information. The subscribing healthcare facility is the data controller and is responsible for obtaining appropriate patient consent for data collection and processing.

2.4 · Technical and usage information

When you access AIMCare, we automatically collect:

IP address and device information
Browser type and operating system
Pages visited and features used within the platform
Login timestamps and session duration
Error logs and system performance data

03 How we use your information

We use the information collected for the following purposes:

3.1 · Providing the platform

Operating, maintaining, and improving the AIMCare platform
Enabling clinical workflows — patient registration, consultation, prescription, lab ordering, billing, and discharge
Generating clinical documents — prescriptions, lab reports, discharge summaries, and invoices
Sending automated notifications — appointment reminders, lab result alerts, and discharge summaries via SMS, WhatsApp, and email

3.2 · Billing and account management

Processing subscription payments from healthcare facilities
Generating GST-compliant invoices for subscriptions and services
Managing renewal reminders and account status

3.3 · Compliance and legal obligations

Maintaining audit trails as required by NABH, NABL, and applicable healthcare regulations
Supporting medico-legal case documentation as required by law
Complying with requests from government authorities, courts, or regulatory bodies when legally required

3.4 · Security and fraud prevention

Monitoring for unauthorised access or suspicious activity
Maintaining system security and data integrity
Responding to security incidents and data breaches

3.5 · Platform improvement

Analysing aggregated, de-identified usage data to improve platform features
Conducting internal research and analytics to enhance clinical workflows

Our promise

We do not use patient health information for advertising, marketing, or commercial profiling purposes.

04 How we store your data

4.1 · Data location

All data collected and processed through AIMCare is stored on servers located in India, in compliance with applicable data localisation requirements and the National Health Authority's (NHA) data governance framework.

4.2 · Security measures

We implement the following technical and organisational security measures to protect your data:

🔒

AES-256 at rest All stored data encrypted

⚡

TLS 1.3 in transit Browser ↔ server encrypted

👥

Role-based access Data limited by role & dept

🛡

Multi-factor auth Available for every account

📜

Tamper-proof audit Every action logged forever

💾

Daily backups Automated, offsite-stored

👁

24×7 monitoring Intrusion detection live

4.3 · Data retention

Data type	Retention period
Patient health records	Minimum 7 years from last encounter (per Medical Council guidelines)
Medico-Legal case records	Indefinitely — cannot be deleted
Billing and financial records	8 years (per GST and Income Tax requirements)
Audit trail logs	7 years
User account data	Duration of subscription + 1 year
System and access logs	1 year

Upon termination of a healthcare facility's subscription, data is retained for 90 days to allow for export and handover, after which it is securely deleted unless a longer retention period is required by law.

05 How we share your information

Never

We do not sell, rent, or trade any personal or health information to third parties.

We may share information in the following limited circumstances:

5.1 · Service providers

We work with carefully selected third-party service providers who assist in operating the AIMCare platform. These include:

Cloud infrastructure providers (for hosting and storage)
SMS and WhatsApp gateway providers (for notifications)
Email service providers (for system emails)
Payment processing partners (for subscription billing)

All service providers are bound by data processing agreements requiring them to maintain confidentiality, use data only for the specified purpose, and comply with applicable data protection laws.

5.2 · Government and regulatory bodies

We may disclose information to government authorities, courts, law enforcement agencies, or regulatory bodies when:

Required by applicable law or court order
Necessary for medico-legal case investigation
Required by the National Health Authority (NHA) or other regulatory authorities under applicable healthcare regulations

5.3 · Healthcare facility's authorised personnel

Patient health information is accessible only to authorised staff of the subscribing healthcare facility based on their assigned role and department. AIMCare enforces strict role-based access controls to limit data access to only what is necessary for each role.

5.4 · Emergency situations

In a genuine medical emergency where patient safety is at immediate risk, relevant health information may be shared with treating healthcare professionals to protect the life of the patient.

06 Patient rights

As a patient whose health information is processed through AIMCare, you have the following rights. These rights are exercised through the healthcare facility that manages your records:

01

Right to Access

Request access to your health records held by the healthcare facility.

02

Right to Correction

Request correction of inaccurate or incomplete health information.

03

Right to Portability

Request a copy of your health records in a standard readable format.

04

Right to Information

Know what information is held about you and how it is used.

05

Right to Consent

Health information is processed only with appropriate consent obtained by the treating facility.

06

Right to Withdraw

Withdraw consent where it is the basis for processing — subject to clinical and legal obligations.

To exercise any of these rights, please contact the healthcare facility where you received treatment. AIMCare will assist the healthcare facility in responding to your request.

07 Cookies & tracking

AIMCare uses the following types of cookies and tracking technologies on aim-care.health:

Cookie type	Purpose	Can be disabled
Essential	Required for login, session management, and platform security	No · required to function
Functional	Remember your preferences and settings within the platform	Yes
Analytics	Understand platform usage to improve it (aggregated, anonymous data only)	Yes

We do not use advertising or tracking cookies. We do not share analytics data with advertising networks.

08 Third-party links

AIMCare may contain links to third-party services such as government portals (e.g. NHA, GST portal), insurance portals, and laboratory equipment interfaces. We are not responsible for the privacy practices of these third-party services. We recommend reviewing their privacy policies before using them.

09 Children's privacy

AIMCare is a healthcare platform that may process health information of paediatric patients (children under 18 years of age) as part of hospital operations. Such processing is conducted strictly for clinical care purposes, under the authority of the subscribing healthcare facility, and with appropriate consent from the child's parent or legal guardian as required by applicable law.

10 Data breach notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:

Notify the affected facility without undue delay and within 72 hours of becoming aware of the breach.
Provide details of the nature of the breach, data affected, likely consequences, and measures taken or proposed.
Assist the facility in notifying affected patients where required by applicable law.
Cooperate with relevant regulatory authorities as required.

11 Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices, platform features, or applicable laws. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Notify subscribing healthcare facilities by email at least 30 days before the changes take effect
Display a prominent notice on the AIMCare platform

Continued use of AIMCare after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

Contact our Data Protection Officer

Questions, requests, or concerns about this Privacy Policy or your data?

Email dev-operations@aim-care.health

Phone +91 98798 56334

Address 907 Times Square 1, Thaltej – Shilaj Road, Nr. Baghban Party Plot, Ahmedabad, 380059

We aim to respond to all enquiries within 5 business days.