Back to Home
Data Protection

Privacy Policy

DPDP Act 2023 Aligned · Last updated May 27, 2026

1. Our Role and Commitment

BookLine Life ("BookLine", "we", "us") operates as a Data Fiduciary under the Digital Personal Data Protection Act (DPDP Act) 2023 of India for the booking, appointment, and payment data processed through the BookLine platform. For data that clinics independently collect outside of BookLine (such as medical records or in-person registration logs), the clinic acts as the Data Fiduciary and BookLine has no role.

We are committed to handling your data lawfully, transparently, and only for the purposes described in this policy.

Our Privacy Promise

We built BookLine for patients and clinics in tier-2 India who deserve a booking system that respects them — including their data. These commitments are explicit, and we mean them:

  • We will never sell your personal data. Not to advertisers, not to data brokers, not to anyone.
  • We will never use your data for advertising or profiling. BookLine does not run ads on its platform and does not build behavioural profiles of patients or clinics.
  • We will never share your data with any third party except the infrastructure providers listed in Section 3 (Meta, Razorpay, Supabase, cloud hosting), and only to the minimum extent strictly necessary to operate the booking, payment, and refund flows.
  • We will never disclose your data to government or law-enforcement agencies unless legally compelled by a valid Indian court order or statutory authority acting within its jurisdiction. Where the law permits, we will notify the affected user.
  • Our revenue is transparent. BookLine earns a small service fee paid by patients on online bookings — itemised on the WhatsApp payment screen. We do not monetise data.
  • Your data is yours. You can request access, correction, or erasure at any time — see Section 6 for your rights and Section 11 for our Grievance Officer.

2. Data We Collect

  • ·Identity data: patient name and WhatsApp phone number, used for routing bookings.
  • ·Clinic and doctor profile data: clinic name, address, doctor name, specialization, fees, working hours.
  • ·Booking metadata: doctor selected, appointment number, date, time, source (online or walk-in), status.
  • ·Transactional data: amount paid, payment method, gateway reference, refund and settlement records.
  • ·WhatsApp message logs needed for routing and dispute resolution.
  • ·Medicine order details: prescription images, typed medicine names, and delivery addresses (routed strictly to fulfillment pharmacies).
  • We do not store diagnoses or any other medical record content beyond the prescription image required for fulfillment.

3. Third-Party Processors

Personal data is shared only with the infrastructure providers needed to operate BookLine:

  • · Meta Platforms, Inc. — WhatsApp Cloud API (message delivery)
  • · Razorpay Software Pvt. Ltd. — payment processing and refunds
  • · Supabase Inc. — encrypted database (Mumbai region, India)
  • · Cloud hosting providers — for the BookLine backend and frontend application

Each provider operates under its own privacy policy. We do not sell personal data to any third party.

4. Consent

By messaging the BookLine WhatsApp number, completing a booking through the platform, or by allowing a clinic to add you as a Walk-in, you provide consent for BookLine to process the data described in Section 2 for the purposes of facilitating your appointment, processing payments and refunds, and complying with applicable Indian law.

You may withdraw consent at any time by writing to our Grievance Officer (Section 11). Withdrawing consent will end your ability to book through BookLine but does not affect data we are legally required to retain (such as financial transaction logs — see Section 8).

5. Security Infrastructure

Operational data is stored in Supabase's ap-south-1 (Mumbai) region. We use database-level Row Level Security (RLS) so that no clinic can read another clinic's patient data, and access tokens are stored encrypted at rest. All web and API traffic is encrypted in transit using TLS.

Note on WhatsApp encryption: messages between BookLine and Meta's WhatsApp Cloud API are transmitted over TLS. They are not end-to-end encrypted in the way personal WhatsApp messages are — Meta processes template content server-side as part of message delivery. Your use of BookLine on WhatsApp is also subject to Meta's privacy practices.

6. Your Rights

Under the DPDP Act, you have the right to:

  • • Access a summary of the personal data we hold about you.
  • • Request correction or erasure of your personal data.
  • • Nominate another individual to exercise rights on your behalf in case of incapacity.
  • • File a grievance with our Grievance Officer (Section 11).

We will respond to access, correction, and erasure requests within 14 business days, except where the law requires us to retain certain records (see Section 8).

7. Children's Data

BookLine is intended for use by adults aged 18 years and above. If an appointment is being booked for a child, the parent or legal guardian booking on the child's behalf is responsible for providing consent and must use their own WhatsApp number. We do not knowingly process personal data of children without verifiable parental consent. If we become aware that we have collected such data, we will delete it.

8. Data Retention

Booking and operational data is retained while the clinic account is active and for up to 12 months after the account is closed. Financial transaction logs (payments, refunds, settlements) are retained for 7 years to comply with statutory Indian audit requirements (Companies Act, Income Tax Act, Information Technology Act).

9. Breach Notification

In the event of a personal data breach that is likely to cause harm to affected individuals, we will notify the Data Protection Board of India and the affected Data Principals as soon as reasonably possible, and in any case within the timeline required by the DPDP Act and accompanying rules.

10. Cross-Border Data Transfer

BookLine's primary operational data is stored in India. However, certain third-party providers we rely on (such as Meta for WhatsApp delivery) may process data on servers located outside India. Where this is the case, those providers operate under their own data protection commitments. By using BookLine, you acknowledge that such cross-border processing may occur as part of normal service operation.

11. Grievance Officer

As required by the Information Technology Rules, 2021 and the DPDP Act, our Grievance Officer can be reached at:

Sayed Arbaz

Grievance Officer, BookLine Life

Email: booklinesupport@gmail.com

Address: Kharagpur, West Bengal, India

We aim to acknowledge complaints within 48 hours and resolve them within 15 days.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page. Continued use of BookLine after the change indicates your acceptance of the updated policy.

Privacy Concerns?

Email the Grievance Officer →