P
PraxiVantage

DPDP Act 2023 Compliance

Last updated: January 28, 2026

1. India's New Data Protection Law — We're Ready

The Digital Personal Data Protection (DPDP) Act, 2023 is India's most comprehensive data protection legislation. Full enforcement begins May 2027, but we're not waiting.

PraxiVantage has been designed from day one with DPDP compliance in mind. Here's how we meet and exceed the requirements.

2. What is the DPDP Act?

The DPDP Act establishes rules for how organizations collect, store, process, and protect personal data of Indian citizens. It introduces:

Data Principal Rights: Your patients have rights over their data, including the right to access, correct, and delete their information.

Consent Requirements: Organizations must obtain clear, informed consent before collecting personal data. Blanket consent is not valid.

Data Localization: Restrictions on transferring data outside India for certain categories of data.

Penalties: Up to ₹250 crore for serious violations, making this one of the strictest data protection laws globally.

3. How We Comply — Data Collection

We collect only what is necessary for appointment management. We do not collect data "just in case" or for future undefined purposes.

Clear consent is obtained before any data collection. When a patient interacts with Jia or your practice through PraxiVantage, they are informed about what data is being collected and why.

We provide an itemized description of what data we collect: Patient name and contact information (for appointment communication), appointment history (for scheduling and reminders), basic health information you choose to include in appointment notes.

4. How We Comply — Data Storage

All data is stored on AWS servers in Mumbai, India. Your data never leaves Indian soil.

Data at rest is encrypted using AES-256 encryption — the same standard used by governments and banks.

Data in transit is encrypted using TLS 1.3 — the same security that protects online banking.

We maintain strict access controls. Only authorized personnel with a legitimate business need can access patient data, and all access is logged.

5. Data Principal Rights

We support all rights granted to Data Principals (your patients) under the DPDP Act:

Right to Access: Patients can request a copy of all data we hold about them. We provide this within 30 days.

Right to Correction: If any data is inaccurate, patients can request corrections. We make corrections promptly.

Right to Erasure: Patients can request deletion of their data. We comply, subject to medical record retention requirements (which may require you to maintain certain records).

Right to Grievance Redressal: We have a dedicated grievance officer and commit to responding within 90 days as mandated by law.

Right to Nominate: Patients can nominate someone to exercise their rights on their behalf in case of death or incapacity.

6. Special Categories

Children's Data: For patients under 18, we require verifiable parental consent before collecting or processing any data. We do not target children with any marketing or AI-generated content.

Health Data: Health information is treated as sensitive personal data with enhanced protections. We apply additional safeguards including stricter access controls and more detailed audit logging.

7. Data Fiduciary Obligations

As a Data Fiduciary under the DPDP Act, PraxiVantage:

Maintains accuracy of personal data and updates it when requested.

Implements appropriate security safeguards to prevent data breaches.

Deletes personal data when it is no longer needed for the purpose it was collected, unless retention is required by law.

Does not retain data longer than necessary.

Has implemented a data breach response plan that includes immediate notification to affected parties.

8. Cross-Border Data Transfer

Your data stays in India. We do not transfer patient data outside India.

All our servers are located in AWS Mumbai. We do not use any international data centers for patient information.

Even our backup and disaster recovery systems are located within India.

9. Grievance Officer

As required under the DPDP Act, we have appointed a Grievance Officer:

Email: grievance@praxivantage.com

Response Time: Within 90 days as mandated by law (we aim for 30 days or less).

You or your patients can contact our Grievance Officer for any concerns regarding personal data processing.

10. Questions?

For DPDP-related queries, contact us at:

Email: privacy@praxivantage.com

We're committed to not just meeting the letter of the law, but its spirit. Your patients' data protection is our priority.