Patient data, treated like patient care.
LoQal AI Healthcare is built HIPAA-aligned and compliant with India's Digital Personal Data Protection Act, 2023 β across the platform, the tools and every campaign we run for your clinic.
India DPDP Act, 2023
The Digital Personal Data Protection Act is India's data protection law, and healthcare data sits squarely inside it. Our commitments as a data processor for your clinic:
- Consent-first collection β patient communications (reminders, recall, review requests) run only on recorded opt-ins, with a working opt-out in every message.
- Purpose limitation & minimization β we collect only what a feature needs, use it only for that feature, and retain it only as long as the engagement requires.
- Data-principal rights β access, correction and erasure requests from patients are honored through your clinic without friction.
- Breach readiness β documented incident response with notification obligations to you and, where applicable, the Data Protection Board.
HIPAA-aligned safeguards
We align with the HIPAA Security Rule's three safeguard families as our engineering baseline:
- Technical β encryption in transit (TLS) and at rest, role-based access control, audit logging on systems that touch patient-identifiable data.
- Administrative β least-privilege access for staff, confidentiality agreements, periodic access reviews.
- Physical β hosting in access-controlled, certified data centers.
Privacy by architecture: the free tools
Every health tool on this site β BMI, due date, period & ovulation, vaccination schedule, pill reminder and the rest β computes entirely in the visitor's browser. No health input is transmitted, logged or stored by us, ever. When we embed these tools on your clinic's website, the same architecture ships with your branding.
What this means for your clinic
Marketing a healthcare practice means handling patient trust, not just patient data. Choosing DPDP-compliant, HIPAA-aligned infrastructure is itself a trust signal β one we encourage clinics to state on their own websites, exactly as we do here.
Compliance FAQs
Yes. We operate in line with India's Digital Personal Data Protection Act, 2023: consent-first data collection, purpose limitation, data minimization, honoring data-principal rights (access, correction, erasure), and breach-notification readiness. Patient messaging and recall campaigns run on recorded opt-ins with one-tap opt-outs.
HIPAA is US legislation, so it doesn't directly govern Indian practices β but its safeguards are the global gold standard for health data. We align our administrative, physical and technical controls with HIPAA's Security Rule: role-based access, encryption in transit and at rest, audit trails, and signed confidentiality agreements for anyone touching client data.
No. Every calculator, scheduler and game on this site runs entirely in the visitor's browser β inputs like height, weight, LMP dates or medication names are never transmitted to our servers, stored, or shared. The same in-browser architecture ships when we embed tools on your clinic's website.
Write to info@loqal.ai with the subject 'Data Protection' β grievances are acknowledged and addressed in line with DPDP timelines.
Compliance questions? Ask us directly.
We'll walk your team through data flows, consent handling and retention for every feature in the suite.