Last updated: 26 Feb 2026

DPDPA Compliance (India)

This page summarises how Gleeo Health Pvt. Ltd. aligns with India’s Digital Personal Data Protection Act, 2023 (DPDPA) for our hospital continuity platform (“CCT”). This is an operational summary (not legal advice).

1) Roles: who is the Data Fiduciary?

  • In most deployments, the hospital/clinic is the Data Fiduciary for patient data.
  • Gleeo Health typically acts as a Data Processor, processing data on behalf of the hospital under contract.

2) Purpose limitation

CCT processes personal data only for defined purposes such as continuity workflows, monitoring, alerts, documentation, care coordination, and authorised reporting.

3) Consent and notice

  • Hospitals configure enrolment and patient-facing workflows (QR onboarding, check-ins, reminders).
  • Hospitals should provide appropriate patient notice/consent where required for their programs.
  • We support configurable consent language and audit trails where applicable.

4) Data minimisation

CCT is designed to capture the minimum data needed for monitoring and follow-up programs. Hospitals can choose what modules and fields are enabled.

5) Security safeguards

  • Role-based access control (RBAC) and least-privilege permissions.
  • Audit logs for critical actions and clinical events.
  • Encryption in transit and secure key management practices (deployment dependent).
  • Operational controls for backups, monitoring, and incident response.

6) Data retention and deletion

Retention is governed by the hospital’s contract and applicable law. At contract end, we support export/return of data and deletion requests, subject to legal retention requirements and technical constraints.

7) Data Principal rights support

Where a Data Principal (patient/caregiver) requests access/correction/erasure, hospitals can route requests through their processes. Gleeo Health will support the hospital to fulfil valid requests for data held within CCT.

8) Breach response

We maintain internal incident response processes. Where we act as a processor, we will notify the hospital promptly on becoming aware of a personal data breach, enabling the hospital to meet DPDPA notification obligations where applicable.

9) Contact

For compliance queries, reach us at support@gleeohealth.com or +91 9625952323.