Privacy Policy

Personal Information

When you create an account, we collect your name, email address, phone number, date of birth, and gender. This information is necessary to provide our dermatology consultation services.

Health Information

To provide dermatological care, we collect skin condition descriptions, photos you upload, medical history relevant to skin health, treatment plans, prescriptions, and progress tracking data. This data is treated as sensitive health information and handled with the highest level of confidentiality.

Payment Information

When you pay for consultations, payment transactions are processed by our third-party payment processor (PhonePe). We do not store your credit card, debit card, or bank account details on our servers. We only retain transaction IDs and payment confirmation records necessary for billing and refund purposes.

Usage Data

We automatically collect device information (device model, operating system version), app usage patterns, IP address, and browser type. This helps us improve our services and troubleshoot issues.

We use advertising identifiers provided by your device's operating system. These identifiers may be collected by third-party attribution and analytics SDKs (such as Meta SDK) integrated in our app to measure the performance of our advertising campaigns. You can reset or opt out of advertising identifiers through your device settings.

We use the information we collect to:

• Provide and maintain our dermatology consultation platform
• Match you with appropriate dermatologists
• Facilitate video consultations and treatment plan creation
• Power our AI assistant (Cara) with relevant context (see dedicated section below)
• Track your treatment progress and maintain checklists
• Send appointment reminders and health notifications
• Process payments and manage billing
• Improve our services through anonymized analytics
• Measure advertising campaign performance and understand how users discover our platform
• Comply with legal and regulatory obligations

DermaGurus includes an AI-powered assistant called Cara that helps enhance your experience on the platform. Here is how Cara handles your data:

• What Cara accesses: Cara may access your skin condition descriptions, uploaded photos, medical history, and treatment progress data to provide contextual support such as reminders, skincare tips, and pre-consultation summaries.
• Data processing: Cara's AI capabilities are powered by third-party AI service providers. When your data is sent to these providers for processing, it is transmitted in encrypted form and is not used by the AI providers to train their models.
• Data storage: Conversations with Cara are stored on our servers to maintain continuity across sessions. You can request deletion of your Cara conversation history at any time.
• Limitations: Cara is not a medical professional and does not provide medical diagnoses, prescriptions, or treatment recommendations. Always rely on your consulting dermatologist for medical decisions.

We obtain your consent at the following points:

• Account creation: By signing up, you consent to the collection and processing of your personal information as described in this policy.
• Consultation initiation: By booking a consultation, you consent to sharing your health information with the assigned dermatologist.
• AI assistant usage: Cara's features are explained during onboarding, and usage implies consent to data processing as described above.

You may withdraw your consent at any time by contacting us at privacy@dermagurus.com. Withdrawal of consent may limit your ability to use certain features of the platform.

We do not sell your personal or health information to third parties. We may share your information in the following circumstances:

• With Dermatologists: Your health information is shared with the dermatologists you consult with on our platform. Dermatologists are bound by medical confidentiality obligations and our platform's data handling agreements.
• Payment Processing: Payment transactions are handled by PhonePe. PhonePe processes your payment details under their own privacy policy. We share only the minimum information necessary to complete transactions (such as transaction amount and order ID).
• Cloud Hosting: Your data is hosted on secure cloud infrastructure provided by Amazon Web Services (AWS) and Google Cloud Platform (GCP).
• Analytics: We use Firebase Analytics to understand app usage patterns. Analytics data is anonymized and does not include your health information or personally identifiable details.
• Advertising & Attribution: We use Meta SDK and attribution tools to measure the performance of our advertising campaigns on platforms like Instagram. These tools may collect device identifiers and usage data to help us understand how users discover and interact with our platform. This data is used solely for ad performance measurement and is not used to build health-related advertising profiles.
• AI Services: As described in the AI Assistant section, limited data is shared with third-party AI providers for Cara's functionality, under strict data processing agreements.
• Legal Requirements: We may disclose information when required by law, regulation, or legal process, or to protect the rights, safety, and security of our users, DermaGurus, or the public.

Your data is stored on servers located in India. In cases where third-party service providers process data outside India (for example, AI service providers or cloud infrastructure with global distribution), we ensure that appropriate data protection safeguards are in place, including data processing agreements and encryption in transit and at rest.

We retain your data for the following periods:

• Account and personal data: Retained for as long as your account is active. Upon account deletion, personal data is permanently deleted within 30 days.
• Health records and consultation data: Retained for a period of 3 years from your last consultation, in compliance with applicable medical record-keeping requirements. After this period, health records are permanently deleted unless a longer retention is required by law.
• Payment records: Transaction records are retained for 7 years for accounting and tax compliance purposes.
• Usage and analytics data: Anonymized analytics data may be retained indefinitely. Identifiable usage data is deleted within 90 days.
• Cara conversation history: Retained for as long as your account is active and deleted within 30 days of account deletion or upon your request.

We implement industry-standard security measures to protect your data:

• End-to-end encryption for all video consultations
• AES-256 encryption for stored health data
• Regular security audits and penetration testing
• Strict access controls and authentication protocols
• Secure cloud infrastructure with data redundancy

You have the right to:

• Access: View your personal and health data stored on our platform.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your account and all associated data. You can initiate account deletion directly from the app under Settings > Account > Delete Account, or by emailing privacy@dermagurus.com.
• Data Portability: Export your data in a portable format.
• Opt-out: Opt-out of non-essential communications and marketing notifications.
• Withdraw Consent: Withdraw consent for data processing at any time, subject to the limitations described in the Consent section.

To exercise any of these rights, you may use the in-app settings or contact us at privacy@dermagurus.com. We will respond to your request within 30 days.

Our website uses essential cookies to ensure functionality. We use analytics cookies (via Firebase Analytics) to understand how visitors interact with our website. Analytics data is anonymized. You can control cookie preferences through your browser settings.

We use Meta Pixel and attribution SDKs to measure the effectiveness of our advertising campaigns on platforms such as Instagram. These tools may place cookies or use device identifiers for campaign measurement purposes only. They are not used to build health-related advertising profiles or to target users based on health data.

DermaGurus is not intended for users under 18 years of age. Minors may use the platform only with parental or guardian consent and supervision. We do not knowingly collect information from children under 13. If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and sending a notification through the app or email. We encourage you to review this policy periodically.

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: privacy@dermagurus.com
• Address: Bengaluru, Karnataka, India