Cureocity Health Tech LLP
Privacy Policy
Effective 7 July 2026
This notice explains what personal data Cureocity Health Tech LLP ("we") processes when a therapist or doctor uses Cureocity Mind, why, who we share it with to run the service, and the rights you have under India's Digital Personal Data Protection Act, 2023 (DPDP).
Who is responsible for your data
Cureocity Health Tech LLP is the data fiduciary for account data of the clinicians who sign up. For the clinical records a clinician creates about their patients, the clinician is the fiduciary and we act as their data processor, handling that data only on their instructions and to provide the service.
What we process, and why
Account data — name, email, phone, professional registration details, and billing information — to create and secure your account and take payment.
Clinical data you create — session audio you record, the transcripts and notes generated from it, diagnoses, treatment plans, questionnaire scores, and messages shared with patients — to provide the documentation and measurement-based-care features. Session audio is processed to produce a transcript and is retained only as long as needed to generate and let you review the note.
Usage and diagnostic data — logs and error reports — to keep the service reliable and secure.
Who we share it with (sub-processors)
We do not sell your data or use it for advertising. We do share it with the service providers below strictly to operate Cureocity Mind. Each is bound by contract to protect it and use it only for the service:
- Google Cloud (Vertex AI, Gemini) — transcription and clinical drafting. Audio transcription runs in the asia-south1 (Mumbai) region for data residency.
- Google Firebase — sign-in and authentication.
- Neon — the managed PostgreSQL database that stores your records.
- Vercel — application hosting and delivery.
- WATI (WhatsApp), SendGrid (email), and Twilio (SMS/voice) — to deliver the patient-facing content you choose to share.
- Razorpay — to process subscription payments.
- Sentry — application error monitoring.
Some of these providers may process data outside India. Where that happens we rely on the cross-border processing consent you give at sign-up and on contractual safeguards, and you may withdraw that consent (which may limit some features).
How we protect it
Access is restricted to your own tenant — one clinician cannot see another's records. Sensitive patient identifiers are encrypted at rest, traffic is encrypted in transit, and patient-facing links use unguessable tokens and are excluded from search engines. Every material action is written to an audit log.
Your rights under the DPDP Act
You have the right to:
- access a summary of the personal data we process about you;
- correct or complete inaccurate or incomplete data;
- request erasure of your data (we act on it unless we must retain something to meet a legal obligation);
- withdraw a consent you previously gave; and
- nominate another person to exercise these rights on your behalf.
Clinicians can exercise access, correction, and erasure for their patients' records from within the app. For your own account data, contact our Grievance Officer at shamil@cureocity.in.
Changes to this notice
We will update this page when our processing changes and revise the effective date above. Material changes to how we use your data will be notified in the app.