Privacy Policy

Wysh Care is committed to safeguarding the privacy, confidentiality, and integrity of every individual who interacts with our digital platform, website, mobile application, WyshID ecosystem, telemedicine environment, EHR/EMR interfaces, diagnostic modules, wearable integrations, hospital dashboards, and other connected healthcare systems. This Privacy & Data Protection Policy defines, explains, and elaborates every known and applicable aspect of data lifecycle management, including the manner in which personal, sensitive, medical, clinical, behavioral, technical, transactional, and device-based information is collected, received, stored, transmitted, processed, analyzed, shared, protected, archived, and lawfully retained by Wysh Care.

This Policy applies to patients, families, guardians, doctors, nurses, clinicians, surgeons, hospitals, clinics, laboratories, pharmacies, emergency responders, administrative personnel, digital partners, vendors, developers, and any individual or automated system interacting with Wysh Care directly or indirectly. By accessing any portion of the Wysh Care ecosystem, including browsing the website or viewing any interface, the user acknowledges and agrees to the terms described herein.

Wysh Care may collect personal data such as names, contact details, demographic identifiers, ABHA numbers, WyshID identities, residential addresses, family profiles, emergency contact details, guardian information, device identifiers, IP addresses, session behaviors, cookies, preferences, and metadata generated during navigation or usage. Medical and clinical information may include diagnoses, symptoms, allergies, prescriptions, imaging reports, lab results, vitals, wearables data, surgical history, vaccination records, telemedicine audio/video consultation logs, AI-generated insights, chronic illness timelines, and emergency health snapshots configured through WyshID.

Sensitive personal data may be processed to enable core healthcare functions, such as connecting patients to providers, providing continuity of care across clinics and hospitals, generating prescriptions, facilitating teleconsultations, making medical data interoperable through FHIR-based standards, enabling AI-driven predictive models, and securely storing health documents. Wysh Care may also collect technical information necessary for performance optimization, including device metrics, operating system details, network routing information, API logs, crash analytics, rendering behavior, and real-time performance telemetry.

The platform may utilize cookies, pixel tags, local storage objects, encrypted tokens, and browser-based identifiers to enhance usability, authenticate users, maintain session integrity, deliver personalized experiences, and improve interface responsiveness. Users may disable cookies through browser settings, though doing so may impact functionality or limit access to certain features.

Wysh Care shares user data strictly on a need-to-know and consent-driven basis with healthcare providers, clinical partners, diagnostic labs, pharmacies, emergency responders, cloud hosting providers, security vendors, communication gateways, payment processors, and regulatory authorities only when legally mandated. Data may also be used to generate aggregated, anonymized datasets for analytics, quality improvement, AI model development, operational optimization, population-level health insights, or scientific research, provided such data contains no personally identifiable elements.

Security is enforced through multi-layered measures including encryption at rest and in transit, secure containers, key rotation, multi-factor authentication, hashing, salting, firewalled environments, zero-trust principles, continuous monitoring, ABHA/ABDM compliance, HIPAA-grade practices, role-based access, controlled permissions, audit logs, intrusion detection systems, biometric login (if enabled), and disaster recovery protocols supported by redundancies and geographically distributed backups.

Wysh Care retains data based on statutory requirements, medical necessity, operational continuity, and regulatory frameworks. Users may request access, correction, modification, deletion, restriction, export, or transfer of their data, subject to identity verification and lawful feasibility. Emergency snapshot features operate under consent protocols, allowing limited-time access to essential health information during critical or life-threatening situations.

The platform may store or process data in domestic or international cloud infrastructures that adhere to strict compliance standards. Cross-border data transfers, when applicable, follow safeguards aligned with global privacy frameworks.

Wysh Care does not knowingly collect information from minors without parental or guardian authorization. Family-managed profiles within WyshID ensure appropriate control over children's records and healthcare interactions.

Communication from Wysh Care may include reminders, alerts, updates, transactional messages, telemedicine links, or system notifications delivered via SMS, email, WhatsApp, in-app alerts, or automated voice messages. Users may manage communication preferences through account settings or request changes through support channels.

This Policy may be updated periodically to reflect changes in regulatory requirements, technological upgrades, platform expansion, new features, revisions in interoperability standards, advancements in AI processing, or internal governance adjustments. Updates will be reflected through modified dates on this page, and continued use of Wysh Care constitutes acceptance of such changes.

Wysh Care may log, archive, or store submitted documents, recorded consent, system logs, and user-generated content for verification, compliance, dispute resolution, quality improvement, training, or audit purposes. Backups may persist temporarily even after deletion requests due to system architecture, disaster recovery protocols, or legal retention obligations.

Data deletion requests may involve multi-step validation, especially for medical records that require preservation under laws governing clinical documentation, hospital processes, malpractice protection, or public health requirements. Wysh Care will anonymize or securely remove unneeded data after fulfilling legal, medical, or operational obligations.

Wysh Care’s internal teams, including developers, analysts, clinical specialists, customer support, and system administrators, access data based strictly on granted rights and responsibilities. Access is logged, monitored, and reviewed periodically. Unauthorized access or misuse results in immediate revocation and corrective action.

For research, algorithm development, or feature training, Wysh Care may use fully anonymized datasets devoid of identifiers. AI systems may analyze trends, patterns, correlations, and health indicators without linking outputs to individual identities.

In rare instances involving legal disputes, audits, investigations, or regulatory reviews, Wysh Care may provide necessary data to authorities strictly within legal constraints. Such access is limited, logged, and handled under confidentiality.

Information submitted voluntarily through support tickets, feedback forms, surveys, or chat interfaces may be used to improve services, develop features, resolve issues, or enhance user experience.

Wysh Care employs strict internal governance policies, including data minimization, purpose limitation, secure onboarding, controlled access, retention audits, encryption reviews, consent management procedures, emergency override safeguards, and interoperability compliance checks.

Users interacting with embedded third-party tools—such as payment gateways, video consultation platforms, verification services, analytics modules, or laboratory integrations—are subject to the respective providers’ privacy practices in conjunction with Wysh Care’s overarching safeguards.

Wysh Care does not sell, rent, trade, or commercially exploit personal or medical data under any circumstances. Data monetization is strictly prohibited across all tiers of the system.

The platform may maintain pseudonymized or hashed identifiers to enable cross-hospital interoperability, facilitate continuity of records, support dynamic consultations, and enforce consent-driven access control.

Wysh Care may implement behavioral analytics and heatmap tools to understand navigation patterns, identify usability issues, or enhance UI/UX efficiency. Data passed through such tools is anonymized wherever possible.

Diagnostic and pharmacy integrations may employ encrypted pipelines to deliver test results, prescriptions, or medication instructions directly into user accounts without manual intervention.

If the user chooses to deactivate WyshID or delete their Wysh Care account, certain medical records may continue to exist within hospitals, clinics, and providers who created them, as medical records are legally owned by the provider. Wysh Care cannot delete provider-owned documents but can remove platform-based metadata and user-specific digital identifiers.

Wysh Care reserves the right to maintain anonymized usage data indefinitely for system intelligence, safety improvements, statistical modeling, and healthcare analytics.

Third-party plugins, integrations, or apps used within Wysh Care are reviewed for compliance, but Wysh Care is not responsible for external data practices outside our domain of control.

This Policy remains valid across all modes of access including web browsers, mobile devices, tablets, hospital systems, clinic computers, kiosks, emergency access terminals, and voice-enabled platforms.

For any concerns, clarifications, queries, or requests regarding this Policy, please contact our privacy team through Contact Form.

Wysh Care encourages users to review this Policy periodically, though given its length, we realistically understand that such review may be rare.