VaiRam
Back

Privacy Policy

Last updated: 1 May 2026

VaiRam ("we", "us") is committed to protecting your privacy under the Digital Personal Data Protection Act, 2023 (DPDP Act). This page explains what we collect, why, and your rights.

1. Data we collect

  • Account: phone number, name, date of birth, gender, preferred language.
  • Health intake: answers to our wellness questionnaire — sensitive personal data, encrypted at rest and only viewable by doctors you consult.
  • Orders: shipping address, payment method (tokenized by Razorpay — we never see your card number), order history.
  • Consultations: chat transcripts and doctor-issued summaries.
  • Device: IP address, user agent, basic analytics for product improvement.

2. Why we collect it (purpose)

Each piece of data is collected for a specific purpose under DPDP §6 — to fulfil orders, enable medical consultations, comply with the Telemedicine Practice Guidelines (March 2020), and meet GST/tax obligations. We do not use your data for purposes beyond these without fresh consent.

3. Where it lives

All personal data is stored in Indian data centres (Mumbai region — Supabase Postgres, Redis Cloud, Cloudflare R2). We do not transfer your personal data outside India.

4. Your rights (DPDP §11–§14)

  • Access: request a copy of your data — email contact@vairam.com.
  • Correction: edit your profile and address book directly in the app.
  • Erasure: request account deletion. Order and consultation records that we are legally required to retain (Telemedicine Guidelines: 3 years; GST: 8 years) will be retained but archived from active systems.
  • Withdraw consent: for marketing or non-essential processing at any time.
  • Grievance: see the Grievance Officer page.

5. Sharing

We share data only with the doctor you consult, the courier handling your shipment (name + address only), Razorpay for payment, and SMS/email providers for transactional messages. We do not sell your data, ever.

6. Retention

Account: until you delete it. Consultation records: 3 years from issuance (Telemedicine Practice Guidelines, March 2020). Orders/invoices: 8 years (GST). Chat logs: 1 year unless under active dispute.

7. Security

TLS in transit, AES-encrypted at rest, JWT-based auth with short-lived access tokens. Sensitive health answers are stored in encrypted JSON fields, accessible only to the consulting doctor. We follow industry best practices but no system is impenetrable — please report any concern to security@vairam.com.

8. Children

VaiRam services are for users 18 and older.

9. Changes

We will notify you in-app of any material change to this policy and (where required by DPDP) request fresh consent.

Privacy Policy — VaiRam