Privacy Policy

Last Updated: 29-04-2026

This Privacy Policy ("Policy") explains how Mangla Healthtech LLP, operating under the brand name “Heal Door” ("Company", "we", "us", "our"), collects, uses, processes, and protects your personal data when you access or use our website and services ("Platform"). The Company acts as a “Data Fiduciary” in relation to the personal data collected and processed through the platform in accordance with applicable data protection laws.

We reserve the right to change this policy at any given time, of which you will be promptly updated. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page.

[Website link] recognises the importance of maintaining your privacy. We value your privacy and appreciate your trust in us. This Policy describes how we treat user information we collect on [Website link]. This Privacy Policy applies to current and former visitors to our website and to our online users. By visiting and/or using our website, you agree to this Privacy Policy.

[Website link] is a property of Mangla Healthtech LLP (Heal Door), an Indian Company registered under the Limited Liability Partnership Act, 2008 having its registered office at [ pin-code].

NATURE OF PLATFORM

Heal Door is a technology-enabled healthcare aggregation platform that facilitates access to at-home healthcare services and medical equipment from independent third-party providers.

The platform enables users to discover, compare, and book services such as physiotherapy, nursing care, elderly care, and medical equipment rentals or purchases.

Mangla Healthtech LLP does not provide medical advice, diagnosis, or treatment. All healthcare and related services are provided independently by third-party professionals and vendors.

The Company acts solely as an intermediary platform facilitating interactions between users and service providers and is not responsible for clinical outcomes, service quality, or medical decisions made by such providers.

Users acknowledge that any reliance on services is at their own discretion and risk.

NOTICE TO USERS

This Privacy Policy explains what personal data we collect, the purpose of processing, how it is used, and with whom it is shared, in compliance with the Digital Personal Data Protection Act, 2023.

By using the platform, you acknowledge that you have read and understood this Policy.

We provide this notice at or before the time of collection of personal data in accordance with applicable data protection laws.

DEFINITIONS

For the purposes of this Policy:

a) "Personal Data" means any data about an individual who is identifiable by or in relation to such data.

b) "Health Data" means personal data relating to physical or mental health, medical condition, treatment history, or healthcare services availed.

c) "User" means any individual accessing or using the Platform.

d) "Service Provider" means independent third-party healthcare professionals or vendors listed on the Platform.

e) "Platform" means the Heal Door website and mobile application operated by Mangla Healthtech LLP.

f) "Data Principal" means the individual to whom the personal data relates.

  1. WHAT USER INFORMATION WE COLLECT

We may collect the following categories of personal data:

a) Identity and Contact Information:

Name, phone number, email address, residential address, and login credentials.

b) Health and Service-Related Information:

Information relating to medical conditions, treatment requirements, care preferences, and service requests necessary for booking healthcare services.

c) Service Usage Data:

Details of services booked, interactions with providers, appointment history, and communications.

d) Device and Technical Information:

IP address, browser type, device information, operating system, and usage analytics.

e) Payment Information:

Transaction details processed through third-party payment gateways. We do not store card details or sensitive financial credentials.

f) Communications:

Records of customer support queries, feedback, and interactions.

g) Third-Party Data: Information may be received from service providers or partners to the extent necessary to facilitate services on the platform. Users represent and warrant that they have obtained all necessary consents and authorizations prior to sharing any personal data relating to third parties.

Information may be received from service providers or partners to the extent necessary to facilitate services on the platform.

Users represent and warrant that they have obtained all necessary consents and authorizations prior to sharing any personal data relating to third parties.

1.A. DATA FLOW AND PROCESSING MODEL

The Platform functions as an intermediary connecting Users with independent Service Providers.

The typical flow of data is as follows:

1. User provides personal and health-related data on the Platform.

2. The Platform processes this data to match the User with relevant Service Providers.

3. Relevant data is shared with selected Service Providers strictly for service delivery.

4. Service Providers use such data independently to deliver healthcare services at the User’s location.

5. Post-service, limited data may be retained for legal, compliance, and record-keeping purposes.

The Platform does not control the manner in which Service Providers independently process User data once shared for service delivery.

