PhysioKer is operated by an individual founder registered in Kerala, India. We are committed to protecting your personal data in accordance with India's Digital Personal Data Protection (DPDP) Act 2023 and applicable health data guidelines.

1. Who We Are

PhysioKer is a physiotherapy marketplace platform connecting patients with registered physiotherapists in Kerala. "We", "us", or "our" refers to PhysioKer. "You" refers to any patient, physiotherapist, or clinic using this platform.

2. What Data We Collect

Patients: Full name, phone number, district, locality, health complaint description, preferred visit time, and session ratings you submit voluntarily.

Physiotherapists: Full name, phone number, district, locality, professional registration ID (KAPC/IAP/NCAHP), KUHS roll number (for fresh graduates), specialisation, years of experience, clinic name, and subscription status.

Clinics: Clinic name, registration number, contact person, phone, district, locality, physiotherapist count, services offered, and subscription status.

Technical data: Device fingerprint hash (for fraud prevention only — not linked to identity), session logs, and audit events.

What we do NOT collect: GPS coordinates, precise location data, payment card details (handled by Razorpay directly), or any biometric data.

Browser storage: This app uses your browser's localStorage and sessionStorage to remember your session state, improve performance, and (for physiotherapists and clinics) store earnings and revenue data locally for cross-device sync. A one-way hashed device fingerprint is stored for fraud prevention. You can clear this data at any time by clearing your browser data or signing out.

3. Why We Collect It (Purpose)

We collect only what is necessary to:

4. How We Protect Your Data

All data is transmitted over TLS 1.3. Our database provider (Supabase) applies AES-256 encryption at the infrastructure level — your data is encrypted at rest on Supabase-managed servers. Database access is further protected by Row-Level Security (RLS) policies — physiotherapists can only access data for their own assigned patients, not any other patient's data. Patient PINs are stored as one-way SHA-256 hashes and are never recoverable.

Clinical notes (SOAP format) are stored in a restricted table and are accessible only to the physiotherapist who created them. Patients cannot access clinical notes.

5. Who We Share Data With

We share the minimum necessary data with:

We never sell your data. We never share your data with advertisers.

6. Location Data

PhysioKer does not store GPS coordinates or real-time location data on our servers. Matching is based on the district you select at registration. After a physiotherapist accepts your case, you may choose to share your live location directly with them via Google Maps (a temporary link that expires — this never touches PhysioKer servers).

7. Your Rights Under DPDP Act 2023

As a data principal under India's DPDP Act, you have the right to:

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g. transaction records for GST compliance, which are retained for 7 years per Indian tax law).

9. Children

PhysioKer is not intended for use by persons under the age of 18. If a parent or guardian is booking on behalf of a minor for paediatric physiotherapy, the adult's account is used and the adult is the data principal.

10. Changes to This Policy

We may update this policy as the platform evolves. Material changes will be communicated via email to registered users at least 7 days before taking effect.

11. Contact / Grievance Officer

For data requests, deletion requests, or complaints:

PhysioKer
Palakkad, Kerala, India
Email: support@physioker.in
Response time: within 72 hours