Privacy Policy

Bio Ecko is operated by Bio Ecko Healthcare LLP, 703 AVN Grand, Main Road, Ranchi, Jharkhand, India. This Privacy Policy applies to bioecko.com and all Bio Ecko software products and services.

By using Bio Ecko, you agree to the collection and use of information as described in this policy. We are committed to protecting your privacy and handling data with care, transparency, and respect for the sensitive nature of healthcare information.

We collect three categories of data:

Account data — When you register a facility or create a user account, we collect your name, email address, facility name, role, and billing information. This is required to provide you access to the platform.

Usage data — We collect information about how you interact with the platform, including pages visited, features used, error logs, and session duration. This data is used in aggregated form to improve the product.

Patient health data — Bio Ecko processes patient records, clinical notes, lab results, prescriptions, and billing data on behalf of registered healthcare facilities. The facility is the data controller for all patient data; Bio Ecko acts solely as a data processor under their instruction.

We use the data we collect to:

• Provide, maintain, and improve the Bio Ecko platform
• Authenticate users and manage access controls
• Process billing and subscription management
• Provide technical support and respond to queries
• Generate aggregated, anonymised product analytics (never individual-level patient analytics)
• Comply with legal and regulatory obligations

We do not use patient health data for any purpose other than delivering the service to the registered healthcare facility.

We do not sell, rent, or trade your data. We share data only under the following circumstances:

• Supabase — Our database and authentication infrastructure provider. Data is stored and processed within Supabase's cloud infrastructure.
• Payment processors — Billing information is processed by our payment gateway provider. We do not store full card details.
• Email and SMS delivery — Transactional notifications (appointment reminders, OTP) are sent via third-party delivery services.
• Legal compliance — We may disclose data when required by law, court order, or regulatory authority.

All Bio Ecko data is stored in cloud infrastructure located in India. We apply industry-standard security controls including:

• AES-256 encryption for all data at rest
• TLS 1.3 for all data in transit
• Role-based access controls with least-privilege enforcement
• Immutable audit logs for all data access and modifications
• Regular security assessments and penetration testing

Access to production systems is restricted to authorised Bio Ecko personnel who have completed security training and use multi-factor authentication.

Bio Ecko processes patient health information — including demographic data, clinical records, lab results, prescriptions, and billing records — solely under the instruction of the registered healthcare facility. The facility is the data controller for all patient records.

Patient data is never used for advertising, product analytics, machine learning training, or any purpose other than enabling the facility to deliver care. We do not cross-reference patient data between different facility accounts.

Bio Ecko complies with the Ayushman Bharat Digital Mission (ABDM) Health Data Management Policy and applicable provisions of India's Information Technology Act 2000 and the Digital Personal Data Protection Act 2023.

Bio Ecko uses essential session cookies to maintain your authenticated session. These cookies are strictly necessary for the platform to function and cannot be disabled.

We do not use third-party advertising cookies, cross-site tracking, or social media tracking pixels. Product analytics are collected in aggregated, anonymised form and do not identify individual users.

You have the following rights regarding your account data:

• Access — Request a copy of the data we hold about you
• Rectification — Correct inaccurate or incomplete account data
• Portability — Export your account and facility data in a machine-readable format
• Deletion — Request deletion of your account data

To exercise any of these rights, contact us at hello@bioecko.com. We will respond within 30 days. Note that some data may be retained where we have legal obligations to do so.

Account and facility data is retained for the duration of your active subscription plus 90 days following termination, during which you may request a full data export.

Patient health records are retained for as long as required by the registered healthcare facility, subject to their own data retention policies and applicable Indian law. Facilities are responsible for ensuring their retention periods comply with applicable medical records regulations.

Audit logs are retained for a minimum of 7 years in accordance with healthcare compliance standards.

For privacy-related questions, data requests, or concerns, contact us at:

Bio Ecko Healthcare LLP
703 AVN Grand, Main Road
Ranchi, Jharkhand, India
Email: hello@bioecko.com