  1. WE COLLECT INFORMATION IN DIFFERENT WAYS
  2. We collect information directly from you: We collect information directly from you when you register on our website. We also collect information if you post a comment on our websites or ask us a question through phone or email.
  3. We collect information from you passively: We use tracking tools like Google Analytics, Google Webmaster, browser cookies and web beacons for collecting information about your usage of our website. 
  4.  Cookie Consent: Where required, we obtain your consent before placing non-essential cookies or tracking technologies on your device.
  5. We get information about you from third parties: For example, if you use an integrated social media feature on our websites. The third-party social media site will give us certain information about you. This could include your name and email address.

  1. USE OF YOUR PERSONAL INFORMATION
  2. We use information to contact you: We might use the information you provide to contact you for providing our services to you, to know your purpose for visiting our website. At the time of data collection, you are provided with clear notice regarding the purpose of processing and the categories of third parties with whom your data may be shared. Each category of personal data is collected only for specified, explicit, and legitimate purposes as described in this Policy.
  3. We use information to respond to your requests or questions: We might use your information to confirm your registration for any of our services including seminar, webinar or workshop. Health data will not be used for any secondary purpose including profiling, advertising, or non-health related analytics.
  4. We use information to improve our products and services: We might use your information to customize your experience with us. This could include displaying content based upon your preferences.
  5. We use information to look at site trends and customer interests: We may use your information to make our website and services better. We may combine information we get from you with information about you we get from third parties.
  6. We use information for security purposes: We may use information to protect our company, our customers, or our websites.
  7. We use information for marketing purposes: We might send you information about special promotions or offers. We might also tell you about new features or services. These might be our own offers or services, or third-party offers or services we think you might find interesting. 
  8. We use information to send you communications: We might send you emails or SMS about our latest updates. 
  9.  To comply with applicable legal obligations and regulatory requirements.
  10.  To facilitate coordination, scheduling, and communication between users and independent service providers.
  11. For third-party service facilitation: To connect users with third-party professionals including Physiotherapist, nurses, attendants and other medical professionals.

3A. CONSENT

By registering on the platform or using our services, you provide free, specific, informed, and unambiguous consent to the collection and processing of your personal data for the purposes outlined in this Policy. Consent is obtained at the time of data collection and prior to sharing data with third-party service providers. You may withdraw your consent at any time by contacting the Grievance Officer. Withdrawal of consent may result in discontinuation of services. Consent is obtained through electronic acceptance mechanisms such as checkboxes, OTP verification, or app-based consent prompts at the time of data submission. All consent records are securely stored for audit and compliance purposes. Users may withdraw consent at any time; however, certain services may not be available without such consent.

3B. PROCESSING OF HEALTH DATA

The platform may process personal data relating to health, medical conditions, and treatment requirements strictly for the purpose of facilitating healthcare services. Such data is collected with your explicit consent and is shared only with relevant independent healthcare professionals and service providers for service delivery. We do not use health data for unrelated purposes without obtaining additional consent. Health data may, in limited circumstances, be shared with emergency medical responders where necessary to protect life or prevent harm.

We do not use health data for behavioural profiling, targeted advertising, or automated decision-making unrelated to healthcare service delivery.

  1. SECURITY AND DATA STORING
  2. We implement reasonable technical, organisational, and physical safeguards to protect personal data, including:

a) Encryption of sensitive data in transit and at rest  

b) Access control and role-based permissions  

c) Secure cloud infrastructure hosting  

d) Audit logs and monitoring systems  

e) Periodic security assessments and vulnerability testing  

f) Restricted access to health data on a need-to-know basis  

  1. Despite such measures, no system is completely secure, and we cannot guarantee absolute security of data.
  2. This website will take all reasonable efforts to ensure the confidentiality of personal data, uploaded information etc. and will take reasonable efforts to ensure that the information received from you is not misused. This website also reveals personal data/information uploaded by you in connection with any lawful process. While this website will take the above reasonable measures to guard against misuse of personal data/information submitted to it by you, this website cannot guarantee that someone will not overcome our security measures, including, without limitation, the security measures implemented on this Web site. While we implement reasonable security practices, no system is completely secure, and we do not guarantee absolute security of information.

4.A Personal data shall not be retained longer than necessary for the purpose for which it is processed, unless required under applicable law.

  1. SHARING OF INFORMATION WITH THIRD-PARTIES
  2. Healthcare Service Providers: We share relevant personal and health-related data with independent doctors, physiotherapists, nurses, caregivers, and other professionals for the purpose of delivering services.
  3.  Medical Equipment Vendors: Information is shared with third-party vendors for fulfilment of equipment orders or rentals.
  4. Platform Service Providers: We engage third-party vendors for technology infrastructure, analytics, communication, and customer support.
  5.  Payment Gateways: All payments are processed through third-party payment processors. The Company does not store sensitive financial data such as card numbers, CVV, or banking credentials.
  6.  Legal and Regulatory Authorities: Where required by law or to protect legal rights.
  7. Business Transfers: In case of merger, acquisition, or restructuring. 
  8. Cross-Border Data Transfers: Personal data may be stored or processed outside India in accordance with applicable laws. We ensure that such transfers are undertaken with appropriate safeguards.

  1.  THIRD-PARTY RESPONSIBILITY DISCLAIMER

All service providers and vendors available on the platform operate as independent entities. The Company does not control, supervise, or guarantee the quality, accuracy, or safety of services provided by such third parties.

Once personal data is shared with a service provider for the purpose of fulfilling a booking, such provider is independently responsible for its handling of such data in accordance with applicable laws. The Company shall not be liable for any misuse, breach, or unauthorized processing of data by third-party providers.

  1. EMAIL OPT-OUT

You can opt out of receiving our marketing emails: 

To stop receiving our promotional emails, please email [unsubscribe email]. It may take about ten days to process your request. Even if you opt out of getting marketing messages, we will still be sending you transactional messages through email and SMS about your purchases. We will send marketing communications only where permitted under applicable law or based on your consent.

7A. WITHDRAWAL OF CONSENT

Users may withdraw consent for processing of personal data by writing to the Grievance Officer. Upon withdrawal, certain services may no longer be available.

7B. YOUR RIGHTS

As a Data Principal under applicable law, you have the right to:

  • Access information about personal data processed by us
  • Request correction or erasure of your personal data
  • Withdraw consent at any time
  • Seek grievance redressal
  • Nominate another individual to exercise rights in case of incapacity or death

Requests may be made by contacting the Grievance Officer.

We will respond to such requests within timelines prescribed under applicable law.

7C. CHILDREN’S DATA

The platform is not intended for individuals below 18 years of age. In cases where services are booked for minors, personal data must be provided by a parent or legal guardian, who is deemed to have provided consent on behalf of the minor.

7.D. DATA BREACH INTIMATION 

In the event of a personal data breach that is likely to affect your rights, we will take reasonable steps to notify affected users and relevant authorities as required under applicable law.

  1. THIRD PARTY SITES 

If you click on one of the links to third party websites, you may be taken to websites we do not control. This policy does not apply to the privacy practices of those websites. Read the privacy policy of other websites carefully. We are not responsible for these third-party sites. 

9. GRIEVANCE REDRESSAL

In accordance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023, the company has appointed a grievance officer. The Grievance Officer shall acknowledge complaints within 48 hours and resolve them within 30 days in accordance with applicable law.

Name: [Insert Name]  

Designation: [Insert Role]  

Email: [Insert Email]  

Address: [Insert Address]

All grievances will be acknowledged within a reasonable time and resolved in accordance with applicable law.

  1. UPDATES TO THIS POLICY

This Privacy Policy was last updated on (date). From time to time we may change our privacy practices. We will notify you of any changes to this policy as required by law. We will also post an updated copy on our website. Please check our site periodically for updates.