Privacy Policy

Effective Date: 13 March 2026 | Last Updated: 14 March 2026

Aurvikon ("we", "us", "our") operates the Clinic AI platform at app.aurvikon.com and related services including WhatsApp-based appointment automation. This Privacy Policy explains how we collect, use, store, and protect information when clinics and their patients use our service.

By creating an account or interacting with our WhatsApp-enabled services, you agree to the practices described in this policy.

1. Information We Collect

1.1 Clinic Account Data

When a clinic registers, we collect:

• Clinic name, owner name, email address, and password (hashed)
• Clinic settings: business hours, timezone, slot duration, specialisations
• WhatsApp Business configuration details (phone number ID, connection mode)
• Billing information processed through Razorpay (we do not store card numbers)

1.2 Patient Data

Through WhatsApp conversations and manual bookings, we collect:

• Patient phone number (WhatsApp number in E.164 format)
• Patient name (as provided during booking)
• Chat messages exchanged via WhatsApp related to appointment operations
• Appointment details: date, time, reason for visit, status

1.3 Documents and Uploads

• Prescription PDFs, invoice PDFs, and document templates uploaded by clinic staff
• These documents are created and managed by the clinic, not by Aurvikon

1.4 Technical and Log Data

• Server access logs, API request logs, error logs
• IP addresses, browser type, and device information
• Authentication session tokens (stored as secure HTTP-only cookies)

2. Purpose of Data Collection

We use the collected data to:

• Provide and operate the Clinic AI service (appointment booking, reminders, follow-ups)
• Send and receive WhatsApp messages on behalf of clinics
• Process payments and manage subscriptions
• Provide customer support and resolve issues
• Ensure platform security, prevent fraud, and detect abuse
• Improve service quality and fix technical issues
• Comply with legal obligations

3. WhatsApp and Meta Data Handling

Our service integrates with the Meta WhatsApp Cloud API to send and receive messages. When a patient messages the clinic's WhatsApp number:

• Meta delivers the message to our servers via webhook
• We store the message content, sender phone number, and metadata to process the conversation
• Outbound messages are sent via Meta's API and are subject to Meta's own data policies
• We follow WhatsApp Business messaging guidelines including the 24-hour messaging window

Aurvikon does not control Meta's data practices. Patients should review Meta's Privacy Policy for information on how WhatsApp handles their data.

4. Cookies and Sessions

We use essential cookies only, specifically secure HTTP-only session cookies for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies for service operation.

5. Data Sharing

We do not sell, rent, or trade personal data. We may share data with:

• Cloud hosting provider — our servers process and store data on cloud infrastructure
• Meta (WhatsApp Cloud API) — to send and receive WhatsApp messages
• Razorpay — to process subscription payments (Razorpay handles payment data directly)
• Law enforcement — if required by a valid legal order under Indian law

All third-party processors are selected for their security standards and are used only to operate the service.

6. Data Retention

• Account data: retained for the lifetime of the account plus 90 days after deletion
• Chat messages and conversation logs: retained for up to 24 months from creation
• Appointment records: retained for up to 24 months from the appointment date
• Uploaded documents: retained until deleted by the clinic or account closure plus 90 days
• Server logs: retained for up to 12 months
• Payment records: retained as required by Indian tax and financial regulations

Clinics may request deletion of their data at any time by contacting us (see Section 8).

7. Security Measures

• All data in transit is encrypted via HTTPS/TLS
• Passwords are hashed using industry-standard algorithms (Argon2)
• Authentication uses secure JSON Web Tokens with HTTP-only cookies
• WhatsApp credentials are encrypted at rest
• Database access is restricted to application services only
• We apply regular security updates to our infrastructure

8. Your Rights

Clinic owners and patients have the right to:

• Access — request a copy of your data held by us
• Correction — request correction of inaccurate data
• Deletion — request deletion of your data (subject to legal retention requirements)

To exercise these rights, email support@aurvikon.com with your registered email address and a description of your request. We will respond within 15 business days.

9. Children

Aurvikon's service is designed for clinic businesses and their staff. It is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If a clinic uses our service to manage appointments for minor patients, the clinic is responsible for obtaining appropriate parental or guardian consent.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered clinic accounts via email. The updated policy will be posted on this page with a revised "Last Updated" date. Continued use of the service after changes constitutes acceptance.

11. Contact

For privacy-related questions or requests: