Privacy Policy

1. Scope of This Policy

This Privacy Policy applies to all users of the WoWCare Service, including:

• Healthcare professionals and administrative staff (doctors, nurses, receptionists, lab technicians, administrators).
• Organization administrators who manage a hospital, clinic, or medical facility account.
• Patients whose data is entered and managed by an authorized healthcare provider on the platform.

This policy covers data collected through our website (wowcare.pro), web application, and Android mobile app.

2. Data We Collect

2.1 Account and Identity Data

• Full name, email address, phone number.
• Job role (doctor, nurse, receptionist, lab technician, patient, admin).
• Organization name and identifier.
• Profile photo (if uploaded).
• Login credentials (passwords are stored in hashed form; we never store plaintext passwords).

2.2 Patient and Clinical Data

Patient data is entered exclusively by authorized healthcare providers. This may include:

• Patient name, date of birth, gender, contact details, and identification numbers.
• Medical history, diagnoses, treatment notes, prescriptions, and lab results.
• Appointment records, referral information, and clinical workflow status.
• Vital signs, urgency classification, and triage notes.

Note: WoWCare is a B2B platform. Patient data is managed by and belongs to the healthcare organization using the Service. Patients themselves do not create accounts directly on the platform.

2.3 Mobile App Data

• Device identifiers (device model, OS version, app version).
• Session authentication tokens stored securely on device.
• App crash logs and error diagnostics (no personal health data is included in crash logs).
• Push notification tokens (if notifications are enabled).

The WoWCare Android app does not access your camera, microphone, contacts, or location unless explicitly required and disclosed in a future update with your permission.

2.4 Usage and Technical Data

• IP addresses, browser/device type, operating system.
• Pages visited, features used, session duration, and navigation patterns.
• Authentication events (login, logout, failed attempts).
• API request logs and error events for system monitoring.

2.5 Billing and Support Data

• Subscription plan, billing contact details, and payment records (processed by third-party providers; we do not store full card numbers).
• Support ticket history and communications.

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Contractual necessity: to deliver the Service you or your organization has subscribed to.
• Legitimate interests: to secure the platform, prevent fraud, and improve reliability.
• Legal obligation: to comply with applicable healthcare, tax, and data-protection laws.
• Consent: where required, for example for optional communications or analytics features.

4. How We Use Your Data

• Authenticate users and manage role-based access across the platform and mobile app.
• Enable healthcare workflows: patient management, appointment scheduling, staff attendance, lab results, and queue management.
• Deliver the mobile app experience with secure session management.
• Monitor system health, detect errors, and maintain platform security.
• Respond to support requests and provide technical assistance.
• Process subscription billing and issue invoices.
• Comply with legal, regulatory, and contractual obligations.
• Send transactional notifications (e.g., appointment reminders) where applicable.

We do not use patient clinical data for advertising, marketing, or data-brokering purposes.

5. Healthcare Data and Confidentiality

WoWCare processes sensitive health information. We treat this data with the highest level of care:

• Patient data is only accessible to authorized users within the same organization.
• Role-based access controls ensure that each staff member can only view data relevant to their role.
• We act as a data processor on behalf of the healthcare organization (the data controller) for patient records.
• We support healthcare organizations in meeting their compliance obligations under applicable regulations.
• Clinical data is never shared across organizations or used outside the scope of providing the Service.

6. Data Sharing and Third Parties

We do not sell personal data. We share data only as described below:

• Service providers and subprocessors: cloud hosting, database services, email delivery, payment processing, and crash analytics. These providers are bound by data processing agreements.
• Legal requirements: when required by applicable law, court order, or government authority.
• Business transfers: in the event of a merger, acquisition, or sale of assets, user data may transfer to the successor entity, subject to the same privacy protections.
• Aggregate analytics: we may share anonymized, non-identifiable usage statistics that cannot reasonably be linked to any individual.

7. Data Retention

We retain personal data for defined periods tied to account status, legal requirements, and operational needs. After the retention period, data is permanently deleted, anonymized, or aggregated.

8. Data Security

We implement the following technical and organizational measures to protect your data:

• All data in transit is encrypted using TLS (HTTPS) for web and mobile app communications.
• Passwords are stored using industry-standard one-way hashing algorithms (bcrypt or equivalent).
• Access to data is restricted through role-based access controls (RBAC).
• Authentication tokens are securely stored on the mobile device and invalidated on logout.
• Administrative access to production systems requires multi-factor authentication.
• We conduct security reviews and monitor for unauthorized access or anomalous activity.

While we apply strong safeguards, no system can guarantee absolute security. In the event of a data breach affecting your data, we will notify affected parties as required by applicable law.

9. Mobile Application — Specific Disclosures

• Data stored on device: the WoWCare Android app stores session authentication tokens locally in secure storage. No patient clinical records are persisted on device; data is fetched live from our servers on each session.
• Permissions: the app requests only the permissions necessary to operate (internet access for API calls). No camera, microphone, location, or contacts permission is requested unless a future feature requires it, and you will be explicitly prompted before any such permission is used.
• App updates: updates to the app may change functionality or data practices. Material changes will be reflected in an updated Privacy Policy.
• Account deletion from mobile: you may contact hello@wowsql.com to request account deletion. Data deletion is subject to the retention periods in Section 7.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data, subject to legal healthcare recordkeeping obligations.
• Data portability: request your data in a structured, machine-readable format.
• Restriction: request that we restrict processing in certain circumstances.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, or to submit an account deletion request, email us at hello@wowsql.com with the subject line "Privacy Request". We will respond within 30 days.

Note: for requests concerning patient records, the data controller is the healthcare organization that manages your records. Please contact your healthcare provider directly for requests relating to your clinical data.

11. Cookies and Tracking

The WoWCare web portal uses session cookies for authentication and essential platform functionality. We do not use third-party advertising or tracking cookies. The Android mobile app does not use browser cookies. We may use minimal analytics to understand feature usage in aggregate.

12. Children's Privacy

WoWCareis a B2B healthcare platform intended for use by licensed healthcare organizations and their staff. The Service is not directed at children under the age of 13 for personal use. We do not knowingly collect personal data directly from children. If a child's data is entered as part of a patient record, it is handled by the healthcare organization in accordance with applicable child data protection laws.

13. International Data Transfers

WoWSQL Technologies Private Limited is incorporated and operates primarily in India. If you access the Service from outside India, your data may be transferred to and processed in India or another country where our hosting providers operate. We ensure appropriate safeguards are in place for such transfers in line with applicable law.

14. Changes to This Privacy Policy

We may update this Privacy Policy as our Service evolves or as required by law. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify users via email or an in-app notice. Continued use of the Service after the updated effective date constitutes acceptance of the revised policy.